Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

panda scan...need help..

This is a discussion on panda scan...need help.. within the Resolved HJT Threads forums, part of the Tech Support Forum category. here is a copy of my panda scan:


 
 
Thread Tools Search this Thread
Old 10-13-2006, 02:57 PM   #1
Guest
 
Join Date: Oct 2006
Posts: 25
OS:



here is a copy of my panda scan:
Attached Files
File Type: txt Activescan-panda.txt (74.4 KB, 40 views)
bonbliss is offline  
Sponsored Links
Advertisement
 
Old 10-13-2006, 08:53 PM   #2
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,403
OS: XP Pro SP3


Please download, update and run (one at a time of course!) Spybot Search & Destroy v1.4 and Ad-aware SE v1.06 . Fix whatever they suggest.

If you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer:

Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer.

Anti-trojan
Please download, update and run the A2 (A squared) anti-trojan. Let it fix whatever it wants to.

Anti-virus
Also, run this pc through the...
Panda Online virus scanner
or
Trend Micro Housecall Online virus scanner

Let it delete whatever it finds. If it cannot delete it, then post the log and we will delete it manually.


=============================================

Please download the trial version of Ewido/AVG Anti-Spyware 7.5
here:
https://www.ewido.net/en/download/
Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
https://www.pchell.com/support/safemode.shtml


Once in Safe Mode, please run Ewido, and run a full scan. During the scan it will prompt you to clean files, click OK.
Save the logfile from the scan.

Reboot normally after doing the above, rescan with hijackthis, then post that log here please, along with the log from Ewido.

==============================


Please download HijackThis. It will create a directory folder for you in C\Program files. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required).
Pancake is offline  
Old 10-14-2006, 08:23 PM   #3
Guest
 
Join Date: Oct 2006
Posts: 25
OS:


which a2 should i download??? a2 anti malware free 30 day trial? a2 free 2.0, a2 command line scanner, a2 hijack free???

i already have avs and mcafee ... i dont know how many anti virus things is good to have on all the time at once...(that is another question i have)

thanks pancake!!

bon
bonbliss is offline  
Sponsored Links
Advertisement
 
Old 10-14-2006, 10:08 PM   #4
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,403
OS: XP Pro SP3


Any one of those will be fine.You can remove it when your are done.Its just a way to get a ,sort of, second opinion on a cleanup
Pancake is offline  
Old 10-20-2006, 06:45 PM   #5
Guest
 
Join Date: Oct 2006
Posts: 25
OS:


hi! well...i downloaded the a2 and this is what it says...oh my...i have no idea what to do with this info...is there any way you would tell me what to do?? can you read it ok??

let me know....

https://analyze.hijackfree.com/analyz...2-29872bb4b0da

(maybe the above link will work to show you better???)

a-squared HiJackFree Analysisa-squared
a-squared HiJackFree Analysis
www.hijackfree.com

Version info: Result ToDo
Your used version of a-squared HiJackFree: 2.0.0.690
The current version of a-squared HiJackFree: 2.0.0.429

Your used operating system version: Windows XP Service Pack 2
The current version of your operating system: Windows XP Service Pack 2

Registry Autoruns: Result ToDo
Name: NvCplDaemon
Path: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: QuickTime Task
Path: C:\Program Files\QuickTime\qttask.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 3 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: MMTray
Path: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 0
View Details
Name: Windows Defender
Path: C:\Program Files\Windows Defender\MSASCui.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: SunJavaUpdateSched
Path: C:\Program Files\Java\jre1.6.0\bin\jusched.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 2 - Bad: 3
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: TkBellExe
Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 5 - Bad: 4
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: !AVG Anti-Spyware
Path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Name: MSMSGS
Path: "C:\Program Files\Messenger\msmsgs.exe"
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 11
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: MsnMsgr
Path: "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 7
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: Yahoo! Pager
Path: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
Location: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Good: 1 - Bad: 0
View Details
Tricky and Other Autoruns: Result ToDo
Name: NUL
Path: n
Location: wininit.ini
Not checked Unknown Item
Search at Google
Name: NU
Path: C:\DOCUME~1\BONNIE\LOCALS~1\Temp\P_4729.exe
Location: wininit.ini
Not checked Unknown Item
Search at Google
Name: NU
Path: C:\DOCUME~1\BONNIE\LOCALS~1\Temp\P_4729.exe
Location: wininit.ini
Not checked Unknown Item
Search at Google
Name: NU
Path: C:\DOCUME~1\BONNIE\LOCALS~1\Temp\P_4729.exe
Location: wininit.ini
Not checked Unknown Item
Search at Google
Name: NU
Path: C:\DOCUME~1\BONNIE\LOCALS~1\Temp\P_4729.exe
Location: wininit.ini
Not checked Unknown Item
Search at Google
Name: NU
Path: C:\DOCUME~1\BONNIE\LOCALS~1\Temp\P_4729.exe
Location: wininit.ini
Not checked Unknown Item
Search at Google
Name: NU
Path: C:\DOCUME~1\BONNIE\LOCALS~1\Temp\P_4729.exe
Location: wininit.ini
Not checked Unknown Item
Search at Google
Name: NU
Path: C:\DOCUME~1\BONNIE\LOCALS~1\Temp\P_4729.exe
Location: wininit.ini
Not checked Unknown Item
Search at Google
Name: SET BLASTER
Path: A220 I5 D1 P330 T3
Location: autoexec.nt
Not checked Unknown Item
Search at Google
Name: dos
Path: high, umb
Location: config.nt
Not checked Unknown Item
Search at Google
Name: device
Path: %SystemRoot%\system32\himem.sys
Location: config.nt
Not checked Unknown Item
Search at Google
Name: files
Path: 40
Location: config.nt
Not checked Unknown Item
Search at Google
Name: Adobe Gamma Loader.exe
Path:
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Not checked Unknown Item
Search at Google
Name: McDefragTask
Path:
Location: C:\WINDOWS\tasks\
Not checked Unknown Item
Search at Google
Name: McQcTask
Path:
Location: C:\WINDOWS\tasks\
Not checked Unknown Item
Search at Google
Name: MP Scheduled Scan
Path:
Location: C:\WINDOWS\tasks\
Not checked Unknown Item
Search at Google
Name: SA
Path:
Location: C:\WINDOWS\tasks\
Not checked Unknown Item
Search at Google
Name: Shell
Path: explorer.exe
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Not checked Unknown Item
Search at Google
Name: $GT;{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: C:\WINDOWS\inf\unregmp2.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: $GT;{26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: $GT;{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: $GT;{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
Path: C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Path: C:\WINDOWS\system32\regsvr32.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "C:\Program Files\Outlook Express\setup50.exe"
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {44BBA842-CC51-11CF-AAFA-00AA00B6015B}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {4b218e3e-bc98-4770-93d3-2731b9329278}
Path: C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 C:\WINDOWS\inf\ie.inf
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {5945c046-1e7d-11d1-bc44-00c04fd912be}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "C:\Program Files\Outlook Express\setup50.exe"
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\WINDOWS\system32\ie4uinit.exe
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: {89B4C1CD-B018-4511-B0A1-5476DBF70820}
Path: C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
Location: HKLM\Software\Microsoft\Active Setup\Installed Components\
Not checked Unknown Item
Search at Google
Name: VBScript Script File
Path: C:\WINDOWS\System32\WScript.exe "%1" %*
Location: HKEY_CLASSES_ROOT\vbsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: VBScript Encoded Script File
Path: C:\WINDOWS\System32\WScript.exe "%1" %*
Location: HKEY_CLASSES_ROOT\vbefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: JScript Script File
Path: C:\WINDOWS\System32\WScript.exe "%1" %*
Location: HKEY_CLASSES_ROOT\jsfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: JScript Encoded Script File
Path: C:\WINDOWS\System32\WScript.exe "%1" %*
Location: HKEY_CLASSES_ROOT\jsefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Windows Script Host Settings File
Path: C:\WINDOWS\System32\WScript.exe "%1" %*
Location: HKEY_CLASSES_ROOT\wshfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Windows Script File
Path: C:\WINDOWS\System32\WScript.exe "%1" %*
Location: HKEY_CLASSES_ROOT\wsffile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Application
Path: "%1" %*
Location: HKEY_CLASSES_ROOT\exefile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: MS-DOS Application
Path: "%1" %*
Location: HKEY_CLASSES_ROOT\comfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: MS-DOS Batch File
Path: "%1" %*
Location: HKEY_CLASSES_ROOT\batfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Screen Saver
Path: "%1"
Location: HKEY_CLASSES_ROOT\scrfile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: Shortcut to MS-DOS Program
Path: "%1" %*
Location: HKEY_CLASSES_ROOT\piffile\shell\open\command\
Not checked Unknown Item
Search at Google
Name: SCRNSAVE.EXE
Path: C:\WINDOWS\SYSTEM32\SSPIPES.SCR
Location: HKCU\Control Panel\Desktop\
Not checked Unknown Item
Search at Google
Name: PostBootReminder
Path: C:\WINDOWS\system32\SHELL32.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Name: CDBurn
Path: C:\WINDOWS\system32\SHELL32.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Name: WebCheck
Path: C:\WINDOWS\System32\webcheck.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Name: SysTray
Path: C:\WINDOWS\System32\stobject.dll
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Not checked Unknown Item
Search at Google
Layered Service Providers (LSP): Result ToDo
Name: mswsock.dll
Path: %SystemRoot%\system32\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Name: rsvpsp.dll
Path: %SystemRoot%\system32\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 1 - Bad: 0
View Details
Name: VetRedir.dll
Path: C:\WINDOWS\System32\
Location: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Good: 0 - Bad: 0
Unknown Item
Search at Google
Explorer And Browser Addons: Result ToDo
Name:
Path:
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: SOFTWARE
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: AcroIEHlprObj Class
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Good: 1 - Bad: 0
View Details
Name:
Path: C:\Program Files\SiteAdvisor\SiteAdv.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {089FD14D-132B-48FC-8861-0048AE113215}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name:
Path: C:\Program Files\CSBB\CSBB.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {2CFCA565-B346-46ED-A455-A398ACA740E1}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: UberButton Class
Path: C:\Program Files\Yahoo!\Common\yiesrvc.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: YahooTaggedBM Class
Path: C:\Program Files\Yahoo!\Common\YIeTagBm.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {65D886A2-7CA7-479B-BB95-14D1EFB7946A}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name:
Path: C:\Program Files\CSBB\CSBB.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {754CC255-0870-4CBC-AB2E-7365CF6D1180}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0\bin\ssv.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: scriptproxy
Path: c:\program files\mcafee\virusscan\scriptsn.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: ST
Path: C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: MSNToolBandBHO
Path: C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name:
Path: C:\Program Files\CSBB\CSBB.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {D3DDDA82-11CD-4044-87F7-BA3A3A8D44F0}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: SidebarAutoLaunch Class
Path: C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ClsID: {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: URL Exec Hook
Path: shell32.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
ClsID: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: Microsoft AntiMalware ShellExecuteHook
Path: C:\Program Files\WINDOW~4\MpShHook.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
ClsID: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Name: CShellExecuteHookImpl Object
Path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
ClsID: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Good: 0 - Bad: 0
Unknown Item
Search at Google
Local Open Ports: Result ToDo
Port: 135 TCP
Path: C:\WINDOWS\system32\svchost.exe (Process ID: 1076)
Good: 1 - Bad: 0
View Details
Port: 139 TCP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 445 TCP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 1025 TCP
Path: C:\WINDOWS\system32\LEXPPS.EXE (Process ID: 1808)
Good: 1 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Port: 1026 TCP
Path: C:\Program Files\Yahoo!\Antivirus\ISafe.exe (Process ID: 192)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1027 TCP
Path: C:\Program Files\Yahoo!\Antivirus\ISafe.exe (Process ID: 192)
Good: 1 - Bad: 0
View Details
Port: 1028 TCP
Path: C:\Program Files\Yahoo!\Antivirus\ISafe.exe (Process ID: 192)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1031 TCP
Path: C:\Program Files\Yahoo!\Antivirus\VetMsg.exe (Process ID: 2784)
Good: 1 - Bad: 0
View Details
Port: 1032 TCP
Path: C:\Program Files\Yahoo!\Antivirus\VetMsg.exe (Process ID: 2784)
Good: 1 - Bad: 0
View Details
Port: 6646 TCP
Path: c:\program files\common files\mcafee\mna\mcnasvc.exe (Process ID: 1392)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 123 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1216)
Good: 1 - Bad: 0
View Details
Port: 137 UDP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 138 UDP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 445 UDP
Path: system (Process ID: 4)
Good: 1 - Bad: 0
View Details
Port: 500 UDP
Path: C:\WINDOWS\system32\lsass.exe (Process ID: 848)
Good: 1 - Bad: 0
View Details
Port: 1029 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1348)
Good: 1 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Port: 1049 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1348)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1161 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1348)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 1900 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1488)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 2835 UDP
Path: C:\Program Files\Yahoo!\browser\ybrowser.exe (Process ID: 2732)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 2973 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1348)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 3107 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1348)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 3136 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1348)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 3157 UDP
Path: C:\WINDOWS\System32\svchost.exe (Process ID: 1348)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 4500 UDP
Path: C:\WINDOWS\system32\lsass.exe (Process ID: 848)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Port: 6646 UDP
Path: c:\program files\common files\mcafee\mna\mcnasvc.exe (Process ID: 1392)
Good: 0 - Bad: 0
Unknown Item
Search at Google
Running Processes: Result ToDo
Name: [System Process]
Process ID: 0
Path:
Info: Threads: 1 - Priority: N/A - Visible: No
Good: 1 - Bad: 0
View Details
Name: System
Process ID: 4
Path:
Info: Threads: 72 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: guard.exe
Process ID: 184
Path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Info: Threads: 8 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: iSafe.exe
Process ID: 192
Path: C:\Program Files\Yahoo!\Antivirus\ISafe.exe
Info: Threads: 6 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: cisvc.exe
Process ID: 224
Path: C:\WINDOWS\system32\cisvc.exe
Info: Threads: 13 - Priority: Normal - Visible: No
Good: 2 - Bad: 0
View Details
Name: avgas.exe
Process ID: 264
Path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
Info: Threads: 16 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: Runservice.exe
Process ID: 320
Path: C:\WINDOWS\runservice.exe
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: HWAPI.exe
Process ID: 420
Path: C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
Info: Threads: 7 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: MpfSrv.exe
Process ID: 436
Path: C:\Program Files\McAfee\MPF\MPFSrv.exe
Info: Threads: 17 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: qttask.exe
Process ID: 528
Path: C:\Program Files\QuickTime\qttask.exe
Info: Threads: 5 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: mm_tray.exe
Process ID: 548
Path: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: mclogsrv.exe
Process ID: 556
Path: C:\Program Files\McAfee\MSC\mclogsrv.exe
Info: Threads: 8 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: MSASCui.exe
Process ID: 576
Path: C:\Program Files\Windows Defender\MSASCui.exe
Info: Threads: 18 - Priority: Normal - Visible: No
Good: 2 - Bad: 0
View Details
Name: jusched.exe
Process ID: 588
Path: C:\Program Files\Java\jre1.6.0\bin\jusched.exe
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 2 - Bad: 0
View Details
Name: ycommon.exe
Process ID: 600
Path: C:\Program Files\Yahoo!\browser\ycommon.exe
Info: Threads: 9 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: smss.exe
Process ID: 608
Path: C:\WINDOWS\System32\smss.exe
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: msnmsgr.exe
Process ID: 636
Path: C:\Program Files\MSN Messenger\MsnMsgr.Exe
Info: Threads: 2 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: csrss.exe
Process ID: 656
Path: C:\WINDOWS\system32\csrss.exe
Info: Threads: 20 - Priority: Normal - Visible: No
Good: 1 - Bad: 3
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: mcupdmgr.exe
Process ID: 676
Path: C:\Program Files\McAfee\MSC\mcupdmgr.exe
Info: Threads: 7 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: winlogon.exe
Process ID: 792
Path: C:\WINDOWS\system32\winlogon.exe
Info: Threads: 16 - Priority: High - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: services.exe
Process ID: 836
Path: C:\WINDOWS\system32\services.exe
Info: Threads: 15 - Priority: Normal - Visible: No
Good: 1 - Bad: 3
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: lsass.exe
Process ID: 848
Path: C:\WINDOWS\system32\lsass.exe
Info: Threads: 18 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: mcods.exe
Process ID: 884
Path: C:\Program Files\McAfee\VIRUSS~1\mcods.exe
Info: Threads: 11 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: svchost.exe
Process ID: 996
Path: C:\WINDOWS\system32\svchost.exe
Info: Threads: 18 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 1076
Path: C:\WINDOWS\system32\svchost.exe
Info: Threads: 11 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: MsMpEng.exe
Process ID: 1168
Path: C:\Program Files\Windows Defender\MsMpEng.exe
Info: Threads: 14 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 1216
Path: C:\WINDOWS\System32\svchost.exe
Info: Threads: 70 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: svchost.exe
Process ID: 1348
Path: C:\WINDOWS\System32\svchost.exe
Info: Threads: 6 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: McNASvc.exe
Process ID: 1392
Path: c:\program files\common files\mcafee\mna\mcnasvc.exe
Info: Threads: 9 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: Ymsgr_tray.exe
Process ID: 1404
Path: C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
Info: Threads: 1 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: svchost.exe
Process ID: 1488
Path: C:\WINDOWS\System32\svchost.exe
Info: Threads: 13 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: mcupdui.exe
Process ID: 1560
Path: c:\program files\mcafee\msc\mcupdui.exe
Info: Threads: 5 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: mcpromgr.exe
Process ID: 1676
Path: C:\Program Files\McAfee\MSC\mcpromgr.exe
Info: Threads: 12 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: LexBceS.exe
Process ID: 1748
Path: C:\WINDOWS\system32\LEXBCES.EXE
Info: Threads: 8 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: explorer.exe
Process ID: 1804
Path: C:\WINDOWS\Explorer.EXE
Info: Threads: 14 - Priority: Normal - Visible: No
Good: 2 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: Lexpps.exe
Process ID: 1808
Path: C:\WINDOWS\system32\LEXPPS.EXE
Info: Threads: 10 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: spoolsv.exe
Process ID: 1820
Path: C:\WINDOWS\system32\spoolsv.exe
Info: Threads: 15 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: RedirSvc.exe
Process ID: 1900
Path: c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
Info: Threads: 8 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: Mcshield.exe
Process ID: 1940
Path: C:\Program Files\McAfee\VIRUSS~1\mcshield.exe
Info: Threads: 26 - Priority: High - Visible: No
Good: 1 - Bad: 0
View Details
Name: mcsysmon.exe
Process ID: 2076
Path: C:\Program Files\McAfee\VIRUSS~1\mcsysmon.exe
Info: Threads: 19 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: mctskshd.exe
Process ID: 2148
Path: C:\Program Files\McAfee\MSC\mctskshd.exe
Info: Threads: 5 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: ybrwicon.exe
Process ID: 2180
Path: C:\Program Files\Yahoo!\browser\ybrwicon.exe
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: mcusrmgr.exe
Process ID: 2244
Path: C:\Program Files\McAfee\MSC\mcusrmgr.exe
Info: Threads: 5 - Priority: Normal - Visible: No
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: mcagent.exe
Process ID: 2252
Path: C:\Program Files\mcafee.com\agent\mcagent.exe
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: nvsvc32.exe
Process ID: 2568
Path: C:\WINDOWS\System32\nvsvc32.exe
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: a2hijackfree.exe (a-squared HiJackFree)
Process ID: 2636
Path: C:\Program Files\a-squared HiJackFree\a2hijackfree.exe
Info: Threads: 3 - Priority: Normal - Visible: Yes
Good: 1 - Bad: 0
View Details
Name: svchost.exe
Process ID: 2668
Path: C:\WINDOWS\System32\svchost.exe
Info: Threads: 5 - Priority: Normal - Visible: No
Good: 1 - Bad: 2
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: ybrowser.exe (a-squared Anti-Malware (a2) Download - Free Downloads of the Trial- and Freeware-Versions)
Process ID: 2732
Path: C:\Program Files\Yahoo!\browser\ybrowser.exe
Info: Threads: 24 - Priority: Normal - Visible: Yes
Good: 0 - Bad: 0
Unknown Item
Search at Google
Submit new process info
Name: VetMsg.exe
Process ID: 2784
Path: C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
Info: Threads: 7 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: realsched.exe
Process ID: 3016
Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Info: Threads: 4 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: CIDAEMON.EXE
Process ID: 3136
Path: C:\WINDOWS\system32\cidaemon.exe
Info: Threads: 2 - Priority: Idle - Visible: No
Good: 1 - Bad: 0
View Details
Name: wuauclt.exe
Process ID: 3208
Path: C:\WINDOWS\system32\wuauclt.exe
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 1 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
Name: mcvsshld.exe
Process ID: 3308
Path: c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
Info: Threads: 6 - Priority: Normal - Visible: No
Good: 1 - Bad: 0
View Details
Name: CIDAEMON.EXE
Process ID: 3540
Path: C:\WINDOWS\system32\cidaemon.exe
Info: Threads: 2 - Priority: Idle - Visible: No
Good: 1 - Bad: 0
View Details
Name: alg.exe
Process ID: 3704
Path: C:\WINDOWS\System32\alg.exe
Info: Threads: 3 - Priority: Normal - Visible: No
Good: 1 - Bad: 1
View Details Requires Attention!
Compare details with your local values
and/or search at Google
This analysis is saved and available for at least 7 days at this website address.
bonbliss is offline  
Old 10-20-2006, 07:10 PM   #6
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,403
OS: XP Pro SP3


Can you run and post a HJT log please..
Pancake is offline  
Old 10-20-2006, 07:29 PM   #7
Guest
 
Join Date: Oct 2006
Posts: 25
OS:


Logfile of HijackThis v1.99.1
Scan saved at 7:28:15 PM, on 10/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\mcafee\msc\mcupdui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\HijackThis 1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?Link...oo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {2CFCA565-B346-46ED-A455-A398ACA740E1} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {754CC255-0870-4CBC-AB2E-7365CF6D1180} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {D3DDDA82-11CD-4044-87F7-BA3A3A8D44F0} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Shorten URL - https://www.cjb.net/menuext.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 4.0.0.300 - https://63.102.226.240:8000/Java/cfs40300.cab
O16 - DPF: DigiChat Applet - https://palatka.digi-net.com/DigiChat...IE_5_1_0_1.cab
O16 - DPF: ppctlcab - https://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Squelchies by pogo - https://squelchies.pogo.com/applet-5....-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - https://klondike.pogo.com/applet-5.9....-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 - https://download.games.yahoo.com/game...s/y/poth_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - https://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - https://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - https://www.play.net/components/activex/AXSAL.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - https://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - https://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
bonbliss is offline  
Old 10-20-2006, 07:31 PM   #8
Guest
 
Join Date: Oct 2006
Posts: 25
OS:


also...i cant get my javascript to work...i dont know if any of this would have anything to do with it...

but you might want to look at the link for the a squared thing above...the link has the color coded problems and everything...if you want...

thanks!!!

bon
bonbliss is offline  
Old 10-20-2006, 08:04 PM   #9
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,403
OS: XP Pro SP3


I see you are running two virus scanner.Two can cause problems.Its bets to use just one.


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {2CFCA565-B346-46ED-A455-A398ACA740E1} - C:\Program Files\CSBB\CSBB.dll (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)


C:\Program Files\ CSBB <======= delete this folder

Reboot.......


Please download ATF Cleaner by Atribune
https://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop.

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.



It is very important to keep Sun Java up to date to help avoid exploitation by malware .
The current version is Java Runtime Environment (JRE) 5.0 Update 9
Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.
Remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
Click the link to download the Windows (Offline Installation) package: Save it, do not run it. When the download is complete, close the browser.
Proceed with reinstalling Java. Reboot.


Post a new log when done....
Pancake is offline  
Old 10-21-2006, 04:21 PM   #10
Guest
 
Join Date: Oct 2006
Posts: 25
OS:


well, i got to that part about deleting the csbb folder...and all the things that have csbb in the name are like this:

csbb_checks c:\Program Files\Yahoo\YPSR\Quarantine\ppq2E.tmp

(this is an example...i cant paste the search list for some reason...there are 17 of these, all different...(csbb_dictionary, csbb_mpu_mirrors...etc)

i dont know if there is a way to show them to you...

should i delete all of them like that???

they dont come up in one folder i dont think....

thanks!!!

bon
bonbliss is offline  
Old 10-21-2006, 05:31 PM   #11
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,403
OS: XP Pro SP3


Just remove the folder. If you wish to clean out all the dead files you can consult this site :

https://www.spywareremove.com/removeClearSearch.html
Pancake is offline  
Old 10-21-2006, 05:47 PM   #12
Guest
 
Join Date: Oct 2006
Posts: 25
OS:


there is not just one folder that i can tell...

i am going to try the spyhunter...

in the meantime...i am trying to find the java folders...i searched for java in all files and there are soooo many...i have no idea which ones i should delete...is there a way i can copy the search so you can see it??? or is there something else i should do to show you what java stuff i have....

thanks!!!

***also...i am running the spyhunter...should i have it fix all the problems???
will this mess up my computer in any way if i have them fix all???
i will keep it up until i hear back...or if you need a copy of what it found let me know how to paste it...
bonbliss is offline  
Old 10-21-2006, 06:02 PM   #13
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,403
OS: XP Pro SP3


Yes,you can get it to fix all it finds....

This will show you how to do a copy of your search....
https://www.entity.cc/ICONS/print-screen.php
Pancake is offline  
Old 10-21-2006, 06:58 PM   #14
Guest
 
Join Date: Oct 2006
Posts: 25
OS:


i am sorry...i am really not good at this...i tried to do what the link said...i copied it into wordperfect...it only got part of the page, and when i tried to attach it..it said that is was invalid....i dont know what to do...the search for java is soooo long (318 files found)...

another thing...on spyhunter when i check all the boxes to fix...it wants me to pay....is this what you are wanting?? i thought all the things were free???
bonbliss is offline  
Old 10-21-2006, 07:13 PM   #15
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,403
OS: XP Pro SP3


Have you updated you Java as I suggested ?
Pancake is offline  
Old 10-21-2006, 07:17 PM   #16
Guest
 
Join Date: Oct 2006
Posts: 25
OS:


i have not deleted any java files...i cant tell which ones to delete...as my previous post says..i have soooo many...i have no idea how to show them to you...(see previous post)

and what do i do about the spyhunter??? do you want me to pay for it???
is it worth it??
bonbliss is offline  
Old 10-21-2006, 09:24 PM   #17
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,403
OS: XP Pro SP3


No do not pay for it....Run a scan with Ewido post its log and a new HJT log.
Pancake is offline  
Old 10-21-2006, 10:15 PM   #18
Guest
 
Join Date: Oct 2006
Posts: 25
OS:


is ewido and avg the same thing??

and what about the java thing? i dont know how to show you all the items...there are 318 of them when i search for "java"....
i know there is something like print page and then run something...i dont remember..i tried to find it on here...but i could not...

thanks!!!! you are the best!!!!
bonbliss is offline  
Old 10-21-2006, 10:27 PM   #19
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,403
OS: XP Pro SP3


All you have to do is uninstall the Java in Add/Remove...and it done...thats all you need to do..and yes Ewido is Avg
Pancake is offline  
Old 10-22-2006, 12:57 PM   #20
Guest
 
Join Date: Oct 2006
Posts: 25
OS:


here is the new hijack log


Log Contents provided by Enigma Software Group, Inc.
###########################Runnning Processes DATA###########################
processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = bd7fb0957c716f1a60333aee04de2178
processName = WINLOGON.EXE File Size = 502272 File Path = \??\C:\WINDOWS\system32\winlogon.exe ModuleMD5 = 01c3346c241652f43aed8e2149881bfe
processName = SERVICES.EXE File Size = 108032 File Path = C:\WINDOWS\system32\services.exe ModuleMD5 = c6ce6eec82f187615d1002bb3bb50ed4
processName = LSASS.EXE File Size = 13312 File Path = C:\WINDOWS\system32\lsass.exe ModuleMD5 = 84885f9b82f4d55c6146ebf6065d75d2
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = MSMPENG.EXE File Size = 45840 File Path = C:\Program Files\Windows Defender\MsMpEng.exe ModuleMD5 = 948d315495195662ba2a683a7a156bea
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = LEXBCES.EXE File Size = 287232 File Path = C:\WINDOWS\system32\LEXBCES.EXE ModuleMD5 = 69fa354400755830e04756409c107206
processName = LEXPPS.EXE File Size = 169984 File Path = C:\WINDOWS\system32\LEXPPS.EXE ModuleMD5 = 3feba67adef1da53b7f0817cd765de25
processName = SPOOLSV.EXE File Size = 57856 File Path = C:\WINDOWS\system32\spoolsv.exe ModuleMD5 = da81ec57acd4cdc3d4c51cf3d409af9f
processName = GUARD.EXE File Size = 204800 File Path = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe ModuleMD5 = e8fbdcc8d618d1bb84b828f247a6244b
processName = ISAFE.EXE File Size = 259184 File Path = C:\Program Files\Yahoo!\Antivirus\ISafe.exe ModuleMD5 = 108e941377f92195ed3996eb3499cb6e
processName = CISVC.EXE File Size = 5632 File Path = C:\WINDOWS\system32\cisvc.exe ModuleMD5 = 3192bd04d032a9c4a85a3278c268a13a
processName = RUNSERVICE.EXE File Size = 2560 File Path = C:\WINDOWS\runservice.exe ModuleMD5 = 29fab5363138f6e322f4cd780ed9d337
processName = HWAPI.EXE File Size = 554600 File Path = C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe ModuleMD5 = de8fbaa08877900b7f23e518e4221c9c
processName = MCLOGSRV.EXE File Size = 175216 File Path = C:\PROGRA~1\McAfee\MSC\mclogsrv.exe ModuleMD5 = d795371be3c8a1a5fda2e6e042a6a400
processName = MCUPDMGR.EXE File Size = 669296 File Path = C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe ModuleMD5 = bf4e3927ec963dd300e8f6623aa1d4a4
processName = MCNASVC.EXE File Size = 2131496 File Path = c:\program files\common files\mcafee\mna\mcnasvc.exe ModuleMD5 = ff0d885d36bc7a6426a54feb2171a6f6
processName = MCODS.EXE File Size = 345680 File Path = C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe ModuleMD5 = 3c5dd4d4aba2f38b317da058ee3cabde
processName = MCPROMGR.EXE File Size = 470640 File Path = C:\PROGRA~1\McAfee\MSC\mcpromgr.exe ModuleMD5 = 3bd95ffcc64e7420ab4f94b61ce77eaf
processName = REDIRSVC.EXE File Size = 239200 File Path = c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe ModuleMD5 = 1c36cc36bc7be8c50e62c1ccdd9b4f0c
processName = MCSHIELD.EXE File Size = 140864 File Path = C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe ModuleMD5 = 397f560a378f2a91e5c40ee648c12861
processName = MCSYSMON.EXE File Size = 622160 File Path = C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe ModuleMD5 = 41eb33167df079b41de0566216bba77a
processName = MCTSKSHD.EXE File Size = 187504 File Path = C:\PROGRA~1\McAfee\MSC\mctskshd.exe ModuleMD5 = d7df93ed136581b9e7573b63b27f6f3c
processName = MCUSRMGR.EXE File Size = 300656 File Path = C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe ModuleMD5 = 96ef50dbd7ca5dcfe5453cad8b0a3b70
processName = MPFSRV.EXE File Size = 804392 File Path = C:\Program Files\McAfee\MPF\MPFSrv.exe ModuleMD5 = dd27300570f815740690e082fe1cf051
processName = NVSVC32.EXE File Size = 81920 File Path = C:\WINDOWS\System32\nvsvc32.exe ModuleMD5 = 5ed834603c36414b579979b3a9c90f54
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = EXPLORER.EXE File Size = 1032192 File Path = C:\WINDOWS\Explorer.EXE ModuleMD5 = a0732187050030ae399b241436565e64
processName = VETMSG.EXE File Size = 201840 File Path = C:\Program Files\Yahoo!\Antivirus\VetMsg.exe ModuleMD5 = ae7dc64f42fa4d3385c573522fd6466f
processName = MCAGENT.EXE File Size = 558704 File Path = C:\PROGRA~1\mcafee.com\agent\mcagent.exe ModuleMD5 = 056e7923f49664a0079075f88b55b8fa
processName = QTTASK.EXE File Size = 77824 File Path = C:\Program Files\QuickTime\qttask.exe ModuleMD5 = c9128ae6036cdf67873a516e1a00ed4b
processName = MM_TRAY.EXE File Size = 110592 File Path = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe ModuleMD5 = d25a8c448da4d21a2cf9db97df0ccfd0
processName = MSASCUI.EXE File Size = 1420560 File Path = C:\Program Files\Windows Defender\MSASCui.exe ModuleMD5 = 81aa8ba06a824e637e2ba290d4fa9e3e
processName = REALSCHED.EXE File Size = 180269 File Path = C:\Program Files\Common Files\Real\Update_OB\realsched.exe ModuleMD5 = 006220ee86eb71c5884f415eaa9e8058
processName = AVGAS.EXE File Size = 6266880 File Path = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe ModuleMD5 = 01d90ae5dccbce0c7b52874fec35a608
processName = SPYHUNTER.EXE File Size = 2482176 File Path = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 586bac9f494de141189c05b79b653f73
processName = MSNMSGR.EXE File Size = 7094272 File Path = C:\Program Files\MSN Messenger\MsnMsgr.Exe ModuleMD5 = b83e12b5341c5dcecc5c217a824ffeb1
processName = WUAUCLT.EXE File Size = 124184 File Path = C:\WINDOWS\system32\wuauclt.exe ModuleMD5 = ebf1ab7e4fc05cabf2f4680d2a45f827
processName = YMSGR_TRAY.EXE File Size = 90112 File Path = C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe ModuleMD5 = cd2c52ace92a1c1426c5300ec6d9bb50
processName = WUAUCLT.EXE File Size = 124184 File Path = C:\WINDOWS\system32\wuauclt.exe ModuleMD5 = ebf1ab7e4fc05cabf2f4680d2a45f827
###########################REGISTRY MD5 DATA###########################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
Name=NvCplDaemon Data=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup FileSize = 5058560 MD5=aa8b1b6ad9e721e2f0dbbc7d95d32ea4
Name=QuickTime Task Data="C:\Program Files\QuickTime\qttask.exe" -atboottime FileSize = 77824 MD5=c9128ae6036cdf67873a516e1a00ed4b
Name=MMTray Data="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" FileSize = 110592 MD5=d25a8c448da4d21a2cf9db97df0ccfd0
Name=Windows Defender Data="C:\Program Files\Windows Defender\MSASCui.exe" -hide FileSize = 1420560 MD5=81aa8ba06a824e637e2ba290d4fa9e3e
Name=TkBellExe Data="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot FileSize = 180269 MD5=006220ee86eb71c5884f415eaa9e8058
Name=!AVG Anti-Spyware Data="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized FileSize = 6266880 MD5=01d90ae5dccbce0c7b52874fec35a608
Name=SpyHunter Data=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
FileSize = 2482176 MD5=586bac9f494de141189c05b79b653f73
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
Name=MSMSGS Data="C:\Program Files\Messenger\msmsgs.exe" /background FileSize = 1694208 MD5=74e6e96c6f0e2eca4edbb7f7a468f259
Name=MsnMsgr Data="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background FileSize = 7094272 MD5=b83e12b5341c5dcecc5c217a824ffeb1
Name=Yahoo! Pager Data="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
FileSize = 3334144 MD5=ac6e62f25bf9e002b7f3a981e7b55904
<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINDOWS\APPINIT_DLLS>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\SHELL>
explorer.exe FileSize = 1032192 MD5=a0732187050030ae399b241436565e64
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT>
C:\WINDOWS\system32\userinit.exe, FileSize = 24576 MD5=39b1ffb03c2296323832acbae50d2aff
#############################FILE MD5 DATA#############################
<C:\Documents and Settings\BONNIE\Start Menu\Programs\Startup>
File Path = C:\Documents and Settings\BONNIE\Start Menu\Programs\Startup\DESKTOP.INI File Size = 4096 md5=d6a6856702e3f0953e7246a9b4a9fe35
#############################SERVICES DATA#############################
Service Name = ALG Service Display Name = Application Layer Gateway Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\alg.exe Binary Size = 44544 Binary MD5 = f1958fbf86d5c004cf19a5951a9514b7
Service Name = AudioSrv Service Display Name = Windows Audio Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = AVG Anti-Spyware Guard Service Display Name = AVG Anti-Spyware Guard Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe Binary Size = 204800 Binary MD5 = e8fbdcc8d618d1bb84b828f247a6244b
Service Name = BITS Service Display Name = Background Intelligent Transfer Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Browser Service Display Name = Computer Browser Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = CAISafe Service Display Name = CAISafe Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\Program Files\Yahoo!\Antivirus\ISafe.exe Binary Size = 259184 Binary MD5 = 108e941377f92195ed3996eb3499cb6e
Service Name = CiSvc Service Display Name = Indexing Service Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\cisvc.exe Binary Size = 5632 Binary MD5 = 3192bd04d032a9c4a85a3278c268a13a
Service Name = CryptSvc Service Display Name = Cryptographic Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = DcomLaunch Service Display Name = DCOM Server Process Launcher Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k DcomLaunch Binary Size = 0 Binary MD5 =
Service Name = Dhcp Service Display Name = DHCP Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Dnscache Service Display Name = DNS Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k NetworkService Binary Size = 0 Binary MD5 =
Service Name = ERSvc Service Display Name = Error Reporting Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Eventlog Service Display Name = Event Log Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4
Service Name = EventSystem Service Display Name = COM+ Event System Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = FastUserSwitchingCompatibility Service Display Name = Fast User Switching Compatibility Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = helpsvc Service Display Name = Help and Support Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = lanmanserver Service Display Name = Server Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = lanmanworkstation Service Display Name = Workstation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = LexBceS Service Display Name = LexBce Server Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\LEXBCES.EXE Binary Size = 287232 Binary MD5 = 69fa354400755830e04756409c107206
Service Name = LicCtrlService Service Display Name = LicCtrl Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\runservice.exe Binary Size = 2560 Binary MD5 = 29fab5363138f6e322f4cd780ed9d337
Service Name = LmHosts Service Display Name = TCP/IP NetBIOS Helper Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = McAfee HackerWatch Service Service Display Name = McAfee HackerWatch Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" Binary Size = 0 Binary MD5 =
Service Name = McLogManagerService Service Display Name = McAfee Log Manager Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\McAfee\MSC\mclogsrv.exe Binary Size = 175216 Binary MD5 = d795371be3c8a1a5fda2e6e042a6a400
Service Name = mcmispupdmgr Service Display Name = McAfee Update Manager Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe Binary Size = 669296 Binary MD5 = bf4e3927ec963dd300e8f6623aa1d4a4
Service Name = McNASvc Service Display Name = McAfee Network Agent Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "c:\program files\common files\mcafee\mna\mcnasvc.exe" Binary Size = 0 Binary MD5 =
Service Name = McODS Service Display Name = McAfee Scanner Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe Binary Size = 345680 Binary MD5 = 3c5dd4d4aba2f38b317da058ee3cabde
Service Name = mcpromgr Service Display Name = McAfee Protection Manager Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\McAfee\MSC\mcpromgr.exe Binary Size = 470640 Binary MD5 = 3bd95ffcc64e7420ab4f94b61ce77eaf
Service Name = McRedirector Service Display Name = McAfee Redirector Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe Binary Size = 239200 Binary MD5 = 1c36cc36bc7be8c50e62c1ccdd9b4f0c
Service Name = McShield Service Display Name = McAfee Real-time Scanner Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe Binary Size = 140864 Binary MD5 = 397f560a378f2a91e5c40ee648c12861
Service Name = McSysmon Service Display Name = McAfee SystemGuards Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe Binary Size = 622160 Binary MD5 = 41eb33167df079b41de0566216bba77a
Service Name = mctskshd.exe Service Display Name = McAfee Task Scheduler Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\McAfee\MSC\mctskshd.exe Binary Size = 187504 Binary MD5 = d7df93ed136581b9e7573b63b27f6f3c
Service Name = mcusrmgr Service Display Name = McAfee User Manager Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe Binary Size = 300656 Binary MD5 = 96ef50dbd7ca5dcfe5453cad8b0a3b70
Service Name = MpfService Service Display Name = McAfee Personal Firewall Service Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\McAfee\MPF\MPFSrv.exe" Binary Size = 0 Binary MD5 =
Service Name = Netman Service Display Name = Network Connections Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Nla Service Display Name = Network Location Awareness (NLA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = NVSvc Service Display Name = NVIDIA Display Driver Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\nvsvc32.exe Binary Size = 81920 Binary MD5 = 5ed834603c36414b579979b3a9c90f54
Service Name = PlugPlay Service Display Name = Plug and Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4
Service Name = PolicyAgent Service Display Name = IPSEC Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
Service Name = ProtectedStorage Service Display Name = Protected Storage Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
Service Name = RasMan Service Display Name = Remote Access Connection Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = RpcSs Service Display Name = Remote Procedure Call (RPC) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k rpcss Binary Size = 0 Binary MD5 =
Service Name = SamSs Service Display Name = Security Accounts Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
Service Name = Schedule Service Display Name = Task Scheduler Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = seclogon Service Display Name = Secondary Logon Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SENS Service Display Name = System Event Notification Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SharedAccess Service Display Name = Windows Firewall/Internet Connection Sharing (ICS) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = ShellHWDetection Service Display Name = Shell Hardware Detection Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Spooler Service Display Name = Print Spooler Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\spoolsv.exe Binary Size = 57856 Binary MD5 = da81ec57acd4cdc3d4c51cf3d409af9f
Service Name = srservice Service Display Name = System Restore Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SSDPSRV Service Display Name = SSDP Discovery Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = stisvc Service Display Name = Windows Image Acquisition (WIA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k imgsvc Binary Size = 0 Binary MD5 =
Service Name = TapiSrv Service Display Name = Telephony Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = TermService Service Display Name = Terminal Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost -k DComLaunch Binary Size = 0 Binary MD5 =
Service Name = Themes Service Display Name = Themes Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = TrkWks Service Display Name = Distributed Link Tracking Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = VETMSGNT Service Display Name = VET Message Service Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\Program Files\Yahoo!\Antivirus\VetMsg.exe Binary Size = 201840 Binary MD5 = ae7dc64f42fa4d3385c573522fd6466f
Service Name = w32time Service Display Name = Windows Time Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WebClient Service Display Name = WebClient Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = WinDefend Service Display Name = Windows Defender Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Windows Defender\MsMpEng.exe" Binary Size = 0 Binary MD5 =
Service Name = winmgmt Service Display Name = Windows Management Instrumentation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = wscsvc Service Display Name = Security Center Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = wuauserv Service Display Name = Automatic Updates Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WZCSVC Service Display Name = Wireless Zero Configuration Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
#############################WINLOGON DATA#############################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY>
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Filepath = C:\WINDOWS\system32\crypt32.dll File Size = 597504 File MD5 = efc958396a7a7ef7e6d4a52b97512e18
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Filepath = C:\WINDOWS\system32\cryptnet.dll File Size = 63488 File MD5 = cad4aa32e7eca00c23cc39c0eb833f9d
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll Filepath = C:\WINDOWS\system32\cscdll.dll File Size = 101888 File MD5 = 587729679b4fe04ce06a5c61d6c56dcd
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Filepath = C:\WINDOWS\system32\sclgntfy.dll File Size = 20992 File MD5 = d636fa41e50671160d838ea2dace3330
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn Filepath = C:\WINDOWS\system32\WlNotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
##########################BROWSER ADD-ON DATA##########################
<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar>
CLSID = {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} FilePath = C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll File Size = 282624 File MD5 = 6b3b0c6657b3dfead7abc5bfee45b347 Description = 0
CLSID = {0BF43445-2F28-4351-9252-17FE6E806AA0} FilePath = C:\Program Files\SiteAdvisor\SiteAdv.dll File Size = 960088 File MD5 = d96f49926e796675a6dfa36225040920 Description = McAfee SiteAdvisor
<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars>
CLSID = {4528BBE0-4E08-11D5-AD55-00010333D0AD} FilePath = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll File Size = 0 File MD5 =
CLSID = {4D5C8C25-D075-11d0-B416-00C04FB90376} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1494016 File MD5 = c34f4d8e9275e994fddd72cbde6a2aed
CLSID = {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} FilePath = C:\WINDOWS\System32\Shdocvw.dll File Size = 1494016 File MD5 = c34f4d8e9275e994fddd72cbde6a2aed
<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars>
CLSID = {32683183-48a0-441b-a342-7c2a440a9478} FilePath = File Size = 0 File MD5 =
CLSID = {4528BBE0-4E08-11D5-AD55-00010333D0AD} FilePath = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll File Size = 0 File MD5 =
CLSID = {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} FilePath = C:\WINDOWS\system32\SHELL32.dll File Size = 8453632 File MD5 = f056b4771408966694de5d9bf79b48f8
CLSID = {EFA24E61-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1494016 File MD5 = c34f4d8e9275e994fddd72cbde6a2aed
CLSID = {EFA24E64-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1494016 File MD5 = c34f4d8e9275e994fddd72cbde6a2aed
<HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects>
CLSID = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} FilePath = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll File Size = 54248 File MD5 = fc7850324464e4d19a24a03d882b5cc4
CLSID = {089FD14D-132B-48FC-8861-0048AE113215} FilePath = C:\Program Files\SiteAdvisor\SiteAdv.dll File Size = 960088 File MD5 = d96f49926e796675a6dfa36225040920
CLSID = {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} FilePath = C:\Program Files\Yahoo!\Common\yiesrvc.dll File Size = 181752 File MD5 = 90aae04c4c2f05981fb7bf24e70ac0aa
CLSID = {65D886A2-7CA7-479B-BB95-14D1EFB7946A} FilePath = C:\Program Files\Yahoo!\Common\YIeTagBm.dll File Size = 120312 File MD5 = 3355b63f76de77384c93daadae22cc2b
CLSID = {754CC255-0870-4CBC-AB2E-7365CF6D1180} FilePath = C:\Program Files\CSBB\CSBB.dll File Size = 0 File MD5 =
CLSID = {7DB2D5A0-7241-4E79-B68D-6309F01C5231} FilePath = c:\program files\mcafee\virusscan\scriptsn.dll File Size = 67136 File MD5 = 8bcd0931d8a2e415d5a821f7428f5c39
CLSID = {9394EDE7-C8B5-483E-8773-474BF36AF6E4} FilePath = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll File Size = 155648 File MD5 = 0da1349495955cb41a5899047c5a1267
CLSID = {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} FilePath = C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll File Size = 282624 File MD5 = 6b3b0c6657b3dfead7abc5bfee45b347
CLSID = {D3DDDA82-11CD-4044-87F7-BA3A3A8D44F0} FilePath = C:\Program Files\CSBB\CSBB.dll File Size = 0 File MD5 =
CLSID = {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} FilePath = C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll File Size = 124032 File MD5 = 0645dbcbdb3f4a69aee13f4b5f9c4291
<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions>
CLSID = {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} FilePath = C:\Program Files\Yahoo!\Common\yiesrvc.dll File Size = 181752 File MD5 = 90aae04c4c2f05981fb7bf24e70ac0aa
CLSID = {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} FilePath = File Size = 0 File MD5 =
CLSID = {FB5F1910-F110-11d2-BB9E-00C04F795683} FilePath = File Size = 0 File MD5 =
<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions>
CLSID = CmdMapping FilePath = File Size = 0 File MD5 =
<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks>
CLSID = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1494016 File MD5 = c34f4d8e9275e994fddd72cbde6a2aed Description =
<HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler>
CLSID = {438755C2-A8BA-11D1-B96B-00A0C90312E1} FilePath = C:\WINDOWS\System32\browseui.dll File Size = 1022976 File MD5 = 5e1770268514e159171e4166d8add408 Description = Browseui preloader
CLSID = {8C7461EF-2B13-11d2-BE35-3078302C2030} FilePath = C:\WINDOWS\System32\browseui.dll File Size = 1022976 File MD5 = 5e1770268514e159171e4166d8add408 Description = Component Categories cache daemon
##########################LSP CHAIN DATA##########################
<HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS>
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Filepath = C:\WINDOWS\System32\VetRedir.dll File Size = 74864 File MD5 = 4b6a7307c6953ed5ab8079e42490ac32
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Filepath = C:\WINDOWS\System32\VetRedir.dll File Size = 74864 File MD5 = 4b6a7307c6953ed5ab8079e42490ac32
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Filepath = C:\WINDOWS\System32\VetRedir.dll File Size = 74864 File MD5 = 4b6a7307c6953ed5ab8079e42490ac32
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 Filepath = C:\WINDOWS\System32\VetRedir.dll File Size = 74864 File MD5 = 4b6a7307c6953ed5ab8079e42490ac32
##########################UNINSTALL DATA##########################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL>
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\561 DisplayName = URL Display
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\586 DisplayName = Context Display
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\857 DisplayName = RON Display
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\a-squared HiJackFree_is1 DisplayName = a-squared HiJackFree 2.0 InstallLocation = C:\Program Files\a-squared HiJackFree\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ABBYY FineReader 5.0 Sprint
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Personal DisplayName = Ad-Aware SE Personal
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Photoshop 6.0 DisplayName = Adobe Photoshop 6.0 InstallLocation = C:\Program Files\Adobe\Photoshop 6.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player DisplayName = Adobe Shockwave Player
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AdobeESD DisplayName = Adobe Download Manager 1.2 (Remove Only)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ASAPI Update DisplayName = ASAPI Update
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AVGAntiSpyware75 DisplayName = AVG Anti-Spyware 7.5 InstallLocation = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\BCM V.92 56K Modem DisplayName = BCM V.92 56K Modem
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Branding
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Britannica Ready Reference
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Cool Edit Pro 2.0 DisplayName = Cool Edit Pro 2.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\EPSON Printer and Utilities DisplayName = EPSON Printer Software
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Guitar Pro 4.0 DisplayName = Guitar Pro 4.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis DisplayName = HijackThis 1.99.1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis 1.99.1_is1 DisplayName = CyberAnswers.org InstallLocation = C:\Program Files\HijackThis 1.99.1\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{24ED4D80-8294-11D5-96CD-0040266301AD} DisplayName = FinePixViewer Ver.3.2 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Kaspersky Online Scanner DisplayName = Kaspersky Online Scanner InstallLocation = C:\WINDOWS\system32\KASPER~1\KASPER~1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873333 DisplayName = Windows XP Hotfix - KB873333
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 DisplayName = Windows XP Hotfix - KB873339
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885250 DisplayName = Windows XP Hotfix - KB885250
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 DisplayName = Windows XP Hotfix - KB885835
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 DisplayName = Windows XP Hotfix - KB885836
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 DisplayName = Windows XP Hotfix - KB886185
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887472 DisplayName = Windows XP Hotfix - KB887472
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887742 DisplayName = Windows XP Hotfix - KB887742
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888113 DisplayName = Windows XP Hotfix - KB888113
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 DisplayName = Windows XP Hotfix - KB888302
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890046 DisplayName = Security Update for Windows XP (KB890046)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890047 DisplayName = Windows XP Hotfix - KB890047
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890175 DisplayName = Windows XP Hotfix - KB890175
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890859 DisplayName = Windows XP Hotfix - KB890859
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891781 DisplayName = Windows XP Hotfix - KB891781
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893756 DisplayName = Security Update for Windows XP (KB893756)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2 DisplayName = Windows Installer 3.1 (KB893803)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB894391 DisplayName = Update for Windows XP (KB894391)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896358 DisplayName = Security Update for Windows XP (KB896358)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896422 DisplayName = Security Update for Windows XP (KB896422)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896423 DisplayName = Security Update for Windows XP (KB896423)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896424 DisplayName = Security Update for Windows XP (KB896424)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896428 DisplayName = Security Update for Windows XP (KB896428)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898458 DisplayName = Security Update for Step By Step Interactive Training (KB898458)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898461 DisplayName = Update for Windows XP (KB898461)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899587 DisplayName = Security Update for Windows XP (KB899587)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899591 DisplayName = Security Update for Windows XP (KB899591)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900485 DisplayName = Update for Windows XP (KB900485)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900725 DisplayName = Security Update for Windows XP (KB900725)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901017 DisplayName = Security Update for Windows XP (KB901017)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901190 DisplayName = Security Update for Windows XP (KB901190)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901214 DisplayName = Security Update for Windows XP (KB901214)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB902400 DisplayName = Security Update for Windows XP (KB902400)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB904706 DisplayName = Security Update for Windows XP (KB904706)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905414 DisplayName = Security Update for Windows XP (KB905414)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905749 DisplayName = Security Update for Windows XP (KB905749)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905915 DisplayName = Security Update for Windows XP (KB905915)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908519 DisplayName = Security Update for Windows XP (KB908519)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908531 DisplayName = Security Update for Windows XP (KB908531)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB910437 DisplayName = Update for Windows XP (KB910437)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911280 DisplayName = Security Update for Windows XP (KB911280)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911562 DisplayName = Security Update for Windows XP (KB911562)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911564 DisplayName = Security Update for Windows Media Player (KB911564)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911565 DisplayName = Security Update for Windows Media Player 10 (KB911565)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911567 DisplayName = Security Update for Windows XP (KB911567)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911927 DisplayName = Security Update for Windows XP (KB911927)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912812 DisplayName = Security Update for Windows XP (KB912812)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912919 DisplayName = Security Update for Windows XP (KB912919)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB913446 DisplayName = Security Update for Windows XP (KB913446)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB913580 DisplayName = Security Update for Windows XP (KB913580)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914388 DisplayName = Security Update for Windows XP (KB914388)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914389 DisplayName = Security Update for Windows XP (KB914389)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB916281 DisplayName = Security Update for Windows XP (KB916281)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB916595 DisplayName = Update for Windows XP (KB916595)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917159 DisplayName = Security Update for Windows XP (KB917159)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917344 DisplayName = Security Update for Windows XP (KB917344)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917422 DisplayName = Security Update for Windows XP (KB917422)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP10 DisplayName = Security Update for Windows Media Player 10 (KB917734)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917953 DisplayName = Security Update for Windows XP (KB917953)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918439 DisplayName = Security Update for Windows XP (KB918439)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918899 DisplayName = Security Update for Windows XP (KB918899)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB919007 DisplayName = Security Update for Windows XP (KB919007)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920214 DisplayName = Security Update for Windows XP (KB920214)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920670 DisplayName = Security Update for Windows XP (KB920670)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920683 DisplayName = Security Update for Windows XP (KB920683)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920685 DisplayName = Security Update for Windows XP (KB920685)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920872 DisplayName = Update for Windows XP (KB920872)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921398 DisplayName = Security Update for Windows XP (KB921398)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921883 DisplayName = Security Update for Windows XP (KB921883)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922582 DisplayName = Update for Windows XP (KB922582)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922616 DisplayName = Security Update for Windows XP (KB922616)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922819 DisplayName = Security Update for Windows XP (KB922819)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923191 DisplayName = Security Update for Windows XP (KB923191)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923414 DisplayName = Security Update for Windows XP (KB923414)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924191 DisplayName = Security Update for Windows XP (KB924191)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924496 DisplayName = Security Update for Windows XP (KB924496)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925486 DisplayName = Security Update for Windows XP (KB925486)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveReg DisplayName = LiveReg (Symantec Corporation) InstallLocation = C:\Program Files\Common Files\Symantec Shared\LiveReg
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033) DisplayName = Microsoft .NET Framework 1.1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 2.0 DisplayName = Microsoft .NET Framework 2.0 InstallLocation = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSC DisplayName = McAfee SecurityCenter
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSN Toolbar DisplayName = MSN Toolbar
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MWASPI DisplayName = MicroStaff WINASPI
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA DisplayName = NVIDIA Windows 2000/XP Display Drivers
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Display Driver DisplayName = NVIDIA Display Driver
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Panda ActiveScan DisplayName = Panda ActiveScan
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PROSet DisplayName = Intel(R) PRO Ethernet Adapter and Software
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Quicken 2002 New User Edition DisplayName = Quicken 2002 New User Edition
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\QuickTime DisplayName = QuickTime
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\RealJukebox 1.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 6.0 DisplayName = RealPlayer
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SBC Yahoo! Applications DisplayName = SBC Yahoo! Applications
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SBC Yahoo! DSL Activation DisplayName = SBC Yahoo! DSL Activation
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SBC Yahoo! UMUninstaller
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Setup Wizard EPIC DisplayName = EPSON EIC CX5400
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Steinberg WaveLab v4.00c DisplayName = Steinberg WaveLab v4.00c
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WGA DisplayName = Windows Genuine Advantage Validation Tool
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime DisplayName = Windows Media Format Runtime
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack DisplayName = Windows XP Service Pack 2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WordPerfect Office 2002 DisplayName = WordPerfect Office 2002
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000 DisplayName = Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar DisplayName = Yahoo! Toolbar
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{01A4AEDE-F219-49A2-B855-16A016EAF9A4} DisplayName = Intel(R) PROSet II InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{097346E0-6A51-11D1-AD16-00A0C95E0503}(SBC) DisplayName = Visual IP InSight(SBC)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{0E0131B2-CF18-40D9-A331-60A3746C1204} DisplayName = EPSON Scan
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{11E83B33-972B-4512-A447-FF0FD0246EE9}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{11F1920A-56A2-4642-B6E0-3B31A12C9288} DisplayName = Dell Solution Center InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{121634B0-2F4A-11D3-ADA3-00C04F52DD53} DisplayName = Windows Installer Clean Up InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{151C555A-A9E7-4A2E-B6D7-165D04A3C956} DisplayName = Dell Picture Studio - Dell Image Expert InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{22901BB7-2C57-409E-AF2F-56FFFEA41116} DisplayName = EPSON Photo Print
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{23EFDB58-0874-4883-9810-EDA510B19FAE}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{24ED4D80-8294-11D5-96CD-0040266301AD} DisplayName = FinePixViewer Ver.3.2 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{29D88826-2AB9-11D5-8854-00902761A46D} DisplayName = WordPerfect Office 2002 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{2BFBC62A-3353-443D-93BE-7AC641D9F342}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} DisplayName = WebFldrs XP InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF} DisplayName = Dell Modem-On-Hold InstallLocation = C:\Program Files\Dell Modem-On-Hold
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{43FCA273-9534-40DB-B7C5-D7758875616A} DisplayName = Dell Support InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{45893FEB-30FD-4034-8661-3BA4238FE67A} DisplayName = Britannica Ready Reference
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{47BB71CF-F3A3-4EE5-AB3E-110B933557B1} DisplayName = Digital Audio Player
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{5490882C-6961-11D5-BAE5-00E0188E010B} DisplayName = FUJIFILM USB Driver
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{609F7AC8-C510-11D4-A788-009027ABA5D0} DisplayName = Easy CD Creator 5 Basic InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} DisplayName = Windows Genuine Advantage v1.3.0254.0 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} DisplayName = PowerDVD
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{6C11D561-620B-47DA-A693-4C597F3CDF40} DisplayName = EPSON Smart Panel
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{85D3CC30-8859-481A-9654-FD9B74310BEF} DisplayName = Musicmatch® Jukebox InstallLocation = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{90D55A3F-1D99-4C94-A77E-46DC14F0BF08} DisplayName = Help and Support Customization InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{98DF85D9-96C0-4F57-A92E-C3539477EF5E} DisplayName = DVDSentry InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} DisplayName = Windows Defender Signatures InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A00000000001} DisplayName = Adobe Reader 6.0.1 InstallLocation = C:\Program Files\Adobe\Acrobat 6.0\Reader\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{B100B05B-E290-41EF-9366-8BC4C76D7769}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{B69CC1A5-0404-11D6-ABCB-005004C21D30} DisplayName = EPSON Copy Utility
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{CAB99E06-B92F-4AE0-89AD-D9AC5991046F} DisplayName = Windows Defender InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} DisplayName = Microsoft .NET Framework 1.1 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5} DisplayName = MSN Messenger 7.5 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1696920-9794-4BBC-8A30-7A88763DE5A2} DisplayName = ABBYY FineReader 5.0 Sprint Plus InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{D3568156-59C3-42DF-A520-2C25B6706C91}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{D3AA158A-9421-4883-8767-E771B0964A1D} DisplayName = ImageMixer VCD for FinePix
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{D78653C3-A8FF-415F-92E6-D774E634FF2D} DisplayName = Dell ResourceCD
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{E213C271-AEFA-481D-A9B4-914D88925B8D}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{E646DCF0-5A68-11D5-B229-002078017FBF} DisplayName = Digital Line Detect InstallLocation = C:\Program Files\Digital Line Detect
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE5B8E34-973C-4FBE-AC83-99F064009FC7} DisplayName = SpyHunter InstallLocation = C:\Program Files\Enigma Software Group\SpyHunter
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} DisplayName = HighMAT Extension to Microsoft Windows XP CD Writing Wizard InstallLocation = C:\Program Files\HighMAT CD Writing Wizard\
\
bonbliss is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:56 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts