mommy1
join:2007-08-07
Prescott, WI
1 edit | [Vundo] Would like assistane to get rid of Trojan.Vundo
I noticed that my system was runnning slow on my computer. I then clicked on a site and it infected me with Drive Cleaner. I went and downloaded Spy Hunter and it showed that I was infected with Trojan Vundo. I also downloaded vundofix and it did not find anything.
Here is a copy of my HJIT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:57 AM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = »www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - »us.dl1.yimg.com/download.yahoo.c···0401.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - »www.fileplanet.com/fpdlmgr/cabs/···0_44.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - »zone.msn.com/bingame/rock/defaul···der1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···ient.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - »download.games.yahoo.com/games/p···r_v5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - »fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - »messenger.zone.msn.com/binary/So···down.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Karima%20Newton/Desktop/pics/P9230099.JPG
--
End of file - 7524 bytes
Please Help! |
|
CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX
 ·RoadRunner Cable
| I don't see any signs of vundo here but let's make sure:
Follow this faq: »Security Cleanup FAQ »Trojan Vundo/Virtumonde/Winfixer Removal
--
da Cajun Darn I hate Malware |
|
mommy1
join:2007-08-07
Prescott, WI
| I ran vundofix and it did not find anything. Here is the support log from SpyHunter
###########################Runnning Processes DATA###########################
processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = bd7fb0957c716f1a60333aee04de2178
processName = WINLOGON.EXE File Size = 502272 File Path = \??\C:\WINDOWS\system32\winlogon.exe ModuleMD5 = 01c3346c241652f43aed8e2149881bfe
processName = SERVICES.EXE File Size = 108032 File Path = C:\WINDOWS\system32\services.exe ModuleMD5 = c6ce6eec82f187615d1002bb3bb50ed4
processName = LSASS.EXE File Size = 13312 File Path = C:\WINDOWS\system32\lsass.exe ModuleMD5 = 84885f9b82f4d55c6146ebf6065d75d2
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = EXPLORER.EXE File Size = 1032192 File Path = C:\WINDOWS\Explorer.EXE ModuleMD5 = a0732187050030ae399b241436565e64
processName = SPOOLSV.EXE File Size = 57856 File Path = C:\WINDOWS\system32\spoolsv.exe ModuleMD5 = da81ec57acd4cdc3d4c51cf3d409af9f
processName = MCAGENT.EXE File Size = 192512 File Path = C:\Program Files\McAfee.com\Agent\mcagent.exe ModuleMD5 = 57ee0ef60bcd84b2bb9fc6f29bf881ed
processName = REALSCHED.EXE File Size = 151597 File Path = C:\Program Files\Common Files\Real\Update_OB\realsched.exe ModuleMD5 = a05da809ac0d86d916d09e3a908d3a06
processName = WKUFIND.EXE File Size = 28672 File Path = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe ModuleMD5 = ec0f1ec573a0346f89b8e87e04e9d32a
processName = QTTASK.EXE File Size = 282624 File Path = C:\Program Files\QuickTime\qttask.exe ModuleMD5 = 7fbe43046efdf24fc9375024e4d02ac9
processName = ITUNESHELPER.EXE File Size = 257088 File Path = C:\Program Files\iTunes\iTunesHelper.exe ModuleMD5 = 3e8c2bf38ad10ec0f6691eb88b721e0c
processName = AVGCC.EXE File Size = 416256 File Path = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe ModuleMD5 = 2200c98c049de1a7638ea0edba1c8882
processName = DIAGENT.EXE File Size = 135264 File Path = C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe ModuleMD5 = 8eb2419f6228651874b99a338696a77d
processName = AVGAMSVR.EXE File Size = 353280 File Path = C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe ModuleMD5 = 5f4ed1dba7e1eaecba443a53da176485
processName = AVGUPSVC.EXE File Size = 49664 File Path = C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe ModuleMD5 = 30a14f65db477dc00a64a5a24e96919c
processName = CTSVCCDA.EXE File Size = 44032 File Path = C:\WINDOWS\System32\CTsvcCDA.exe ModuleMD5 = 3c8b6609712f4ff78e521f6dcfc4032b
processName = MCVSRTE.EXE File Size = 94208 File Path = c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe ModuleMD5 = ba00e0423c0f569ab8e84fcce45d22da
processName = NVSVC32.EXE File Size = 131139 File Path = C:\WINDOWS\system32\nvsvc32.exe ModuleMD5 = a3b67aa9f60533557fd9141bca9fa4a9
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = MSPMSPSV.EXE File Size = 53520 File Path = C:\WINDOWS\System32\MsPMSPSv.exe ModuleMD5 = 581176f60885aef8f78c6e38dcc3cdf9
processName = IPODSERVICE.EXE File Size = 501312 File Path = C:\Program Files\iPod\bin\iPodService.exe ModuleMD5 = f72ab8ec1eb97f4b6edabfdc34bc84cb
processName = MCSHIELD.EXE File Size = 225375 File Path = c:\PROGRA~1\mcafee.com\vso\mcshield.exe ModuleMD5 = 97addee4dc70929a8b482a7ae7842920
processName = WSCNTFY.EXE File Size = 13824 File Path = C:\WINDOWS\system32\wscntfy.exe ModuleMD5 = 49911dd39e023bb6c45e4e436cfbd297
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = FIREFOX.EXE File Size = 7644520 File Path = C:\Program Files\Mozilla Firefox\firefox.exe ModuleMD5 = e169eef3c383d7a86f11b60220822a34
processName = SPYHUNTER.EXE File Size = 2693248 File Path = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 106556f40e0366b98ff715462aa3c3e5
processName = AVGW.EXE File Size = 145920 File Path = C:\PROGRA~1\Grisoft\AVG7\avgw.exe ModuleMD5 = 736a6ed03365ec50815ff8ed6b2e2147
###########################REGISTRY MD5 DATA###########################
Name=IgfxTray Data=C:\WINDOWS\system32\igfxtray.exe FileSize = 155648 MD5=093d3ee722542ba2e7ad929aa3ca6abc
Name=HotKeysCmds Data=C:\WINDOWS\system32\hkcmd.exe FileSize = 126976 MD5=e4cf942a4aea9d27c87f190f65e7d0f6
Name=diagent Data="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup FileSize = 135264 MD5=8eb2419f6228651874b99a338696a77d
Name=UpdReg Data=C:\WINDOWS\UpdReg.EXE FileSize = 90112 MD5=c419df63e0121d72411285780c2fc6cc
Name=MCAgentExe Data=C:\Program Files\McAfee.com\Agent\mcagent.exe FileSize = 192512 MD5=57ee0ef60bcd84b2bb9fc6f29bf881ed
Name=MCUpdateExe Data=C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe FileSize = 151552 MD5=e5e723cb1ece12616cd2c383a8970e52
Name=TkBellExe Data="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot FileSize = 151597 MD5=a05da809ac0d86d916d09e3a908d3a06
Name=nwiz Data=nwiz.exe /install FileSize = 1519616 MD5=0033ce6494554e47514d3487c9a8f93d
Name=Microsoft Works Update Detection Data=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe FileSize = 28672 MD5=ec0f1ec573a0346f89b8e87e04e9d32a
Name=WildTangent CDA Data="C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" FileSize = MD5=********************************
Name=QuickTime Task Data="C:\Program Files\QuickTime\qttask.exe" -atboottime FileSize = 282624 MD5=7fbe43046efdf24fc9375024e4d02ac9
Name=iTunesHelper Data="C:\Program Files\iTunes\iTunesHelper.exe" FileSize = 257088 MD5=3e8c2bf38ad10ec0f6691eb88b721e0c
Name=AVG7_CC Data=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP FileSize = 416256 MD5=2200c98c049de1a7638ea0edba1c8882
Name=NvCplDaemon Data=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup FileSize = 7311360 MD5=0176fb5e3be224128a5e6700a4d5d063
Name=SpyHunter Data=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
FileSize = 2693248 MD5=106556f40e0366b98ff715462aa3c3e5
Name=updateMgr Data="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
FileSize = 313472 MD5=43f3f6d33c793089a7c32b45da16094b
Name=AVG7_Run Data=C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
FileSize = 145920 MD5=736a6ed03365ec50815ff8ed6b2e2147
Explorer.exe FileSize = 1032192 MD5=a0732187050030ae399b241436565e64
C:\WINDOWS\system32\userinit.exe, FileSize = 24576 MD5=39b1ffb03c2296323832acbae50d2aff
#############################FILE MD5 DATA#############################
File Path = C:\Documents and Settings\Karima Newton\Start Menu\Programs\Startup\DESKTOP.INI File Size = 4096 md5=d6a6856702e3f0953e7246a9b4a9fe35
#############################SERVICES DATA#############################
Service Name = ALG Service Display Name = Application Layer Gateway Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\alg.exe Binary Size = 44544 Binary MD5 = f1958fbf86d5c004cf19a5951a9514b7
Service Name = AudioSrv Service Display Name = Windows Audio Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Avg7Alrt Service Display Name = AVG7 Alert Manager Server Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe Binary Size = 353280 Binary MD5 = 5f4ed1dba7e1eaecba443a53da176485
Service Name = Avg7UpdSvc Service Display Name = AVG7 Update Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe Binary Size = 49664 Binary MD5 = 30a14f65db477dc00a64a5a24e96919c
Service Name = Browser Service Display Name = Computer Browser Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Creative Service for CDROM Access Service Display Name = Creative Service for CDROM Access Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\CTsvcCDA.exe Binary Size = 44032 Binary MD5 = 3c8b6609712f4ff78e521f6dcfc4032b
Service Name = CryptSvc Service Display Name = Cryptographic Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = DcomLaunch Service Display Name = DCOM Server Process Launcher Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k DcomLaunch Binary Size = 0 Binary MD5 =
Service Name = Dhcp Service Display Name = DHCP Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Dnscache Service Display Name = DNS Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k NetworkService Binary Size = 0 Binary MD5 =
Service Name = ERSvc Service Display Name = Error Reporting Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Eventlog Service Display Name = Event Log Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4
Service Name = EventSystem Service Display Name = COM+ Event System Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = FastUserSwitchingCompatibility Service Display Name = Fast User Switching Compatibility Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = helpsvc Service Display Name = Help and Support Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = HTTPFilter Service Display Name = HTTP SSL Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k HTTPFilter Binary Size = 0 Binary MD5 =
Service Name = iPod Service Service Display Name = iPod Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = "C:\Program Files\iPod\bin\iPodService.exe" Binary Size = 0 Binary MD5 =
Service Name = lanmanserver Service Display Name = Server Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = lanmanworkstation Service Display Name = Workstation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = LmHosts Service Display Name = TCP/IP NetBIOS Helper Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = McShield Service Display Name = McAfee.com McShield Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 3 Service Error Control = 1 Service Binary Path = c:\PROGRA~1\mcafee.com\vso\mcshield.exe Binary Size = 225375 Binary MD5 = 97addee4dc70929a8b482a7ae7842920
Service Name = MCVSRte Service Display Name = McAfee.com VirusScan Online Realtime Engine Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding Binary Size = 0 Binary MD5 =
Service Name = Netman Service Display Name = Network Connections Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Nla Service Display Name = Network Location Awareness (NLA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = NVSvc Service Display Name = NVIDIA Display Driver Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\nvsvc32.exe Binary Size = 131139 Binary MD5 = a3b67aa9f60533557fd9141bca9fa4a9
Service Name = PlugPlay Service Display Name = Plug and Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4
Service Name = PolicyAgent Service Display Name = IPSEC Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
Service Name = ProtectedStorage Service Display Name = Protected Storage Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
Service Name = RasMan Service Display Name = Remote Access Connection Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = RpcSs Service Display Name = Remote Procedure Call (RPC) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k rpcss Binary Size = 0 Binary MD5 =
Service Name = SamSs Service Display Name = Security Accounts Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
Service Name = Schedule Service Display Name = Task Scheduler Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = seclogon Service Display Name = Secondary Logon Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SENS Service Display Name = System Event Notification Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SharedAccess Service Display Name = Windows Firewall/Internet Connection Sharing (ICS) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = ShellHWDetection Service Display Name = Shell Hardware Detection Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Spooler Service Display Name = Print Spooler Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\spoolsv.exe Binary Size = 57856 Binary MD5 = da81ec57acd4cdc3d4c51cf3d409af9f
Service Name = srservice Service Display Name = System Restore Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SSDPSRV Service Display Name = SSDP Discovery Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = stisvc Service Display Name = Windows Image Acquisition (WIA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k imgsvc Binary Size = 0 Binary MD5 =
Service Name = TapiSrv Service Display Name = Telephony Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = TermService Service Display Name = Terminal Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost -k DComLaunch Binary Size = 0 Binary MD5 =
Service Name = Themes Service Display Name = Themes Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = TrkWks Service Display Name = Distributed Link Tracking Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = w32time Service Display Name = Windows Time Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WebClient Service Display Name = WebClient Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = winmgmt Service Display Name = Windows Management Instrumentation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WMDM PMSP Service Service Display Name = WMDM PMSP Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\MsPMSPSv.exe Binary Size = 53520 Binary MD5 = 581176f60885aef8f78c6e38dcc3cdf9
Service Name = wscsvc Service Display Name = Security Center Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = wuauserv Service Display Name = Automatic Updates Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WZCSVC Service Display Name = Wireless Zero Configuration Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
#############################WINLOGON DATA#############################
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Filepath = C:\WINDOWS\system32\crypt32.dll File Size = 597504 File MD5 = efc958396a7a7ef7e6d4a52b97512e18
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Filepath = C:\WINDOWS\system32\cryptnet.dll File Size = 63488 File MD5 = cad4aa32e7eca00c23cc39c0eb833f9d
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll Filepath = C:\WINDOWS\system32\cscdll.dll File Size = 101888 File MD5 = 587729679b4fe04ce06a5c61d6c56dcd
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui Filepath = C:\WINDOWS\system32\igfxsrvc.dll File Size = 348160 File MD5 = e5926bc2e9cfa7d13f05b5e5f8e9cd52
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Filepath = C:\WINDOWS\system32\sclgntfy.dll File Size = 20992 File MD5 = d636fa41e50671160d838ea2dace3330
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn Filepath = C:\WINDOWS\system32\WlNotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon Filepath = C:\WINDOWS\system32\WgaLogon.dll File Size = 702768 File MD5 = 147429092c26d18af550790ac102f32a
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
##########################BROWSER ADD-ON DATA##########################
CLSID = {EF99BD32-C1FB-11D2-892F-0090271D4F88} FilePath = C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll File Size = 272978 File MD5 = 2a9c5ac736968a77f380a8577ae55bd3 Description = 0
CLSID = {4D5C8C25-D075-11d0-B416-00C04FB90376} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1494528 File MD5 = 43b03472c6fe6a2051f53fd1848f9b5a
CLSID = {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} FilePath = C:\WINDOWS\System32\Shdocvw.dll File Size = 1494528 File MD5 = 43b03472c6fe6a2051f53fd1848f9b5a
CLSID = {32683183-48a0-441b-a342-7c2a440a9478} FilePath = File Size = 0 File MD5 =
CLSID = {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} FilePath = C:\WINDOWS\system32\SHELL32.dll File Size = 8453632 File MD5 = abfcbda41d2bd08baa1b0b2db558df03
CLSID = {02478D38-C3F9-4efb-9B51-7695ECA05670} FilePath = C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll File Size = 272978 File MD5 = 2a9c5ac736968a77f380a8577ae55bd3
CLSID = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} FilePath = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File Size = 63128 File MD5 = f17b2b264072b921fc66a0be16626bab
CLSID = {243B17DE-77C7-46BF-B94B-0B5F309A0E64} FilePath = C:\Program Files\Microsoft Money\System\mnyside.dll File Size = 163906 File MD5 = d91c44aa02f4e577414ee667edb2e1d8
CLSID = {53707962-6F74-2D53-2644-206D7942484F} FilePath = C:\PROGRA~1\SPYBOT~1\SDHelper.dll File Size = 853672 File MD5 = 250d787a5712d7768ddc133b3e477759
CLSID = {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} FilePath = File Size = 0 File MD5 =
CLSID = {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} FilePath = File Size = 0 File MD5 =
CLSID = {E023F504-0C5A-4750-A1E7-A9046DEA8A21} FilePath = File Size = 0 File MD5 =
CLSID = {FB5F1910-F110-11d2-BB9E-00C04F795683} FilePath = File Size = 0 File MD5 =
CLSID = CmdMapping FilePath = File Size = 0 File MD5 =
CLSID = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1494528 File MD5 = 43b03472c6fe6a2051f53fd1848f9b5a Description =
CLSID = {438755C2-A8BA-11D1-B96B-00A0C90312E1} FilePath = C:\WINDOWS\System32\browseui.dll File Size = 1023488 File MD5 = 79f0f941473b37f6dbd54ea97dcf931c Description = Browseui preloader
CLSID = {8C7461EF-2B13-11d2-BE35-3078302C2030} FilePath = C:\WINDOWS\System32\browseui.dll File Size = 1023488 File MD5 = 79f0f941473b37f6dbd54ea97dcf931c Description = Component Categories cache daemon
##########################LSP CHAIN DATA##########################
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
##########################UNINSTALL DATA##########################
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Atmosphere Player DisplayName = Adobe Atmosphere Player for Acrobat and Adobe Reader
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin DisplayName = Adobe Flash Player Plugin
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Automap 9.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall DisplayName = AVG 7.5
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Branding
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2702 DisplayName = Conexant SmartHSFi V92 56K Speakerphone PCI Modem
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Mixer 3
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative PlayCenter 2.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Recorder
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Restore Defaults
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative WaveStudio
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Diagnostics3
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis DisplayName = HijackThis 2.0.2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo & Imaging DisplayName = HP Image Zone 3.5
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3} DisplayName = Broadcom Management Programs InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{9D98F245-3010-43C6-B3B0-67A464DA298E} DisplayName = Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} DisplayName = iPod for Windows 2005-10-12 InstallLocation = C:\Program Files\iPod\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB834707 DisplayName = Windows XP Hotfix - KB834707
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB867282 DisplayName = Windows XP Hotfix - KB867282
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB870669 DisplayName = Microsoft Data Access Components KB870669
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873333 DisplayName = Windows XP Hotfix - KB873333
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 DisplayName = Windows XP Hotfix - KB873339
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB883939 DisplayName = Security Update for Windows XP (KB883939)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885250 DisplayName = Windows XP Hotfix - KB885250
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 DisplayName = Windows XP Hotfix - KB885835
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 DisplayName = Windows XP Hotfix - KB885836
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885884 DisplayName = Windows XP Hotfix - KB885884
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 DisplayName = Windows XP Hotfix - KB886185
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887742 DisplayName = Windows XP Hotfix - KB887742
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888113 DisplayName = Windows XP Hotfix - KB888113
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 DisplayName = Windows XP Hotfix - KB888302
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890046 DisplayName = Security Update for Windows XP (KB890046)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890047 DisplayName = Windows XP Hotfix - KB890047
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890175 DisplayName = Windows XP Hotfix - KB890175
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890859 DisplayName = Windows XP Hotfix - KB890859
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890923 DisplayName = Windows XP Hotfix - KB890923
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891781 DisplayName = Windows XP Hotfix - KB891781
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893066 DisplayName = Windows XP Hotfix - KB893066
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893086 DisplayName = Windows XP Hotfix - KB893086
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893756 DisplayName = Security Update for Windows XP (KB893756)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803 DisplayName = Windows Installer 3.1 (KB893803)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2 DisplayName = Windows Installer 3.1 (KB893803)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB894391 DisplayName = Update for Windows XP (KB894391)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896358 DisplayName = Security Update for Windows XP (KB896358)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896422 DisplayName = Security Update for Windows XP (KB896422)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896423 DisplayName = Security Update for Windows XP (KB896423)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896424 DisplayName = Security Update for Windows XP (KB896424)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896428 DisplayName = Security Update for Windows XP (KB896428)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896688 DisplayName = Security Update for Windows XP (KB896688)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896727 DisplayName = Update for Windows XP (KB896727)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898458 DisplayName = Security Update for Step By Step Interactive Training (KB898458)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898461 DisplayName = Update for Windows XP (KB898461)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899587 DisplayName = Security Update for Windows XP (KB899587)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899588 DisplayName = Security Update for Windows XP (KB899588)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899591 DisplayName = Security Update for Windows XP (KB899591)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900485 DisplayName = Update for Windows XP (KB900485)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900725 DisplayName = Security Update for Windows XP (KB900725)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901017 DisplayName = Security Update for Windows XP (KB901017)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901214 DisplayName = Security Update for Windows XP (KB901214)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB902400 DisplayName = Security Update for Windows XP (KB902400)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB904706 DisplayName = Security Update for Windows XP (KB904706)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905414 DisplayName = Security Update for Windows XP (KB905414)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905749 DisplayName = Security Update for Windows XP (KB905749)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905915 DisplayName = Security Update for Windows XP (KB905915)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908519 DisplayName = Security Update for Windows XP (KB908519)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908531 DisplayName = Security Update for Windows XP (KB908531)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB910437 DisplayName = Update for Windows XP (KB910437)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911280 DisplayName = Security Update for Windows XP (KB911280)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911562 DisplayName = Security Update for Windows XP (KB911562)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911564 DisplayName = Security Update for Windows Media Player (KB911564)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911565 DisplayName = Security Update for Windows Media Player 9 (KB911565)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911567 DisplayName = Security Update for Windows XP (KB911567)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911927 DisplayName = Security Update for Windows XP (KB911927)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912812 DisplayName = Security Update for Windows XP (KB912812)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912919 DisplayName = Security Update for Windows XP (KB912919)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB913446 DisplayName = Security Update for Windows XP (KB913446)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB913580 DisplayName = Security Update for Windows XP (KB913580)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914388 DisplayName = Security Update for Windows XP (KB914388)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914389 DisplayName = Security Update for Windows XP (KB914389)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB916281 DisplayName = Security Update for Windows XP (KB916281)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB916595 DisplayName = Update for Windows XP (KB916595)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917159 DisplayName = Security Update for Windows XP (KB917159)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917344 DisplayName = Security Update for Windows XP (KB917344)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917422 DisplayName = Security Update for Windows XP (KB917422)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP9 DisplayName = Security Update for Windows Media Player 9 (KB917734)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917953 DisplayName = Security Update for Windows XP (KB917953)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918118 DisplayName = Security Update for Windows XP (KB918118)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918439 DisplayName = Security Update for Windows XP (KB918439)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918899 DisplayName = Security Update for Windows XP (KB918899)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB919007 DisplayName = Security Update for Windows XP (KB919007)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920213 DisplayName = Security Update for Windows XP (KB920213)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920214 DisplayName = Security Update for Windows XP (KB920214)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920670 DisplayName = Security Update for Windows XP (KB920670)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920683 DisplayName = Security Update for Windows XP (KB920683)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920685 DisplayName = Security Update for Windows XP (KB920685)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920872 DisplayName = Update for Windows XP (KB920872)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921398 DisplayName = Security Update for Windows XP (KB921398)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921883 DisplayName = Security Update for Windows XP (KB921883)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922582 DisplayName = Update for Windows XP (KB922582)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922616 DisplayName = Security Update for Windows XP (KB922616)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922760 DisplayName = Security Update for Windows XP (KB922760)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922819 DisplayName = Security Update for Windows XP (KB922819)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923191 DisplayName = Security Update for Windows XP (KB923191)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923414 DisplayName = Security Update for Windows XP (KB923414)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923689 |
|
mommy1
join:2007-08-07
Prescott, WI
| A Continuation....
DisplayName = Security Update for Windows XP (KB923689)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923694 DisplayName = Security Update for Windows XP (KB923694)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923723 DisplayName = Security Update for Step By Step Interactive Training (KB923723)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923980 DisplayName = Security Update for Windows XP (KB923980)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924191 DisplayName = Security Update for Windows XP (KB924191)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924270 DisplayName = Security Update for Windows XP (KB924270)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924496 DisplayName = Security Update for Windows XP (KB924496)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924667 DisplayName = Security Update for Windows XP (KB924667)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64 DisplayName = Security Update for Windows Media Player 6.4 (KB925398)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925454 DisplayName = Security Update for Windows XP (KB925454)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925486 DisplayName = Security Update for Windows XP (KB925486)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925902 DisplayName = Security Update for Windows XP (KB925902)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB926255 DisplayName = Security Update for Windows XP (KB926255)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB926436 DisplayName = Security Update for Windows XP (KB926436)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB927779 DisplayName = Security Update for Windows XP (KB927779)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB927802 DisplayName = Security Update for Windows XP (KB927802)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB927891 DisplayName = Update for Windows XP (KB927891)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB928090 DisplayName = Security Update for Windows XP (KB928090)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB928255 DisplayName = Security Update for Windows XP (KB928255)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB928843 DisplayName = Security Update for Windows XP (KB928843)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB929338 DisplayName = Update for Windows XP (KB929338)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB929969 DisplayName = Security Update for Windows XP (KB929969)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB930178 DisplayName = Security Update for Windows XP (KB930178)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB930916 DisplayName = Update for Windows XP (KB930916)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931261 DisplayName = Security Update for Windows XP (KB931261)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931768 DisplayName = Security Update for Windows XP (KB931768)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931784 DisplayName = Security Update for Windows XP (KB931784)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931836 DisplayName = Update for Windows XP (KB931836)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB932168 DisplayName = Security Update for Windows XP (KB932168)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Macromedia Shockwave Player DisplayName = Macromedia Shockwave Player
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Mcafee.com SecurityCenter DisplayName = McAfee.com SecurityCenter
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (2.0.0.6) DisplayName = Mozilla Firefox (2.0.0.6) InstallLocation = C:\Program Files\Mozilla Firefox
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MsJavaVM
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MUSICMATCH Jukebox DisplayName = MUSICMATCH Jukebox
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Network Play System (Patching) DisplayName = Network Play System (Patching)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Display Driver DisplayName = NVIDIA Display Driver
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers DisplayName = NVIDIA Drivers
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Pop-Up Stopper Free Edition DisplayName = Pop-Up Stopper Free Edition
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\RealJukebox 1.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 6.0 DisplayName = RealOne Player
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave DisplayName = Shockwave
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash DisplayName = Adobe Flash Player 9 ActiveX
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Live!
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Live!Windows Drivers
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Spybot - Search & Destroy_is1 DisplayName = Spybot - Search & Destroy 1.4 InstallLocation = C:\Program Files\Spybot - Search & Destroy\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\VirusScan Online DisplayName = McAfee.com VirusScan Online
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify DisplayName = Windows Genuine Advantage Notifications (KB905474)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDA DisplayName = WildTangent Web Driver
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack DisplayName = Windows XP Service Pack 2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Works2003Setup DisplayName = Microsoft Works 2003 Setup Launcher
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\World of Warcraft DisplayName = World of Warcraft
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion DisplayName = Yahoo! Companion
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{00D75502-D65A-4056-889C-589AF79F1F42} DisplayName = 2170_Help InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{01501EBA-EC35-4F9F-8889-3BE346E5DA13} DisplayName = MSXML4 Parser InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{01F9D88C-3C86-4E82-840A-101A3221F67A} DisplayName = Microsoft Money 2003 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{02B42D23-10F2-4862-ADA4-3DF1EA0021B2} DisplayName = Microsoft Money 2003 System Pack InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{03410014-3975-4267-9F39-1DC4745090B7} DisplayName = Microsoft Encarta Encyclopedia Standard 2003 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{08094E03-AFE4-4853-9D31-6D0743DF5328} DisplayName = QuickTime InstallLocation = C:\Program Files\QuickTime\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{0FABD3D7-3036-4e78-B29D-58957ADB0A12} DisplayName = HP PSC & OfficeJet 3.5
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{11B569C2-4BF6-4ED0-9D17-A4273943CB24} DisplayName = Adobe Photoshop Album 2.0 Starter Edition InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{11F1920A-56A2-4642-B6E0-3B31A12C9288} DisplayName = Dell Solution Center InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{12BDDF23-B1DB-49C8-92D3-3E6841CCED61} DisplayName = Microsoft Streets and Trips 2002 InstallLocation = C:\Program Files\Microsoft Streets & Trips\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{133CD5EF-A4A1-442a-8D50-910B5DEF76BD} DisplayName = 4200_Help InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{151C555A-A9E7-4A2E-B6D7-165D04A3C956} DisplayName = Dell Picture Studio - Dell Image Expert InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{18D10072035C4515918F7E37EAFAACFC} DisplayName = AutoUpdate InstallLocation = C:\Program Files\DivX
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54} DisplayName = DocProc InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{24C8FBF7-26C6-48ca-834B-A4E5C09E362F} DisplayName = AiO_Scan InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{257EC58E-03FD-472B-A9B6-93F23A3C4CB0} DisplayName = Scan InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0} DisplayName = SkinsHP1 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D} DisplayName = AIOMinimal InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{34611BCF-3157-405b-A34E-879C7DC79142} DisplayName = 4200 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} DisplayName = WebFldrs XP InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{369B36BE-3D64-4641-9AEA-808D436FE132} DisplayName = Microsoft Picture It! Photo 7.0 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{37477865-A3F1-4772-AD43-AAFC6BCFF99F} DisplayName = MSXML 4.0 SP2 (KB927978) InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF} DisplayName = HPSystemDiagnostics InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF} DisplayName = NetWaiting InstallLocation = C:\Program Files\NetWaiting
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{415B8A4E-0EA2-4C69-975C-EEE07B837FD7} DisplayName = Unload InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{435E969D-867E-4364-8E74-3DC8A69C5BDB}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{48242276-DB89-42e8-9678-BD4280D7B99A} DisplayName = Copy InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF} DisplayName = Banctec Service Agreement InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{4C0616A4-B322-430f-9937-8905A2C1E2B2} DisplayName = 2170Tour InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{51F5239C-197B-11D6-9BAF-0090271AF8A4}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{553E56C3-7AA1-45FE-A2FC-2C43DC27F765} DisplayName = iTunes InstallLocation = C:\Program Files\iTunes\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{57C7C46A-D35D-492d-A328-4F8C9B5B4B52} DisplayName = PrintScreen InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{609F7AC8-C510-11D4-A788-009027ABA5D0} DisplayName = Easy CD Creator 5 Basic InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{62369F2F77534556AEF4C58152E3BDE5}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{63D56251-8C3A-4159-89D0-6D8444D0DA1B} DisplayName = 2170 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{63F2408D-A675-4d97-A256-70EACB6B9B4A} DisplayName = AiOSoftware InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{64116298-93C5-401D-B06C-39D8E3338508} DisplayName = DAO InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{68A2A8FC-2CA0-4b6c-BE09-CC7ABE2A8DDC} DisplayName = 4200Trb InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{723C033E-63EA-4227-BAB2-0AA8693C16EB} DisplayName = Director InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{745A92AF-53B4-41A7-91C3-9B026B1D5897} DisplayName = InstantShare InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84} DisplayName = Microsoft Works 7.0 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{766273C1-A39B-47EB-ACE8-DEBDD8094BCC} DisplayName = overland InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{77F6F594-BA5E-4ECC-8798-7C1087F4C11D} DisplayName = Reel Deal Casino - Shuffle Master Edition InstallLocation = C:\Program Files\Phantom EFX\Reel Deal Casino - Shuffle Master Edition
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{789289CA-F73A-4A16-A331-54D498CE069F} DisplayName = Ventrilo Client InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2} DisplayName = DivX Codec InstallLocation = C:\Program Files\DivX
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{7EE9DE0D-9228-4C33-B80E-FDD1773600DF} DisplayName = Microsoft Works Suite Add-in for Microsoft Word InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF} DisplayName = Modem Helper
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{81DD5688-695A-4c1d-AE7D-368BF857725A} DisplayName = TrayApp InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{821DABD6-26F2-49E5-AE55-40A589ADBE6D} DisplayName = Emperor: Rise of the Middle Kingdom
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8777AC6D-89F9-4793-8266-DE406F343E89} DisplayName = QFolder InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8851E12C-0EF9-11D4-A788-009027ABA5D0}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{89EE857B-8970-4F9F-AB58-A1C873AC72B3} DisplayName = Broadcom Management Programs InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20} DisplayName = Intel(R) Extreme Graphics Driver
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8ADFC4160D694100B5B8A22DE9DCABD9}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{90110409-6000-11D3-8CFE-0050048383C9} DisplayName = Microsoft Office XP Professional InstallLocation = INSTALLLOCATION
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{90D55A3F-1D99-4C94-A77E-46DC14F0BF08} DisplayName = Help and Support Customization InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{911B0409-6000-11D3-8CFE-0050048383C9} DisplayName = Microsoft Word 2002 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{962E05CF-3394-496D-0091-850CF1762F6B} DisplayName = The Battle for Middle-earth (tm)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD} DisplayName = Sound Blaster Live!
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{9A0DCD97-9648-45ed-A52C-133C728AB2FF} DisplayName = 4200Tour InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{9B03C535-3AEA-4ef2-B326-0A01A2207034} DisplayName = CreativeProjects InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{9D98F245-3010-43C6-B3B0-67A464DA298E} DisplayName = ELNKInst InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{A2500497-FD32-493e-B8E5-28D6728DBEF5} DisplayName = Readme InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{A260B422-70E1-41E2-957D-F76FA21266D5} DisplayName = Apple Software Update InstallLocation = C:\Program Files\Apple Software Update\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB838C-A1A7-4C5D-B7E1-8B4314600137} DisplayName = MSN Messenger 6.2 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB83 |
|
CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX
·RoadRunner Cable
| That doesn't show me anything unusual...
Let's look at this in a little different way.. (I am suspecting this is a false positive on Spyhunter's part)
Download combofix from one of these two locations:
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall!!
--
da Cajun Darn I hate Malware |
|
mommy1
join:2007-08-07
Prescott, WI
| ComboFix 07-08-07.5 - "Karima Newton" 2007-08-07 8:49:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.561 [GMT -5:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\drivers\fad.sys
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))
2007-08-07 08:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 07:39 d-------- C:\VundoFix Backups
2007-08-07 01:58 d-------- C:\Deckard
2007-08-07 01:35 d-------- C:\Program Files\Trend Micro
2007-08-07 01:21 d--h----- C:\WINDOWS\PIF
2007-08-07 00:37 d-------- C:\Program Files\Crawler
2007-08-07 00:36 d-------- C:\Program Files\Spyware Terminator
2007-08-07 00:25 d-------- C:\Program Files\XoftSpySE
2007-08-07 00:04 d-------- C:\Program Files\Enigma Software Group
2007-08-05 12:02 1,164,456 --a------ C:\install_flash_player.exe
2007-08-04 11:39 6,018,096 --a------ C:\Firefox Setup 2.0.0.6.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-02 00:18 --------- d-------- C:\Program Files\World of Warcraft
2007-06-22 20:00 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-22 20:00 --------- d-------- C:\Program Files\Phantom EFX
2007-06-13 21:35 --------- d-------- C:\Program Files\iTunes
2007-06-13 21:35 --------- d-------- C:\Program Files\iPod
2007-06-13 21:34 --------- d-------- C:\Program Files\QuickTime
2007-06-13 21:33 --------- d-------- C:\Program Files\Apple Software Update
2005-02-22 18:59 57360 --a------ C:\DOCUME~1\KARIMA~1\APPLIC~1\GDIPFONTCACHEV1.DAT
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"MCAgentExe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2002-09-06 18:15]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [2002-09-04 10:28]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-08-27 16:13]
"nwiz"="nwiz.exe" [2005-12-10 04:06 C:\WINDOWS\SYSTEM32\nwiz.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 07:21]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-28 20:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-07 01:08]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:06]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 19:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
C:\Documents and Settings\Karima Newton\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 09:00:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
DESKTOP.INI [2002-09-03 09:00:00]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\program files\mcafee.com\vso\mcvsshld.exe
R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 MxlW2k;MxlW2k;C:\WINDOWS\system32\drivers\MxlW2k.sys
R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
R3 P16X;Creative SB Live! Series (WDM);C:\WINDOWS\system32\drivers\P16X.sys
S1 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
S3 bDMusicb;bDMusicb;\??\C:\DOCUME~1\KARIMA~1\LOCALS~1\Temp\bDMusicb.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 FileObjInfo;STFileDriver;\??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys
S3 iAimFP0;iAimFP0;C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
S3 iAimFP1;iAimFP1;C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
S3 iAimFP2;iAimFP2;C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
S3 iAimFP3;iAimFP3;C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
S3 iAimFP4;iAimFP4;C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
S3 iAimTV0;iAimTV0;C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
S3 iAimTV1;iAimTV1;C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
S3 iAimTV2;iAimTV2;C:\WINDOWS\system32\DRIVERS\wATV03nt.sys
S3 iAimTV3;iAimTV3;C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
S3 iAimTV4;iAimTV4;C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e7265f4-8f61-11da-b810-000bdbb684ac}]
AutoRun\command- F:\JDSecure\Windows\JDSecure31.exe
Contents of the 'Scheduled Tasks' folder
2007-08-07 11:04:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-09-30 18:45:16 C:\WINDOWS\Tasks\ISP signup reminder 1.job - C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
2007-08-04 01:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (KARIMA-Karima Newton).job - c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
2005-09-30 18:47:39 C:\WINDOWS\Tasks\McAfee.com Update Check (D1FWD531-Karima Newton).job - C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
2007-08-07 13:55:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D1FWD531-Owner).job - C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
2007-08-07 13:54:22 C:\WINDOWS\Tasks\McAfee.com Update Check (KARIMA-Karima Newton).job - C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2007-08-07 08:54:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000079
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-07 8:56:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-07 08:56
--- E O F ---
================================
HJT Scan Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:23 AM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - »us.dl1.yimg.com/download.yahoo.c···0401.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - »www.fileplanet.com/fpdlmgr/cabs/···0_44.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - »zone.msn.com/bingame/rock/defaul···der1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···ient.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - »download.games.yahoo.com/games/p···r_v5.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - »fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - »messenger.zone.msn.com/binary/So···down.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Karima%20Newton/Desktop/pics/P9230099.JPG
--
End of file - 7302 bytes |
|
mommy1
join:2007-08-07
Prescott, WI
| Since you don't see any signs of Vundo here, is there any other type of infection on my computer? Whenever I run Spybot (which is about every other day) A Better Internet always shows up in the log. I delete it but it just keeps reoccurring.
Thank you for all your patience and help. As you can tell, I am not completely savvy when it comes to computer. |
|
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Apologies for intruding in the topic, but I'd just like to point out that SpyHunter was previously listed on the Rogue Antispyware list, and that while it's been delisted, it's still not a product that would necessarily be recommended with so many other excellent competing options:
Here's the link to the note on Enigma SpyHunter:
»spywarewarrior.com/rogue_anti-sp···#sh_note
--
Proud ASAP member since 2005 |
|
CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX
·RoadRunner Cable
| said by TheJoker  :Apologies for intruding in the topic, but I'd just like to point out that SpyHunter was previously listed on the Rogue Antispyware list, and that while it's been delisted, it's still not a product that would necessarily be recommended with so many other excellent competing options: Here's the link to the note on Enigma SpyHunter: » spywarewarrior.com/rogue_anti-sp···#sh_note No problem TheJoker , I was going to point that out as well.. You merely beat me to it.. 
--
da Cajun Darn I hate Malware |
|
CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX | reply to mommy1
I don't see any signs of any infection here.. You do appear to have bot Mcafee and AVG running... I suggest you dump one of them.. Two AVs don't go well together...
--
da Cajun Darn I hate Malware |
|
mommy1
join:2007-08-07
Prescott, WI
1 edit | I have read the link listed in regards to SpyHunter. I have since removed it from my computer. When I ran my SpyBot it picked it up. Go figure! I deleted it and rebooted the computer, rescanned, and it's gone.
Do I need to worry about it transmitting any of my information or leaving anything on my computer? I see that it says that it "may transmit my Windows ID". That is beginning to worry me.
As far as McAfee, I have the Virus Scan Disabled. |
|
CajunTek
Insane Cajun
Premium,MVM
join:2003-08-08
Arlington, TX
·RoadRunner Cable
| It's still running as a service:
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
The latest versions of Mcafee are difficult to disable...
--
da Cajun Darn I hate Malware |
|
