raju420 Posted June 18, 2005 Report Share Posted June 18, 2005 Log Contents provided by Enigma Software Group, Inc.###########################Runnning Processes DATA###########################processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = bd7fb0957c716f1a60333aee04de2178processName = CSRSS.EXE File Size = 6144 File Path = \??\C:\WINDOWS\system32\csrss.exe ModuleMD5 = f12b178b1678d778cfd3ff1fc38c71fbprocessName = WINLOGON.EXE File Size = 502272 File Path = \??\C:\WINDOWS\system32\winlogon.exe ModuleMD5 = 01c3346c241652f43aed8e2149881bfeprocessName = SERVICES.EXE File Size = 108032 File Path = C:\WINDOWS\system32\services.exe ModuleMD5 = c6ce6eec82f187615d1002bb3bb50ed4processName = LSASS.EXE File Size = 13312 File Path = C:\WINDOWS\system32\lsass.exe ModuleMD5 = 84885f9b82f4d55c6146ebf6065d75d2processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716processName = SPOOLSV.EXE File Size = 57856 File Path = C:\WINDOWS\system32\spoolsv.exe ModuleMD5 = 7435b108b935e42ea92ca94f59c8e717processName = AOLACSD.EXE File Size = 10328 File Path = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe ModuleMD5 = aa2770fd967dab91a597619c4eadc0c9processName = AOLTSMON.EXE File Size = 100016 File Path = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe ModuleMD5 = 7fb54900aa9792ab6307c699ec1859d4processName = MCVSRTE.EXE File Size = 106496 File Path = c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe ModuleMD5 = b1e94b3ed8af23aebbc2ccfccadba104processName = AOLTPSPD.EXE File Size = 46768 File Path = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe ModuleMD5 = caf7c2fddadf73a02ac84c6fb6030bbfprocessName = NVSVC32.EXE File Size = 127043 File Path = C:\WINDOWS\System32\nvsvc32.exe ModuleMD5 = 190bf982638e4a0c98b334a39e50fb9fprocessName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716processName = WDFMGR.EXE File Size = 38912 File Path = C:\WINDOWS\System32\wdfmgr.exe ModuleMD5 = c81b8635dee0d3ef5f64b3dd643023a5processName = WANMPSVC.EXE File Size = 65536 File Path = C:\WINDOWS\wanmpsvc.exe ModuleMD5 = eb9a99ab5d17b1727034ff191e6448d7processName = MCSHIELD.EXE File Size = 225375 File Path = c:\PROGRA~1\mcafee.com\vso\mcshield.exe ModuleMD5 = 97addee4dc70929a8b482a7ae7842920processName = EXPLORER.EXE File Size = 1032192 File Path = C:\WINDOWS\Explorer.EXE ModuleMD5 = a0732187050030ae399b241436565e64processName = WEBTRAPNT.EXE File Size = 235520 File Path = C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe ModuleMD5 = 83c9b8c07e76527d3ccb5b5ee2102102processName = LVCOMS.EXE File Size = 127022 File Path = C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE ModuleMD5 = 574b0c1a95d1ea0fba1ca700ce83e7b9processName = VIEWMGR.EXE File Size = 102400 File Path = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe ModuleMD5 = c79b15fc2c988fadf01a5b7924e81f17processName = AOLDIAL.EXE File Size = 34904 File Path = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe ModuleMD5 = 25d2aa5a7ca01db369a39149a1ab2f30processName = AOLSP SCHEDULER.EXE File Size = 83544 File Path = C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe ModuleMD5 = 683ac55a121782ae51217bae986fc645processName = AOLHOSTMANAGER.EXE File Size = 125528 File Path = C:\PROGRA~1\COMMON~1\AOL\109836~1\EE\AOLHOS~1.EXE ModuleMD5 = 2e6ed35c3e2374bc63c8b91b90da72e2processName = MCVSSHLD.EXE File Size = 163840 File Path = C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe ModuleMD5 = 3fe1e841ed8483f7a75a1e86f6fc2216processName = MCAGENT.EXE File Size = 245760 File Path = C:\PROGRA~1\mcafee.com\agent\mcagent.exe ModuleMD5 = c281cb23dddfe24464652bb52ddc61a5processName = TYPE32.EXE File Size = 172032 File Path = C:\Program Files\Microsoft IntelliType Pro\type32.exe ModuleMD5 = 05e10c2c3736e52fe33d16d2f9c73c04processName = MSMSGS.EXE File Size = 1587512 File Path = C:\Program Files\Messenger\msmsgs.exe ModuleMD5 = e8d8be207abc2dfdfe5d234b72578288processName = MCVSESCN.EXE File Size = 417849 File Path = c:\progra~1\mcafee.com\vso\mcvsescn.exe ModuleMD5 = c87ccfac151da6d88f50608f2e3c8dc2processName = WCESCOMM.EXE File Size = 413775 File Path = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE ModuleMD5 = e729abbad56fe6a7142abbe1743c80bbprocessName = WMIPRVSE.EXE File Size = 218112 File Path = C:\WINDOWS\System32\wbem\wmiprvse.exe ModuleMD5 = 075ea6c849ab0fe416a3d6dd65c3cf41processName = MCVSFTSN.EXE File Size = 221184 File Path = c:\progra~1\mcafee.com\vso\mcvsftsn.exe ModuleMD5 = fe1642c18909cd2fbde080ce4d7747e1processName = SPYHUNTER.EXE File Size = 2736128 File Path = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 06bbcd842c1cd671245815eeb9c70254processName = FIREFOX.EXE File Size = 6631012 File Path = C:\Program Files\Mozilla Firefox\firefox.exe ModuleMD5 = 4abe7358afa12d5f0c7f293c642eb66cprocessName = CALC.EXE File Size = 114688 File Path = C:\WINDOWS\system32\calc.exe ModuleMD5 = 829e4805b0e12b383ee09abdc9e2dc3c###########################REGISTRY MD5 DATA###########################<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>Name=NvCplDaemon Data=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup FileSize = 4620288 MD5=70342bc15208b68242241fb0f22468fcName=Pop3trap.exe Data="C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe" FileSize = MD5=********************************Name=WebTrapNT.exe Data="C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe" FileSize = 235520 MD5=83c9b8c07e76527d3ccb5b5ee2102102Name=ZTgServerSwitch Data=c:\program files\support.com\client\bin\tgcmd.exe /server FileSize = 1409024 MD5=0e9f0bb2d8f4d4b20fbfc9e9e24ac168Name=NeroCheck Data=C:\WINDOWS\system32\NeroCheck.exe FileSize = 155648 MD5=748393eee2e85357567df4ad30d86397Name=AdaptecDirectCD Data=C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe FileSize = 675840 MD5=b5722843facfb94ee3eedae68aeefc52Name=LVCOMS Data=C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE FileSize = 127022 MD5=574b0c1a95d1ea0fba1ca700ce83e7b9Name=iPodManager Data=C:\Program Files\iPod\bin\iPodManager.exe FileSize = 245760 MD5=c2f8589dbbdc607ca61941da54df2849Name=ViewMgr Data=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe FileSize = 102400 MD5=c79b15fc2c988fadf01a5b7924e81f17Name=KRVVXIo90 Data=C:\documents and settings\raju\local settings\temp\KRVVXIo90.exe FileSize = MD5=********************************Name=AOLDialer Data=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe FileSize = 34904 MD5=25d2aa5a7ca01db369a39149a1ab2f30Name=HostManager Data=C:\Program Files\Common Files\AOL\1098366343\EE\AOLHostManager.exe FileSize = 125528 MD5=2e6ed35c3e2374bc63c8b91b90da72e2Name=TkBellExe Data="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot FileSize = 180269 MD5=b8e684df9a97497edd2f87444a6307fbName=22696349ddbc Data=C:\WINDOWS\System32\LVUI2RC3.exe FileSize = MD5=********************************Name=AOL Spyware Protection Data="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" FileSize = 83544 MD5=683ac55a121782ae51217bae986fc645Name=nwiz Data=nwiz.exe /install FileSize = 921600 MD5=Name=NvMediaCenter Data=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit FileSize = 86016 MD5=ca342993cf9b669fa62cc23fdb04d6e6Name=QuickTime Task Data="C:\Program Files\QuickTime\qttask.exe" -atboottime FileSize = 98304 MD5=76a3a30b58405c2c6d833895253a51a9Name=EleFunAnimatedWallpaper Data="C:\Program Files\EleFun Multimedia\Amazing Waterfall Wallpaper\Amazing Waterfall.exe" FileSize = MD5=********************************Name=o73V3tW Data=icaxch35.exe FileSize = MD5=Name=SunJavaUpdateSched Data=C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe FileSize = 36975 MD5=1f6573d67dd5dc06dd29ec7fcf81dc6fName=VSOCheckTask Data="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask FileSize = 122880 MD5=90cf41e5d4e8d3a88d8630da5c3b7a3aName=VirusScan Online Data="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" FileSize = 163840 MD5=3fe1e841ed8483f7a75a1e86f6fc2216Name=MCAgentExe Data=c:\PROGRA~1\mcafee.com\agent\mcagent.exe FileSize = 245760 MD5=c281cb23dddfe24464652bb52ddc61a5Name=MCUpdateExe Data=C:\PROGRA~1\mcafee.com\agent\mcupdate.exe FileSize = 180224 MD5=27385955e28e1e08461a1cc5c95d1da8Name=New.net Startup Data=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s FileSize = 229376 MD5=b8d2ea737777a3313a3b6fa5251fdc72Name=type32 Data="C:\Program Files\Microsoft IntelliType Pro\type32.exe" FileSize = 172032 MD5=05e10c2c3736e52fe33d16d2f9c73c04Name=IntelliPoint Data="C:\Program Files\Microsoft IntelliPoint\point32.exe" FileSize = 204800 MD5=d6c9858536249e31a5e9a1a4f3a08113Name=SpyHunter Data=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe -scan FileSize = 2736128 MD5=06bbcd842c1cd671245815eeb9c70254<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX><HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE><HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>Name=MSMSGS Data="C:\Program Files\Messenger\msmsgs.exe" /background FileSize = 1587512 MD5=e8d8be207abc2dfdfe5d234b72578288Name=LDM Data=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe FileSize = MD5=********************************Name=Yahoo! Pager Data=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet FileSize = 2502656 MD5=c4f15909d8eacbfd7ab5ef8bc992d735Name=kbdhu Data=C:\WINDOWS\System32\kbdhu.exe FileSize = MD5=********************************Name=Zws9Rja3Q Data=hypeui.exe FileSize = MD5=Name=H/PC Connection Agent Data="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" FileSize = 413775 MD5=e729abbad56fe6a7142abbe1743c80bbName=Google Desktop Search Data="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup FileSize = 118784 MD5=19259b032fa79275e385c35e1cf15c7f<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE><HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>Name=MSMSGS Data="C:\Program Files\Messenger\msmsgs.exe" /background FileSize = 1587512 MD5=e8d8be207abc2dfdfe5d234b72578288<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>#############################FILE MD5 DATA#############################<C:\Documents and Settings\raju\Start Menu\Programs\Startup>File Path = C:\Documents and Settings\raju\Start Menu\Programs\Startup\desktop.ini File Size = 4096 md5=d6a6856702e3f0953e7246a9b4a9fe35File Path = C:\Documents and Settings\raju\Start Menu\Programs\Startup\Konfabulator.lnk File Size = 4096 md5=f91ebc2a9a7f6baf0e3ad5b90cf01aa0#############################SERVICES DATA#############################Service Name = AOL ACS Service Display Name = AOL Connectivity Service Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" Binary Size = 0 Binary MD5 = Service Name = AOL TopSpeedMonitor Service Display Name = AOL TopSpeed Monitor Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe Binary Size = 100016 Binary MD5 = 7fb54900aa9792ab6307c699ec1859d4 Service Name = AudioSrv Service Display Name = Windows Audio Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Browser Service Display Name = Computer Browser Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = CryptSvc Service Display Name = Cryptographic Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = DcomLaunch Service Display Name = DCOM Server Process Launcher Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k DcomLaunch Binary Size = 0 Binary MD5 = Service Name = Dhcp Service Display Name = DHCP Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Dnscache Service Display Name = DNS Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k NetworkService Binary Size = 0 Binary MD5 = Service Name = ERSvc Service Display Name = Error Reporting Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Eventlog Service Display Name = Event Log Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4 Service Name = EventSystem Service Display Name = COM+ Event System Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = FastUserSwitchingCompatibility Service Display Name = Fast User Switching Compatibility Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = helpsvc Service Display Name = Help and Support Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = lanmanserver Service Display Name = Server Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = lanmanworkstation Service Display Name = Workstation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = LmHosts Service Display Name = TCP/IP NetBIOS Helper Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 = Service Name = McShield Service Display Name = McAfee.com McShield Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 3 Service Error Control = 1 Service Binary Path = c:\PROGRA~1\mcafee.com\vso\mcshield.exe Binary Size = 225375 Binary MD5 = 97addee4dc70929a8b482a7ae7842920 Service Name = MCVSRte Service Display Name = McAfee.com VirusScan Online Realtime Engine Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding Binary Size = 0 Binary MD5 = Service Name = Netman Service Display Name = Network Connections Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Nla Service Display Name = Network Location Awareness (NLA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = NVSvc Service Display Name = NVIDIA Display Driver Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\nvsvc32.exe Binary Size = 127043 Binary MD5 = 190bf982638e4a0c98b334a39e50fb9f Service Name = PlugPlay Service Display Name = Plug and Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4 Service Name = PolicyAgent Service Display Name = IPSEC Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2 Service Name = ProtectedStorage Service Display Name = Protected Storage Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2 Service Name = RasMan Service Display Name = Remote Access Connection Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = RpcSs Service Display Name = Remote Procedure Call (RPC) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k rpcss Binary Size = 0 Binary MD5 = Service Name = SamSs Service Display Name = Security Accounts Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2 Service Name = Schedule Service Display Name = Task Scheduler Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = seclogon Service Display Name = Secondary Logon Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = SENS Service Display Name = System Event Notification Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = SharedAccess Service Display Name = Windows Firewall/Internet Connection Sharing (ICS) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = ShellHWDetection Service Display Name = Shell Hardware Detection Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Spooler Service Display Name = Print Spooler Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\spoolsv.exe Binary Size = 57856 Binary MD5 = 7435b108b935e42ea92ca94f59c8e717 Service Name = srservice Service Display Name = System Restore Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = SSDPSRV Service Display Name = SSDP Discovery Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 = Service Name = stisvc Service Display Name = Windows Image Acquisition (WIA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k imgsvc Binary Size = 0 Binary MD5 = Service Name = TapiSrv Service Display Name = Telephony Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = TermService Service Display Name = Terminal Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost -k DComLaunch Binary Size = 0 Binary MD5 = Service Name = Themes Service Display Name = Themes Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = TrkWks Service Display Name = Distributed Link Tracking Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = UMWdf Service Display Name = Windows User Mode Driver Framework Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\wdfmgr.exe Binary Size = 38912 Binary MD5 = c81b8635dee0d3ef5f64b3dd643023a5 Service Name = W32Time Service Display Name = Windows Time Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = WANMiniportService Service Display Name = WAN Miniport (ATW) Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\WINDOWS\wanmpsvc.exe" Binary Size = 0 Binary MD5 = Service Name = WebClient Service Display Name = WebClient Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 = Service Name = winmgmt Service Display Name = Windows Management Instrumentation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = wscsvc Service Display Name = Security Center Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = wuauserv Service Display Name = Automatic Updates Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = WZCSVC Service Display Name = Wireless Zero Configuration Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = #############################WINLOGON DATA#############################<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY>Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Filepath = C:\WINDOWS\system32\crypt32.dll File Size = 597504 File MD5 = efc958396a7a7ef7e6d4a52b97512e18 Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Filepath = C:\WINDOWS\system32\cryptnet.dll File Size = 63488 File MD5 = cad4aa32e7eca00c23cc39c0eb833f9d Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll Filepath = C:\WINDOWS\system32\cscdll.dll File Size = 101888 File MD5 = 587729679b4fe04ce06a5c61d6c56dcd Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify Filepath = C:\WINDOWS\system32\PCANotify.dll File Size = 24638 File MD5 = ae57975eea47836e9f8fa32f3ca5b9c6 Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Filepath = C:\WINDOWS\system32\sclgntfy.dll File Size = 20992 File MD5 = d636fa41e50671160d838ea2dace3330 Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn Filepath = C:\WINDOWS\system32\WlNotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e ##########################BROWSER ADD-ON DATA##########################<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar>CLSID = {2318C2B1-4965-11d4-9B18-009027A5CD4F} FilePath = c:\program files\google\googletoolbar2.dll File Size = 720896 File MD5 = d4e9b7b696e8c40a0e5cb76621a03ee4 Description = 0CLSID = {4982D40A-C53B-4615-B15B-B5B5E98D167C} FilePath = C:\Program Files\AOL Toolbar\toolbar.dll File Size = 472744 File MD5 = 95257b40ab3cae430e08d1d89787a000 Description = 0CLSID = {BA52B914-B692-46c4-B683-905236F6F655} FilePath = c:\progra~1\mcafee.com\vso\mcvsshl.dll File Size = 114743 File MD5 = e2dc87821730e985c4b71639242d58f6 Description = McAfee VirusScan<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars>CLSID = {4528BBE0-4E08-11D5-AD55-00010333D0AD} FilePath = File Size = 0 File MD5 = CLSID = {4D5C8C25-D075-11d0-B416-00C04FB90376} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a CLSID = {83B28A74-640D-48F4-9F51-E80EED7CC7E0} FilePath = C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll File Size = 214976 File MD5 = 431e3073b7165ea62a22f81f1ef1fce4 CLSID = {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} FilePath = C:\WINDOWS\System32\Shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars>CLSID = {32683183-48a0-441b-a342-7c2a440a9478} FilePath = File Size = 0 File MD5 = CLSID = {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} FilePath = C:\WINDOWS\system32\SHELL32.dll File Size = 8450048 File MD5 = 9833f278924d028414d7f89bfd4fc46b CLSID = {EFA24E61-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a CLSID = {EFA24E62-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a CLSID = {EFA24E64-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects>CLSID = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} FilePath = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File Size = 63136 File MD5 = 42729c3de75a7a51fc6f9ef6546c9199 CLSID = {AA58ED58-01DD-4d91-8333-CF10577473F7} FilePath = c:\program files\google\googletoolbar2.dll File Size = 720896 File MD5 = d4e9b7b696e8c40a0e5cb76621a03ee4 CLSID = {D714A94F-123A-45CC-8F03-040BCAF82AD6} FilePath = C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll File Size = 214976 File MD5 = 431e3073b7165ea62a22f81f1ef1fce4 <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions>CLSID = CmdMapping FilePath = File Size = 0 File MD5 = CLSID = {08B0E5C0-4FCB-11CF-AAA5-00401C608501} FilePath = C:\WINDOWS\System32\msjava.dll File Size = 947472 File MD5 = e75aa32c6b79c846f5314ca4da92f29e CLSID = {120E090D-9136-4b78-8258-F0B44B4BD2AC} FilePath = File Size = 0 File MD5 = CLSID = {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} FilePath = File Size = 0 File MD5 = CLSID = {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} FilePath = File Size = 0 File MD5 = CLSID = {3E230861-5C87-11D3-A1C6-00105A1B41B8} FilePath = File Size = 0 File MD5 = CLSID = {4982D40A-C53B-4615-B15B-B5B5E98D167C} FilePath = C:\Program Files\AOL Toolbar\toolbar.dll File Size = 472744 File MD5 = 95257b40ab3cae430e08d1d89787a000 CLSID = {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} FilePath = File Size = 0 File MD5 = CLSID = {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} FilePath = File Size = 0 File MD5 = CLSID = {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} FilePath = File Size = 0 File MD5 = CLSID = {FB5F1910-F110-11d2-BB9E-00C04F795683} FilePath = File Size = 0 File MD5 = <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions>CLSID = CmdMapping FilePath = File Size = 0 File MD5 = <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks>CLSID = {1C78AB3F-A857-482e-80C0-3A1E5238A565} FilePath = File Size = 0 File MD5 = Description = CLSID = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a Description = ##########################LSP CHAIN DATA##########################<HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS>Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Filepath = C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll File Size = 8704 File MD5 = 65c44c423f4f17189fcb181b65605ea8 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Filepath = C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll File Size = 8704 File MD5 = 65c44c423f4f17189fcb181b65605ea8 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Filepath = C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll File Size = 8704 File MD5 = 65c44c423f4f17189fcb181b65605ea8 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000029 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000030 Filepath = C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll File Size = 8704 File MD5 = 65c44c423f4f17189fcb181b65605ea8 ##########################UNINSTALL DATA##########################<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL>Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\4C36C8F0-AC58-47B2-B120-B2527AC907A8 DisplayName = Blackhawk Striker 2 from Shockwave.com (remove only) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ActiveTouchMeetingClient DisplayName = WebEx Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AdobeESD DisplayName = Adobe Download Manager 1.2 (Remove Only) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\America Online us DisplayName = America Online (Choose which version to remove) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL Connectivity Services DisplayName = AOL Connectivity Services Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL Deskbar DisplayName = AOL Deskbar Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL Instant Messenger DisplayName = AOL Instant Messenger Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL Spyware Protection DisplayName = AOL Spyware Protection Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL Toolbar DisplayName = AOL Toolbar Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL YGP Screensaver DisplayName = AOL You've Got Pictures Screensaver Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AolCoach DisplayName = AOL Coach Version 1.0(Build:20030807.3) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AolCoach2_en DisplayName = AOL Coach Version 2.0(Build:20041026.5 en) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Apache Tomcat 5.5 DisplayName = Apache Tomcat 5.5 (remove only) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Audiogalaxy Satellite DisplayName = Audiogalaxy Satellite Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AvantGo Client Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Bejeweled 2 Deluxe 1.0 DisplayName = Bejeweled 2 Deluxe 1.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\BitComet DisplayName = BitComet 1125_unstable Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent DisplayName = BitTorrent 3.4.2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Branding Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\BroadJump Client Foundation DisplayName = BroadJump Client Foundation Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\care2.xml DisplayName = Care2 Green Thumbs-Up Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CellView DisplayName = CellView Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Chameleon Mega Camera Driver DisplayName = Chameleon Mega Camera Driver Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ChequePointe POS Demo Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ConnectionManager DisplayName = BellSouth® FastAccess® Connection Manager Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Convert-It Group And Files DisplayName = Convert-It Group And Files Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Corel Applications DisplayName = Corel Applications Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CubicEye DisplayName = CubicEye Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CYBv360 DisplayName = Controlling Your Business 98 v3.60 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Dell Printer Software Uninstall DisplayName = Dell Printer Software Uninstall Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Discovering Art DisplayName = Discovering Art Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DiskMonitor DisplayName = DiskMonitor Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Donor Edge3.0 DisplayName = Donor Edge 1.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DVD Express A/V Pak DisplayName = DVDExpress Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\EssentialPIM DisplayName = EssentialPIM InstallLocation = C:\Program Files\EssentialPIM Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\expinst Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\EZface ActiveX DisplayName = EZface ActiveX 90 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ezlistng DisplayName = The Real Yellow Pages Live! v3.9.1 (ActiveX) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\FlightView Screensaver_is1 DisplayName = FlightView Screensaver 1.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Desktop DisplayName = Google Desktop Search Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Grand Master Chess DisplayName = Grand Master Chess Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\GunboundWC_is1 DisplayName = GunboundWC Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HomePage DisplayName = HomePage Utility Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HouseCall (for Netscape) DisplayName = HouseCall (for Netscape) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Icy Tower_is1 DisplayName = Icy Tower v1.2 (44kHz) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\iDEN Super Agent RSS DisplayName = iDEN Super Agent RSS Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\iDEN WebJAL Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEREADME Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2F8C106A-7DFC-45DE-8006-F9145AADF1D8} DisplayName = iPod Updater 2004-08-06 InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{720DAF8C-F9FD-4236-8EDD-75219B21E276} DisplayName = WriteExpress 3,001 Business & Sales Letters InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{ABB07BC7-1282-4895-9680-E77E574D8918} DisplayName = NetClient Formula InstallLocation = C:\Program Files\NetClient\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B9987754-9A14-4B61-ABB3-73A79503238D} DisplayName = iPod for Windows User Guide InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{D593BE84-013B-4221-B34C-B3767C408FAC} DisplayName = iPod for Windows InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4} DisplayName = iPod System Software Updater 2.0.1 InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\irdPrintDemoApp DisplayName = irdPrintDemoApp Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IrfanView DisplayName = IrfanView (remove only) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Java Web Start DisplayName = Java Web Start Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Kaboodle_is1 DisplayName = Kaboodle version 0.99d InstallLocation = C:\Program Files\Kaboodle\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB834707 DisplayName = Windows XP Hotfix - KB834707 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB867282 DisplayName = Windows XP Hotfix - KB867282 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873333 DisplayName = Windows XP Hotfix - KB873333 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 DisplayName = Windows XP Hotfix - KB873339 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB883939 DisplayName = Security Update for Windows XP (KB883939) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884016 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885250 DisplayName = Windows XP Hotfix - KB885250 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 DisplayName = Windows XP Hotfix - KB885835 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 DisplayName = Windows XP Hotfix - KB885836 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885884 DisplayName = Windows XP Hotfix - KB885884 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 DisplayName = Windows XP Hotfix - KB886185 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887742 DisplayName = Windows XP Hotfix - KB887742 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888113 DisplayName = Windows XP Hotfix - KB888113 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 DisplayName = Windows XP Hotfix - KB888302 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890046 DisplayName = Security Update for Windows XP (KB890046) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890047 DisplayName = Windows XP Hotfix - KB890047 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890175 DisplayName = Windows XP Hotfix - KB890175 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890859 DisplayName = Windows XP Hotfix - KB890859 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890923 DisplayName = Windows XP Hotfix - KB890923 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891781 DisplayName = Windows XP Hotfix - KB891781 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893066 DisplayName = Windows XP Hotfix - KB893066 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893086 DisplayName = Windows XP Hotfix - KB893086 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803 DisplayName = Windows Installer 3.1 (KB893803) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2 DisplayName = Windows Installer 3.1 (KB893803) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896358 DisplayName = Security Update for Windows XP (KB896358) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896422 DisplayName = Security Update for Windows XP (KB896422) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896428 DisplayName = Security Update for Windows XP (KB896428) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898458 DisplayName = Security Update for Step By Step Interactive Training (KB898458) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveReg DisplayName = LiveReg (Symantec Corporation) InstallLocation = C:\Program Files\Common Files\Symantec Shared\LiveReg Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate1.6 DisplayName = LiveUpdate 1.6 (Symantec Corporation) InstallLocation = C:\Program Files\Symantec\LiveUpdate Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Living Waterfalls II Wallpaper #1 DisplayName = Living Waterfalls II Wallpaper #1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\M886903 DisplayName = Microsoft .NET Framework 1.1 Hotfix (KB886903) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Macromedia Shockwave Player DisplayName = Macromedia Shockwave Player Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Matroska Pack DisplayName = Matroska Pack (remove only) InstallLocation = C:\Program Files\Matroska Pack Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Mcafee SecurityCenter DisplayName = McAfee SecurityCenter Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MDL Chime/Chime Pro for Internet Explorer DisplayName = MDL Chime/Chime Pro for Internet Explorer Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033) DisplayName = Microsoft .NET Framework 1.1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Mobile Application Link Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Motion JPEG Software Decoder DisplayName = Motion JPEG Software Decoder Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Motorola USB Modem Installation Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (1.0.4) DisplayName = Mozilla Firefox (1.0.4) InstallLocation = C:\Program Files\Mozilla Firefox Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MsJavaVM Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSN Music Assistant DisplayName = MSN Music Assistant Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Muse Names DisplayName = Muse Names Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Nero - Burning Rom!UninstallKey DisplayName = Nero - Burning Rom (Web installer) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NetPayPlus DisplayName = NetPay Plus Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Netscape (7.1) DisplayName = Netscape (7.1) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Netscape (7.2) DisplayName = Netscape (7.2) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\New.net Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NEWT Professional_is1 DisplayName = NEWT Professional 1.0.2045 InstallLocation = C:\Program Files\Komodo Digital\NEWT Pro\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NoAdware_is1 DisplayName = NoAdware v3.0 InstallLocation = C:\Program Files\NoAdware3\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers DisplayName = NVIDIA Drivers Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ot2CD13 DisplayName = Oregon Trail II Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Panorama DisplayName = Panorama Subkey Name = Softwa Link to post Share on other sites
raju420 Posted June 18, 2005 Author Report Share Posted June 18, 2005 Sorry wrong log, please help my browser is hijacked thanx.Logfile of HijackThis v1.99.1Scan saved at 12:49:35 AM, on 6/18/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exeC:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXEC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\PROGRA~1\COMMON~1\AOL\109836~1\EE\AOLHOS~1.EXEC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\Program Files\Messenger\msmsgs.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\Microsoft ActiveSync\WCESCOMM.EXEc:\progra~1\mcafee.com\vso\mcvsftsn.exeC:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\calc.exeC:\WINDOWS\notepad.exeC:\DOCUMENTS AND SETTINGS\RAJU\DESKTOP\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_idR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\raju\LOCALS~1\Temp\sp.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\raju\LOCALS~1\Temp\sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\raju\LOCALS~1\Temp\sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankR3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\raju\Application Data\Mozilla\Profiles\default\qe0z09me.slt\prefs.js)N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\raju\Application Data\Mozilla\Profiles\default\qe0z09me.slt\prefs.js)O1 - Hosts: 216.19.0.250 idenupdate.motorola.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /serverO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeO4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXEO4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exeO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [KRVVXIo90] C:\documents and settings\raju\local settings\temp\KRVVXIo90.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1098366343\EE\AOLHostManager.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [22696349ddbc] C:\WINDOWS\System32\LVUI2RC3.exeO4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"O4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [EleFunAnimatedWallpaper] "C:\Program Files\EleFun Multimedia\Amazing Waterfall Wallpaper\Amazing Waterfall.exe"O4 - HKLM\..\Run: [o73V3tW] icaxch35.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exeO4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -sO4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe -scanO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exeO4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [kbdhu] C:\WINDOWS\System32\kbdhu.exeO4 - HKCU\..\Run: [Zws9Rja3Q] hypeui.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exeO4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeO4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dllO9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dllO9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dllO9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXEO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXEO9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Hijacked Internet access by New.NetO12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .pdbgz: C:\Program Files\Internet Explorer\PLUGINS\npchime.dllO12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dllO16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cabO16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbin...o-ob-assets.cabO16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cabO16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet/mahjong/ma...g-ob-assets.cabO16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.5.21/fl...r-ob-assets.cabO16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cabO16 - DPF: SEAGULL J Walk Java Client 3_1C14 - http://151.198.171.142/jwalk/jwalk_ie.cabO16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtn_x.cabO16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cabO16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cabO16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cabO16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cabO16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cabO16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cabO16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cabO16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cabO16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cabO16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cabO16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cabO16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cabO16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cabO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exeO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cabO16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107405303734O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp...23/cpbrkpie.cabO16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v48/haunted/haunted.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cabO16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) - O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cabO16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://wc.wachovia.com/Common/cab/ikcntrls.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{5621EF23-CD3C-40D6-B54A-1F39C7EAB767}: NameServer = 205.152.37.23 205.152.144.23O18 - Filter: text/plain - {F05E4E7B-A73A-4D25-B3F8-CDE0CF8C8CFD} - (no file)O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeO23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exeO23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Link to post Share on other sites
Excal Posted June 29, 2005 Report Share Posted June 29, 2005 Hi raju420 and welcome to Best Techie My name is Excal and I will be helping you.If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.If you have resolved this issue please let us know. Excal Link to post Share on other sites
Recommended Posts