Recommended Posts

Log Contents provided by Enigma Software Group, Inc.

###########################Runnning Processes DATA###########################

processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = bd7fb0957c716f1a60333aee04de2178

processName = CSRSS.EXE File Size = 6144 File Path = \??\C:\WINDOWS\system32\csrss.exe ModuleMD5 = f12b178b1678d778cfd3ff1fc38c71fb

processName = WINLOGON.EXE File Size = 502272 File Path = \??\C:\WINDOWS\system32\winlogon.exe ModuleMD5 = 01c3346c241652f43aed8e2149881bfe

processName = SERVICES.EXE File Size = 108032 File Path = C:\WINDOWS\system32\services.exe ModuleMD5 = c6ce6eec82f187615d1002bb3bb50ed4

processName = LSASS.EXE File Size = 13312 File Path = C:\WINDOWS\system32\lsass.exe ModuleMD5 = 84885f9b82f4d55c6146ebf6065d75d2

processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716

processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716

processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716

processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716

processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716

processName = SPOOLSV.EXE File Size = 57856 File Path = C:\WINDOWS\system32\spoolsv.exe ModuleMD5 = 7435b108b935e42ea92ca94f59c8e717

processName = AOLACSD.EXE File Size = 10328 File Path = C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe ModuleMD5 = aa2770fd967dab91a597619c4eadc0c9

processName = AOLTSMON.EXE File Size = 100016 File Path = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe ModuleMD5 = 7fb54900aa9792ab6307c699ec1859d4

processName = MCVSRTE.EXE File Size = 106496 File Path = c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe ModuleMD5 = b1e94b3ed8af23aebbc2ccfccadba104

processName = AOLTPSPD.EXE File Size = 46768 File Path = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe ModuleMD5 = caf7c2fddadf73a02ac84c6fb6030bbf

processName = NVSVC32.EXE File Size = 127043 File Path = C:\WINDOWS\System32\nvsvc32.exe ModuleMD5 = 190bf982638e4a0c98b334a39e50fb9f

processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716

processName = WDFMGR.EXE File Size = 38912 File Path = C:\WINDOWS\System32\wdfmgr.exe ModuleMD5 = c81b8635dee0d3ef5f64b3dd643023a5

processName = WANMPSVC.EXE File Size = 65536 File Path = C:\WINDOWS\wanmpsvc.exe ModuleMD5 = eb9a99ab5d17b1727034ff191e6448d7

processName = MCSHIELD.EXE File Size = 225375 File Path = c:\PROGRA~1\mcafee.com\vso\mcshield.exe ModuleMD5 = 97addee4dc70929a8b482a7ae7842920

processName = EXPLORER.EXE File Size = 1032192 File Path = C:\WINDOWS\Explorer.EXE ModuleMD5 = a0732187050030ae399b241436565e64

processName = WEBTRAPNT.EXE File Size = 235520 File Path = C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe ModuleMD5 = 83c9b8c07e76527d3ccb5b5ee2102102

processName = LVCOMS.EXE File Size = 127022 File Path = C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE ModuleMD5 = 574b0c1a95d1ea0fba1ca700ce83e7b9

processName = VIEWMGR.EXE File Size = 102400 File Path = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe ModuleMD5 = c79b15fc2c988fadf01a5b7924e81f17

processName = AOLDIAL.EXE File Size = 34904 File Path = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe ModuleMD5 = 25d2aa5a7ca01db369a39149a1ab2f30

processName = AOLSP SCHEDULER.EXE File Size = 83544 File Path = C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe ModuleMD5 = 683ac55a121782ae51217bae986fc645

processName = AOLHOSTMANAGER.EXE File Size = 125528 File Path = C:\PROGRA~1\COMMON~1\AOL\109836~1\EE\AOLHOS~1.EXE ModuleMD5 = 2e6ed35c3e2374bc63c8b91b90da72e2

processName = MCVSSHLD.EXE File Size = 163840 File Path = C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe ModuleMD5 = 3fe1e841ed8483f7a75a1e86f6fc2216

processName = MCAGENT.EXE File Size = 245760 File Path = C:\PROGRA~1\mcafee.com\agent\mcagent.exe ModuleMD5 = c281cb23dddfe24464652bb52ddc61a5

processName = TYPE32.EXE File Size = 172032 File Path = C:\Program Files\Microsoft IntelliType Pro\type32.exe ModuleMD5 = 05e10c2c3736e52fe33d16d2f9c73c04

processName = MSMSGS.EXE File Size = 1587512 File Path = C:\Program Files\Messenger\msmsgs.exe ModuleMD5 = e8d8be207abc2dfdfe5d234b72578288

processName = MCVSESCN.EXE File Size = 417849 File Path = c:\progra~1\mcafee.com\vso\mcvsescn.exe ModuleMD5 = c87ccfac151da6d88f50608f2e3c8dc2

processName = WCESCOMM.EXE File Size = 413775 File Path = C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE ModuleMD5 = e729abbad56fe6a7142abbe1743c80bb

processName = WMIPRVSE.EXE File Size = 218112 File Path = C:\WINDOWS\System32\wbem\wmiprvse.exe ModuleMD5 = 075ea6c849ab0fe416a3d6dd65c3cf41

processName = MCVSFTSN.EXE File Size = 221184 File Path = c:\progra~1\mcafee.com\vso\mcvsftsn.exe ModuleMD5 = fe1642c18909cd2fbde080ce4d7747e1

processName = SPYHUNTER.EXE File Size = 2736128 File Path = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 06bbcd842c1cd671245815eeb9c70254

processName = FIREFOX.EXE File Size = 6631012 File Path = C:\Program Files\Mozilla Firefox\firefox.exe ModuleMD5 = 4abe7358afa12d5f0c7f293c642eb66c

processName = CALC.EXE File Size = 114688 File Path = C:\WINDOWS\system32\calc.exe ModuleMD5 = 829e4805b0e12b383ee09abdc9e2dc3c

###########################REGISTRY MD5 DATA###########################

<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>

Name=NvCplDaemon Data=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup FileSize = 4620288 MD5=70342bc15208b68242241fb0f22468fc

Name=Pop3trap.exe Data="C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe" FileSize = MD5=********************************

Name=WebTrapNT.exe Data="C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe" FileSize = 235520 MD5=83c9b8c07e76527d3ccb5b5ee2102102

Name=ZTgServerSwitch Data=c:\program files\support.com\client\bin\tgcmd.exe /server FileSize = 1409024 MD5=0e9f0bb2d8f4d4b20fbfc9e9e24ac168

Name=NeroCheck Data=C:\WINDOWS\system32\NeroCheck.exe FileSize = 155648 MD5=748393eee2e85357567df4ad30d86397

Name=AdaptecDirectCD Data=C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe FileSize = 675840 MD5=b5722843facfb94ee3eedae68aeefc52

Name=LVCOMS Data=C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE FileSize = 127022 MD5=574b0c1a95d1ea0fba1ca700ce83e7b9

Name=iPodManager Data=C:\Program Files\iPod\bin\iPodManager.exe FileSize = 245760 MD5=c2f8589dbbdc607ca61941da54df2849

Name=ViewMgr Data=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe FileSize = 102400 MD5=c79b15fc2c988fadf01a5b7924e81f17

Name=KRVVXIo90 Data=C:\documents and settings\raju\local settings\temp\KRVVXIo90.exe FileSize = MD5=********************************

Name=AOLDialer Data=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe FileSize = 34904 MD5=25d2aa5a7ca01db369a39149a1ab2f30

Name=HostManager Data=C:\Program Files\Common Files\AOL\1098366343\EE\AOLHostManager.exe FileSize = 125528 MD5=2e6ed35c3e2374bc63c8b91b90da72e2

Name=TkBellExe Data="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot FileSize = 180269 MD5=b8e684df9a97497edd2f87444a6307fb

Name=22696349ddbc Data=C:\WINDOWS\System32\LVUI2RC3.exe FileSize = MD5=********************************

Name=AOL Spyware Protection Data="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" FileSize = 83544 MD5=683ac55a121782ae51217bae986fc645

Name=nwiz Data=nwiz.exe /install FileSize = 921600 MD5=

Name=NvMediaCenter Data=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit FileSize = 86016 MD5=ca342993cf9b669fa62cc23fdb04d6e6

Name=QuickTime Task Data="C:\Program Files\QuickTime\qttask.exe" -atboottime FileSize = 98304 MD5=76a3a30b58405c2c6d833895253a51a9

Name=EleFunAnimatedWallpaper Data="C:\Program Files\EleFun Multimedia\Amazing Waterfall Wallpaper\Amazing Waterfall.exe" FileSize = MD5=********************************

Name=o73V3tW Data=icaxch35.exe FileSize = MD5=

Name=SunJavaUpdateSched Data=C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe FileSize = 36975 MD5=1f6573d67dd5dc06dd29ec7fcf81dc6f

Name=VSOCheckTask Data="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask FileSize = 122880 MD5=90cf41e5d4e8d3a88d8630da5c3b7a3a

Name=VirusScan Online Data="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" FileSize = 163840 MD5=3fe1e841ed8483f7a75a1e86f6fc2216

Name=MCAgentExe Data=c:\PROGRA~1\mcafee.com\agent\mcagent.exe FileSize = 245760 MD5=c281cb23dddfe24464652bb52ddc61a5

Name=MCUpdateExe Data=C:\PROGRA~1\mcafee.com\agent\mcupdate.exe FileSize = 180224 MD5=27385955e28e1e08461a1cc5c95d1da8

Name=New.net Startup Data=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s FileSize = 229376 MD5=b8d2ea737777a3313a3b6fa5251fdc72

Name=type32 Data="C:\Program Files\Microsoft IntelliType Pro\type32.exe" FileSize = 172032 MD5=05e10c2c3736e52fe33d16d2f9c73c04

Name=IntelliPoint Data="C:\Program Files\Microsoft IntelliPoint\point32.exe" FileSize = 204800 MD5=d6c9858536249e31a5e9a1a4f3a08113

Name=SpyHunter Data=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe -scan

FileSize = 2736128 MD5=06bbcd842c1cd671245815eeb9c70254

<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX>

<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>

<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>

Name=MSMSGS Data="C:\Program Files\Messenger\msmsgs.exe" /background FileSize = 1587512 MD5=e8d8be207abc2dfdfe5d234b72578288

Name=LDM Data=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe FileSize = MD5=********************************

Name=Yahoo! Pager Data=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet FileSize = 2502656 MD5=c4f15909d8eacbfd7ab5ef8bc992d735

Name=kbdhu Data=C:\WINDOWS\System32\kbdhu.exe FileSize = MD5=********************************

Name=Zws9Rja3Q Data=hypeui.exe FileSize = MD5=

Name=H/PC Connection Agent Data="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" FileSize = 413775 MD5=e729abbad56fe6a7142abbe1743c80bb

Name=Google Desktop Search Data="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

FileSize = 118784 MD5=19259b032fa79275e385c35e1cf15c7f

<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>

<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>

Name=MSMSGS Data="C:\Program Files\Messenger\msmsgs.exe" /background

FileSize = 1587512 MD5=e8d8be207abc2dfdfe5d234b72578288

<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>

#############################FILE MD5 DATA#############################

<C:\Documents and Settings\raju\Start Menu\Programs\Startup>

File Path = C:\Documents and Settings\raju\Start Menu\Programs\Startup\desktop.ini File Size = 4096 md5=d6a6856702e3f0953e7246a9b4a9fe35

File Path = C:\Documents and Settings\raju\Start Menu\Programs\Startup\Konfabulator.lnk File Size = 4096 md5=f91ebc2a9a7f6baf0e3ad5b90cf01aa0

#############################SERVICES DATA#############################

Service Name = AOL ACS Service Display Name = AOL Connectivity Service Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" Binary Size = 0 Binary MD5 =

Service Name = AOL TopSpeedMonitor Service Display Name = AOL TopSpeed Monitor Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe Binary Size = 100016 Binary MD5 = 7fb54900aa9792ab6307c699ec1859d4

Service Name = AudioSrv Service Display Name = Windows Audio Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = Browser Service Display Name = Computer Browser Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = CryptSvc Service Display Name = Cryptographic Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = DcomLaunch Service Display Name = DCOM Server Process Launcher Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k DcomLaunch Binary Size = 0 Binary MD5 =

Service Name = Dhcp Service Display Name = DHCP Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = Dnscache Service Display Name = DNS Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k NetworkService Binary Size = 0 Binary MD5 =

Service Name = ERSvc Service Display Name = Error Reporting Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = Eventlog Service Display Name = Event Log Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4

Service Name = EventSystem Service Display Name = COM+ Event System Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = FastUserSwitchingCompatibility Service Display Name = Fast User Switching Compatibility Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = helpsvc Service Display Name = Help and Support Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = lanmanserver Service Display Name = Server Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = lanmanworkstation Service Display Name = Workstation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = LmHosts Service Display Name = TCP/IP NetBIOS Helper Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =

Service Name = McShield Service Display Name = McAfee.com McShield Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 3 Service Error Control = 1 Service Binary Path = c:\PROGRA~1\mcafee.com\vso\mcshield.exe Binary Size = 225375 Binary MD5 = 97addee4dc70929a8b482a7ae7842920

Service Name = MCVSRte Service Display Name = McAfee.com VirusScan Online Realtime Engine Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding Binary Size = 0 Binary MD5 =

Service Name = Netman Service Display Name = Network Connections Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = Nla Service Display Name = Network Location Awareness (NLA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = NVSvc Service Display Name = NVIDIA Display Driver Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\nvsvc32.exe Binary Size = 127043 Binary MD5 = 190bf982638e4a0c98b334a39e50fb9f

Service Name = PlugPlay Service Display Name = Plug and Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4

Service Name = PolicyAgent Service Display Name = IPSEC Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2

Service Name = ProtectedStorage Service Display Name = Protected Storage Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2

Service Name = RasMan Service Display Name = Remote Access Connection Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = RpcSs Service Display Name = Remote Procedure Call (RPC) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k rpcss Binary Size = 0 Binary MD5 =

Service Name = SamSs Service Display Name = Security Accounts Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2

Service Name = Schedule Service Display Name = Task Scheduler Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = seclogon Service Display Name = Secondary Logon Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = SENS Service Display Name = System Event Notification Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = SharedAccess Service Display Name = Windows Firewall/Internet Connection Sharing (ICS) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = ShellHWDetection Service Display Name = Shell Hardware Detection Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = Spooler Service Display Name = Print Spooler Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\spoolsv.exe Binary Size = 57856 Binary MD5 = 7435b108b935e42ea92ca94f59c8e717

Service Name = srservice Service Display Name = System Restore Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = SSDPSRV Service Display Name = SSDP Discovery Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =

Service Name = stisvc Service Display Name = Windows Image Acquisition (WIA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k imgsvc Binary Size = 0 Binary MD5 =

Service Name = TapiSrv Service Display Name = Telephony Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = TermService Service Display Name = Terminal Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost -k DComLaunch Binary Size = 0 Binary MD5 =

Service Name = Themes Service Display Name = Themes Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = TrkWks Service Display Name = Distributed Link Tracking Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = UMWdf Service Display Name = Windows User Mode Driver Framework Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\wdfmgr.exe Binary Size = 38912 Binary MD5 = c81b8635dee0d3ef5f64b3dd643023a5

Service Name = W32Time Service Display Name = Windows Time Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = WANMiniportService Service Display Name = WAN Miniport (ATW) Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\WINDOWS\wanmpsvc.exe" Binary Size = 0 Binary MD5 =

Service Name = WebClient Service Display Name = WebClient Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =

Service Name = winmgmt Service Display Name = Windows Management Instrumentation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = wscsvc Service Display Name = Security Center Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = wuauserv Service Display Name = Automatic Updates Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

Service Name = WZCSVC Service Display Name = Wireless Zero Configuration Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =

#############################WINLOGON DATA#############################

<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY>

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Filepath = C:\WINDOWS\system32\crypt32.dll File Size = 597504 File MD5 = efc958396a7a7ef7e6d4a52b97512e18

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Filepath = C:\WINDOWS\system32\cryptnet.dll File Size = 63488 File MD5 = cad4aa32e7eca00c23cc39c0eb833f9d

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll Filepath = C:\WINDOWS\system32\cscdll.dll File Size = 101888 File MD5 = 587729679b4fe04ce06a5c61d6c56dcd

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify Filepath = C:\WINDOWS\system32\PCANotify.dll File Size = 24638 File MD5 = ae57975eea47836e9f8fa32f3ca5b9c6

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Filepath = C:\WINDOWS\system32\sclgntfy.dll File Size = 20992 File MD5 = d636fa41e50671160d838ea2dace3330

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn Filepath = C:\WINDOWS\system32\WlNotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e

Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e

##########################BROWSER ADD-ON DATA##########################

<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar>

CLSID = {2318C2B1-4965-11d4-9B18-009027A5CD4F} FilePath = c:\program files\google\googletoolbar2.dll File Size = 720896 File MD5 = d4e9b7b696e8c40a0e5cb76621a03ee4 Description = 0

CLSID = {4982D40A-C53B-4615-B15B-B5B5E98D167C} FilePath = C:\Program Files\AOL Toolbar\toolbar.dll File Size = 472744 File MD5 = 95257b40ab3cae430e08d1d89787a000 Description = 0

CLSID = {BA52B914-B692-46c4-B683-905236F6F655} FilePath = c:\progra~1\mcafee.com\vso\mcvsshl.dll File Size = 114743 File MD5 = e2dc87821730e985c4b71639242d58f6 Description = McAfee VirusScan

<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars>

CLSID = {4528BBE0-4E08-11D5-AD55-00010333D0AD} FilePath = File Size = 0 File MD5 =

CLSID = {4D5C8C25-D075-11d0-B416-00C04FB90376} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a

CLSID = {83B28A74-640D-48F4-9F51-E80EED7CC7E0} FilePath = C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll File Size = 214976 File MD5 = 431e3073b7165ea62a22f81f1ef1fce4

CLSID = {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} FilePath = C:\WINDOWS\System32\Shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a

<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars>

CLSID = {32683183-48a0-441b-a342-7c2a440a9478} FilePath = File Size = 0 File MD5 =

CLSID = {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} FilePath = C:\WINDOWS\system32\SHELL32.dll File Size = 8450048 File MD5 = 9833f278924d028414d7f89bfd4fc46b

CLSID = {EFA24E61-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a

CLSID = {EFA24E62-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a

CLSID = {EFA24E64-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a

<HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects>

CLSID = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} FilePath = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File Size = 63136 File MD5 = 42729c3de75a7a51fc6f9ef6546c9199

CLSID = {AA58ED58-01DD-4d91-8333-CF10577473F7} FilePath = c:\program files\google\googletoolbar2.dll File Size = 720896 File MD5 = d4e9b7b696e8c40a0e5cb76621a03ee4

CLSID = {D714A94F-123A-45CC-8F03-040BCAF82AD6} FilePath = C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll File Size = 214976 File MD5 = 431e3073b7165ea62a22f81f1ef1fce4

<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions>

CLSID = CmdMapping FilePath = File Size = 0 File MD5 =

CLSID = {08B0E5C0-4FCB-11CF-AAA5-00401C608501} FilePath = C:\WINDOWS\System32\msjava.dll File Size = 947472 File MD5 = e75aa32c6b79c846f5314ca4da92f29e

CLSID = {120E090D-9136-4b78-8258-F0B44B4BD2AC} FilePath = File Size = 0 File MD5 =

CLSID = {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} FilePath = File Size = 0 File MD5 =

CLSID = {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} FilePath = File Size = 0 File MD5 =

CLSID = {3E230861-5C87-11D3-A1C6-00105A1B41B8} FilePath = File Size = 0 File MD5 =

CLSID = {4982D40A-C53B-4615-B15B-B5B5E98D167C} FilePath = C:\Program Files\AOL Toolbar\toolbar.dll File Size = 472744 File MD5 = 95257b40ab3cae430e08d1d89787a000

CLSID = {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} FilePath = File Size = 0 File MD5 =

CLSID = {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} FilePath = File Size = 0 File MD5 =

CLSID = {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} FilePath = File Size = 0 File MD5 =

CLSID = {FB5F1910-F110-11d2-BB9E-00C04F795683} FilePath = File Size = 0 File MD5 =

<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions>

CLSID = CmdMapping FilePath = File Size = 0 File MD5 =

<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks>

CLSID = {1C78AB3F-A857-482e-80C0-3A1E5238A565} FilePath = File Size = 0 File MD5 = Description =

CLSID = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a Description =

##########################LSP CHAIN DATA##########################

<HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS>

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Filepath = C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll File Size = 8704 File MD5 = 65c44c423f4f17189fcb181b65605ea8

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Filepath = C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll File Size = 8704 File MD5 = 65c44c423f4f17189fcb181b65605ea8

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Filepath = C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll File Size = 8704 File MD5 = 65c44c423f4f17189fcb181b65605ea8

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000029 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184

Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000030 Filepath = C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll File Size = 8704 File MD5 = 65c44c423f4f17189fcb181b65605ea8

##########################UNINSTALL DATA##########################

<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL>

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\4C36C8F0-AC58-47B2-B120-B2527AC907A8 DisplayName = Blackhawk Striker 2 from Shockwave.com (remove only)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ActiveTouchMeetingClient DisplayName = WebEx

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AdobeESD DisplayName = Adobe Download Manager 1.2 (Remove Only)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\America Online us DisplayName = America Online (Choose which version to remove)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL Connectivity Services DisplayName = AOL Connectivity Services

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL Deskbar DisplayName = AOL Deskbar

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL Instant Messenger DisplayName = AOL Instant Messenger

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL Spyware Protection DisplayName = AOL Spyware Protection

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL Toolbar DisplayName = AOL Toolbar

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AOL YGP Screensaver DisplayName = AOL You've Got Pictures Screensaver

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AolCoach DisplayName = AOL Coach Version 1.0(Build:20030807.3)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AolCoach2_en DisplayName = AOL Coach Version 2.0(Build:20041026.5 en)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Apache Tomcat 5.5 DisplayName = Apache Tomcat 5.5 (remove only)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Audiogalaxy Satellite DisplayName = Audiogalaxy Satellite

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AvantGo Client

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Bejeweled 2 Deluxe 1.0 DisplayName = Bejeweled 2 Deluxe 1.0

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\BitComet DisplayName = BitComet 1125_unstable

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent DisplayName = BitTorrent 3.4.2

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Branding

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\BroadJump Client Foundation DisplayName = BroadJump Client Foundation

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\care2.xml DisplayName = Care2 Green Thumbs-Up

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CellView DisplayName = CellView

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Chameleon Mega Camera Driver DisplayName = Chameleon Mega Camera Driver

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ChequePointe POS Demo

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ConnectionManager DisplayName = BellSouth® FastAccess® Connection Manager

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Convert-It Group And Files DisplayName = Convert-It Group And Files

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Corel Applications DisplayName = Corel Applications

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CubicEye DisplayName = CubicEye

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CYBv360 DisplayName = Controlling Your Business 98 v3.60

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Dell Printer Software Uninstall DisplayName = Dell Printer Software Uninstall

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Discovering Art DisplayName = Discovering Art

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DiskMonitor DisplayName = DiskMonitor

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Donor Edge3.0 DisplayName = Donor Edge 1.0

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DVD Express A/V Pak DisplayName = DVDExpress

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\EssentialPIM DisplayName = EssentialPIM InstallLocation = C:\Program Files\EssentialPIM

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\expinst

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\EZface ActiveX DisplayName = EZface ActiveX 90

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ezlistng DisplayName = The Real Yellow Pages Live! v3.9.1 (ActiveX)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\FlightView Screensaver_is1 DisplayName = FlightView Screensaver 1.0

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Desktop DisplayName = Google Desktop Search

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Grand Master Chess DisplayName = Grand Master Chess

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\GunboundWC_is1 DisplayName = GunboundWC

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HomePage DisplayName = HomePage Utility

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HouseCall (for Netscape) DisplayName = HouseCall (for Netscape)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Icy Tower_is1 DisplayName = Icy Tower v1.2 (44kHz)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\iDEN Super Agent RSS DisplayName = iDEN Super Agent RSS

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\iDEN WebJAL

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEREADME

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2F8C106A-7DFC-45DE-8006-F9145AADF1D8} DisplayName = iPod Updater 2004-08-06 InstallLocation =

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{720DAF8C-F9FD-4236-8EDD-75219B21E276} DisplayName = WriteExpress 3,001 Business & Sales Letters InstallLocation =

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{ABB07BC7-1282-4895-9680-E77E574D8918} DisplayName = NetClient Formula InstallLocation = C:\Program Files\NetClient\

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B9987754-9A14-4B61-ABB3-73A79503238D} DisplayName = iPod for Windows User Guide InstallLocation =

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{D593BE84-013B-4221-B34C-B3767C408FAC} DisplayName = iPod for Windows InstallLocation =

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{FA86DB6D-DD7B-46A2-8FB1-6B33460D03A4} DisplayName = iPod System Software Updater 2.0.1 InstallLocation =

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\irdPrintDemoApp DisplayName = irdPrintDemoApp

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IrfanView DisplayName = IrfanView (remove only)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Java Web Start DisplayName = Java Web Start

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Kaboodle_is1 DisplayName = Kaboodle version 0.99d InstallLocation = C:\Program Files\Kaboodle\

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB834707 DisplayName = Windows XP Hotfix - KB834707

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB867282 DisplayName = Windows XP Hotfix - KB867282

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873333 DisplayName = Windows XP Hotfix - KB873333

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 DisplayName = Windows XP Hotfix - KB873339

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB883939 DisplayName = Security Update for Windows XP (KB883939)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884016

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885250 DisplayName = Windows XP Hotfix - KB885250

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 DisplayName = Windows XP Hotfix - KB885835

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 DisplayName = Windows XP Hotfix - KB885836

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885884 DisplayName = Windows XP Hotfix - KB885884

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 DisplayName = Windows XP Hotfix - KB886185

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887742 DisplayName = Windows XP Hotfix - KB887742

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888113 DisplayName = Windows XP Hotfix - KB888113

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 DisplayName = Windows XP Hotfix - KB888302

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890046 DisplayName = Security Update for Windows XP (KB890046)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890047 DisplayName = Windows XP Hotfix - KB890047

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890175 DisplayName = Windows XP Hotfix - KB890175

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890859 DisplayName = Windows XP Hotfix - KB890859

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890923 DisplayName = Windows XP Hotfix - KB890923

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891781 DisplayName = Windows XP Hotfix - KB891781

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893066 DisplayName = Windows XP Hotfix - KB893066

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893086 DisplayName = Windows XP Hotfix - KB893086

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803 DisplayName = Windows Installer 3.1 (KB893803)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2 DisplayName = Windows Installer 3.1 (KB893803)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896358 DisplayName = Security Update for Windows XP (KB896358)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896422 DisplayName = Security Update for Windows XP (KB896422)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896428 DisplayName = Security Update for Windows XP (KB896428)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898458 DisplayName = Security Update for Step By Step Interactive Training (KB898458)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveReg DisplayName = LiveReg (Symantec Corporation) InstallLocation = C:\Program Files\Common Files\Symantec Shared\LiveReg

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate1.6 DisplayName = LiveUpdate 1.6 (Symantec Corporation) InstallLocation = C:\Program Files\Symantec\LiveUpdate

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Living Waterfalls II Wallpaper #1 DisplayName = Living Waterfalls II Wallpaper #1

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\M886903 DisplayName = Microsoft .NET Framework 1.1 Hotfix (KB886903)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Macromedia Shockwave Player DisplayName = Macromedia Shockwave Player

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Matroska Pack DisplayName = Matroska Pack (remove only) InstallLocation = C:\Program Files\Matroska Pack

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Mcafee SecurityCenter DisplayName = McAfee SecurityCenter

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MDL Chime/Chime Pro for Internet Explorer DisplayName = MDL Chime/Chime Pro for Internet Explorer

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033) DisplayName = Microsoft .NET Framework 1.1

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Mobile Application Link

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Motion JPEG Software Decoder DisplayName = Motion JPEG Software Decoder

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Motorola USB Modem Installation

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (1.0.4) DisplayName = Mozilla Firefox (1.0.4) InstallLocation = C:\Program Files\Mozilla Firefox

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MsJavaVM

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSN Music Assistant DisplayName = MSN Music Assistant

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Muse Names DisplayName = Muse Names

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Nero - Burning Rom!UninstallKey DisplayName = Nero - Burning Rom (Web installer)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NetPayPlus DisplayName = NetPay Plus

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Netscape (7.1) DisplayName = Netscape (7.1)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Netscape (7.2) DisplayName = Netscape (7.2)

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\New.net

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NEWT Professional_is1 DisplayName = NEWT Professional 1.0.2045 InstallLocation = C:\Program Files\Komodo Digital\NEWT Pro\

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NoAdware_is1 DisplayName = NoAdware v3.0 InstallLocation = C:\Program Files\NoAdware3\

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA Drivers DisplayName = NVIDIA Drivers

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ot2CD13 DisplayName = Oregon Trail II

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Panorama DisplayName = Panorama

Subkey Name = Softwa

Link to post
Share on other sites

Sorry wrong log, please help my browser is hijacked thanx.

Logfile of HijackThis v1.99.1

Scan saved at 12:49:35 AM, on 6/18/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\PROGRA~1\COMMON~1\AOL\109836~1\EE\AOLHOS~1.EXE

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Messenger\msmsgs.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\calc.exe

C:\WINDOWS\notepad.exe

C:\DOCUMENTS AND SETTINGS\RAJU\DESKTOP\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\raju\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\raju\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\raju\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\raju\Application Data\Mozilla\Profiles\default\qe0z09me.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\raju\Application Data\Mozilla\Profiles\default\qe0z09me.slt\prefs.js)

O1 - Hosts: 216.19.0.250 idenupdate.motorola.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"

O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [KRVVXIo90] C:\documents and settings\raju\local settings\temp\KRVVXIo90.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1098366343\EE\AOLHostManager.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [22696349ddbc] C:\WINDOWS\System32\LVUI2RC3.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [EleFunAnimatedWallpaper] "C:\Program Files\EleFun Multimedia\Amazing Waterfall Wallpaper\Amazing Waterfall.exe"

O4 - HKLM\..\Run: [o73V3tW] icaxch35.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe -scan

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [kbdhu] C:\WINDOWS\System32\kbdhu.exe

O4 - HKCU\..\Run: [Zws9Rja3Q] hypeui.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)

O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe (file missing)

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .pdbgz: C:\Program Files\Internet Explorer\PLUGINS\npchime.dll

O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll

O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab

O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet/superbin...o-ob-assets.cab

O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab

O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet/mahjong/ma...g-ob-assets.cab

O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.5.21/fl...r-ob-assets.cab

O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab

O16 - DPF: SEAGULL J Walk Java Client 3_1C14 - http://151.198.171.142/jwalk/jwalk_ie.cab

O16 - DPF: Toki Toki Boom - http://download.games.yahoo.com/games/clients/y/vtn_x.cab

O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab

O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab

O16 - DPF: Video Poker - http://download.games.yahoo.com/games/clients/y/vpt0_x.cab

O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet/worldclass...s-ob-assets.cab

O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab

O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab

O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107405303734

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp...23/cpbrkpie.cab

O16 - DPF: {9D8D7672-93FF-417E-9024-C16AD141C50C} (Haunted Control) - http://www.worldwinner.com/games/v48/haunted/haunted.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab

O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - https://wc.wachovia.com/Common/cab/ikcntrls.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5621EF23-CD3C-40D6-B54A-1F39C7EAB767}: NameServer = 205.152.37.23 205.152.144.23

O18 - Filter: text/plain - {F05E4E7B-A73A-4D25-B3F8-CDE0CF8C8CFD} - (no file)

O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 (file missing)

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Link to post
Share on other sites
  • 2 weeks later...

Hi raju420 and welcome to Best Techie My name is Excal and I will be helping you.

If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

:thumbsup:

Excal

Link to post
Share on other sites
Guest
This topic is now closed to further replies.