Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hijackthis results for comp with jokebluescreen.c

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hijackthis results for comp with jokebluescreen.c

Unread postby teen8bo1 » August 15th, 2008, 2:04 pm

I have a virus/trojan called jokebluescreen.c, mcafee found it, tried to delete it, but the effects of the virus are still present. here is the hijackthis scan report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:04 PM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
H:\Program Files\Analog Devices\Core\smax4pnp.exe
H:\Program Files\Analog Devices\SoundMAX\Smax4.exe
H:\Program Files\SiteAdvisor\6261\SiteAdv.exe
H:\Program Files\QuickTime\qttask.exe
H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
H:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
H:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
h:\program files\common files\mcafee\mna\mcnasvc.exe
H:\Program Files\Canon\MyPrinter\BJMyPrt.exe
H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
H:\Program Files\McAfee.com\Agent\mcagent.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\Program Files\McAfee\MPF\MPFSrv.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\SiteAdvisor\6261\SAService.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
H:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
H:\WINDOWS\System32\svchost.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
h:\PROGRA~1\mcafee\msc\mcuimgr.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - H:\Program

Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - H:\Program

Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - H:\Program

Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program

files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program

Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - H:\Program

Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program

Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nTrayFw] H:\Program Files\NVIDIA

Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32

\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SiteAdvisor] "H:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef

/Migration32
O4 - HKLM\..\Run: [MSPY2002] H:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RoxioDragToDisc] "H:\Program Files\Roxio\Easy Media Creator 8\Drag to

Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "H:\Program Files\Common Files\Roxio Shared\SharedCOM8

\RoxWatchTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CanonMyPrinter] H:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter

Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] H:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [lphcncmj0e5s9] H:\WINDOWS\system32\lphcncmj0e5s9.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program

Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "H:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] H:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10

\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2

\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://H:\Program

Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://H:\Program

Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://H:\Program Files\Canon\Easy-

WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://H:\Program Files\Canon\Easy-

WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-

A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

H:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad

-Aware 2007\aawservice.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - H:\Program

Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation -

H:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - H:\PROGRA~1

\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - h:\program files\common

files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - h:\PROGRA~1\COMMON~1

\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - H:\PROGRA~1

\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1

\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - H:\Program

Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - H:\Program Files\NVIDIA

Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - H:\Program Files\NVIDIA

Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - H:\Program

Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - H:\Program Files\Common Files\Roxio

Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - H:\Program Files\Common

Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - H:\Program Files\Roxio\Easy Media Creator

8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - H:\Program

Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SiteAdvisor Service - Unknown owner - H:\Program Files\SiteAdvisor\6261

\SAService.exe

--
End of file - 10895 bytes

Thank you for your time.
teen8bo1
Active Member
 
Posts: 5
Joined: August 15th, 2008, 1:58 pm
Advertisement
Register to Remove

Re: hijackthis results for comp with jokebluescreen.c

Unread postby Shaba » August 17th, 2008, 4:52 am

Hi teen8bo1

The formatting of your post is messed up. This is caused by having Word Wrap checked.
1. Click Start > All Programs > Accessories > Notepad
2. On the menu bar in Notepad select Format and click on WordWrap so it appears unchecked.

After that, please post back a fresh HijackThis log :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: hijackthis results for comp with jokebluescreen.c

Unread postby teen8bo1 » August 17th, 2008, 10:37 pm

sorry about that, here it is again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:04 PM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
H:\Program Files\Analog Devices\Core\smax4pnp.exe
H:\Program Files\Analog Devices\SoundMAX\Smax4.exe
H:\Program Files\SiteAdvisor\6261\SiteAdv.exe
H:\Program Files\QuickTime\qttask.exe
H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
H:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
H:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
h:\program files\common files\mcafee\mna\mcnasvc.exe
H:\Program Files\Canon\MyPrinter\BJMyPrt.exe
H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
H:\Program Files\McAfee.com\Agent\mcagent.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\Program Files\McAfee\MPF\MPFSrv.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\SiteAdvisor\6261\SAService.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
H:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
H:\WINDOWS\System32\svchost.exe
H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
h:\PROGRA~1\mcafee\msc\mcuimgr.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - H:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - H:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - H:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - H:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nTrayFw] H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] H:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SiteAdvisor] "H:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] H:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RoxioDragToDisc] "H:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "H:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CanonMyPrinter] H:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] H:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [lphcncmj0e5s9] H:\WINDOWS\system32\lphcncmj0e5s9.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "H:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - H:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - H:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - h:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - h:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - H:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - H:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - H:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - H:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - H:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - H:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - H:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SiteAdvisor Service - Unknown owner - H:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 10895 bytes
teen8bo1
Active Member
 
Posts: 5
Joined: August 15th, 2008, 1:58 pm

Re: hijackthis results for comp with jokebluescreen.c

Unread postby Shaba » August 18th, 2008, 2:53 am

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply.

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

Post:

- mbam report
- otscanit log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: hijackthis results for comp with jokebluescreen.c

Unread postby teen8bo1 » August 22nd, 2008, 12:54 pm

malwarebytes log

Malwarebytes' Anti-Malware 1.25
Database version: 1077
Windows 5.1.2600 Service Pack 2

12:54:05 PM 8/22/2008
mbam-log-08-22-2008 (12-54-05).txt

Scan type: Full Scan (H:\|J:\|)
Objects scanned: 105529
Time elapsed: 1 hour(s), 3 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcncmj0e5s9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
H:\WINDOWS\system32\phcncmj0e5s9.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:\Documents and Settings\Owner\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
H:\Documents and Settings\Owner\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
teen8bo1
Active Member
 
Posts: 5
Joined: August 15th, 2008, 1:58 pm

Re: hijackthis results for comp with jokebluescreen.c

Unread postby teen8bo1 » August 22nd, 2008, 1:03 pm

otscanit log

Code: Select all
OTScanIt logfile created on: 8/22/2008 1:00:48 PM
OTScanIt by OldTimer - Version 1.0.16.2     Folder = H:\Documents and Settings\Owner\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
990.48 Mb Total Physical Memory | 576.13 Mb Available Physical Memory | 58.17% Memory free
2.33 Gb Paging File | 1.98 Gb Available in Paging File | 85.02% Paging File free
Paging file location(s): H:\pagefile.sys 1488 2976;
 
%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 465.75 Gb Total Space | 4.02 Gb Free Space | 0.86% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 372.61 Gb Total Space | 80.07 Gb Free Space | 21.49% Space Free | Partition Type: NTFS

Computer Name: JAMES
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 5/3/2008 1:03:41 PM | Attr =    ]
ntrayfw.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 489 | Size = 270336 bytes | Modified Date = 2/17/2006 11:40:36 AM | Attr =    ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 5/19/2005 9:11:06 PM | Attr = R  ]
smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 12 | Size = 716800 bytes | Modified Date = 9/7/2005 4:35:36 PM | Attr =    ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.exe -> McAfee, Inc. [Ver = 1.6.0.23 | Size = 35992 bytes | Modified Date = 7/24/2006 4:28:22 PM | Attr =    ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 7:58:18 PM | Attr =    ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr =    ]
drgtodsc.exe -> %ProgramFiles%\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe -> Sonic Solutions [Ver = 8.0.5.23 | Size = 1687552 bytes | Modified Date = 10/20/2005 9:47:58 PM | Attr =    ]
roxwatchtray.exe -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxWatchTray.exe ->  [Ver = 8.0.5.55 | Size = 163840 bytes | Modified Date = 10/21/2005 4:13:40 PM | Attr =    ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr =    ]
bjmyprt.exe -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE -> CANON INC. [Ver = 1, 3, 0, 0 | Size = 1191936 bytes | Modified Date = 3/21/2006 9:30:00 PM | Attr =    ]
opwarese4.exe -> %ProgramFiles%\ScanSoft\OmniPageSE4.0\OpWareSE4.exe -> ScanSoft, Inc. [Ver = 15.0 | Size = 69632 bytes | Modified Date = 3/21/2006 2:19:40 PM | Attr =    ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr =    ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 1:36:04 PM | Attr =    ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/3/2007 11:33:14 PM | Attr =    ]
ctsyncu.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe ->  [Ver = 6.1.9.0 | Size = 700416 bytes | Modified Date = 9/4/2006 7:18:32 PM | Attr =    ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 1:02:14 PM | Attr =    ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/17/2007 12:00:15 AM | Attr =    ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 4:54:42 PM | Attr =    ]
nsvcip.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 127035 bytes | Modified Date = 2/17/2006 11:35:58 AM | Attr =    ]
nsvclog.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA [Ver = 2, 2, 0, 464 | Size = 61503 bytes | Modified Date = 2/17/2006 11:35:42 AM | Attr =    ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8205 | Size = 131139 bytes | Modified Date = 1/24/2006 6:15:00 AM | Attr =    ]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6261\SAService.exe ->  [Ver =  | Size = 345376 bytes | Modified Date = 5/23/2008 8:56:46 PM | Attr =    ]
nsvcappflt.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ->  [Ver = 1, 0, 1, 0 | Size = 139264 bytes | Modified Date = 2/17/2006 11:39:02 AM | Attr =    ]
cpshelprunner.exe -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\CPSHelpRunner.exe -> Sonic Solutions [Ver = 8.0.5.55 | Size = 10240 bytes | Modified Date = 10/21/2005 3:54:54 PM | Attr =    ]
roxwatch.exe -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxWatch.exe -> Sonic Solutions [Ver = 8.0.5.55 | Size = 155648 bytes | Modified Date = 10/21/2005 4:05:42 PM | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.16: 2008070205 | Size = 7667312 bytes | Modified Date = 7/17/2008 10:10:10 AM | Attr =    ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 2:41:52 AM | Attr =    ]
mcuimgr.exe -> %ProgramFiles%\McAfee\MSC\mcuimgr.exe -> McAfee, Inc. [Ver = 8,0,226,0 | Size = 265040 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 5/3/2008 1:03:41 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2/28/2006 8:00:00 AM | Attr =    ]
(ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe ->  [Ver = 1, 0, 1, 0 | Size = 139264 bytes | Modified Date = 2/17/2006 11:39:02 AM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/26/2007 1:54:10 AM | Attr =    ]
(ICDSPTSV) Sony SPTI Service for DVE [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\IcdSptSv.exe -> Sony Corporation [Ver = 3.0.03.04010 | Size = 69632 bytes | Modified Date = 4/2/2003 7:08:30 AM | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 4:24:18 AM | Attr =    ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 10:36:32 AM | Attr =    ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr =    ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr =    ]
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 7/25/2007 3:16:16 AM | Attr =    ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 1:36:04 PM | Attr =    ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 1:02:14 PM | Attr =    ]
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 2:41:52 AM | Attr =    ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 4:54:42 PM | Attr =    ]
(nSvcIp) ForceWare IP service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 127035 bytes | Modified Date = 2/17/2006 11:35:58 AM | Attr =    ]
(nSvcLog) ForceWare user log service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA [Ver = 2, 2, 0, 464 | Size = 61503 bytes | Modified Date = 2/17/2006 11:35:42 AM | Attr =    ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8205 | Size = 131139 bytes | Modified Date = 1/24/2006 6:15:00 AM | Attr =    ]
(RoxLiveShare) LiveShare P2P Server [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxLiveShare.exe -> Sonic Solutions [Ver = 8.0.5.55 | Size = 229376 bytes | Modified Date = 10/21/2005 4:09:44 PM | Attr =    ]
(RoxMediaDB) RoxMediaDB [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxMediaDB.exe -> Sonic Solutions [Ver = 8.0.5.55 | Size = 864256 bytes | Modified Date = 10/21/2005 4:08:34 PM | Attr =    ]
(RoxUPnPRenderer) RoxUPnPRenderer [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -> Sonic Solutions [Ver = 8.0.0.212  | Size = 45056 bytes | Modified Date = 10/21/2005 1:58:02 PM | Attr =    ]
(RoxUpnpServer) RoxUpnpServer [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -> Sonic Solutions [Ver = 8.0.5.40 | Size = 405504 bytes | Modified Date = 10/21/2005 1:57:20 PM | Attr =    ]
(RoxWatch) Roxio Hard Drive Watcher [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxWatch.exe -> Sonic Solutions [Ver = 8.0.5.55 | Size = 155648 bytes | Modified Date = 10/21/2005 4:05:42 PM | Attr =    ]
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6261\SAService.exe ->  [Ver =  | Size = 345376 bytes | Modified Date = 5/23/2008 8:56:46 PM | Attr =    ]

[Driver Services - Non-Microsoft Only]
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ADIHdAud.sys -> Analog Devices, Inc. [Ver = 5.10.01.4151 built by: WinDDK | Size = 141312 bytes | Modified Date = 10/5/2005 5:21:10 AM | Attr = R  ]
(AEAudioService) AEAudio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.0.1.14 | Size = 127872 bytes | Modified Date = 3/4/2005 8:53:00 AM | Attr = R  ]
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.2.2 (dnsrv(wmbla).050120-1444) | Size = 36352 bytes | Modified Date = 3/9/2005 4:53:00 PM | Attr =    ]
(BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> G:\INSTAL~E\Core\BVRPMPR5.SYS -> File not found
(cdudf_xp) cdudf_xp [File_System | System | Running] -> %SystemRoot%\System32\drivers\Cdudf_xp.sys -> Sonic Solutions [Ver = 8.0.5.39 | Size = 311680 bytes | Modified Date = 10/20/2005 8:05:00 AM | Attr =    ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2/28/2006 8:00:00 AM | Attr =    ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2/28/2006 8:00:00 AM | Attr =    ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2/28/2006 8:00:00 AM | Attr =    ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.07a | Size = 88016 bytes | Modified Date = 1/27/2005 4:22:00 AM | Attr =    ]
(dvd_2K) dvd_2K [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\dvd_2k.sys -> Sonic Solutions [Ver = 8.0.5.39 | Size = 27264 bytes | Modified Date = 10/20/2005 8:05:00 AM | Attr =    ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 4:44:04 PM | Attr =    ]
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Hdaudio.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5012 built by: WinDDK | Size = 145920 bytes | Modified Date = 10/27/2004 4:21:30 PM | Attr =    ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5012 built by: WinDDK | Size = 138240 bytes | Modified Date = 10/27/2004 4:21:36 PM | Attr =    ]
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.9 | Size = 15781 bytes | Modified Date = 5/20/2004 9:46:38 AM | Attr =    ]
(mfeavfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 79304 bytes | Modified Date = 7/24/2007 8:40:36 AM | Attr =    ]
(mfebopk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 35240 bytes | Modified Date = 7/21/2007 10:08:24 AM | Attr =    ]
(mfehidk) McAfee Inc. [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 201288 bytes | Modified Date = 7/21/2007 10:08:24 AM | Attr =    ]
(mferkdk) McAfee Inc. [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 33800 bytes | Modified Date = 7/24/2007 1:02:36 PM | Attr =    ]
(mfesmfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Modified Date = 7/21/2007 10:08:24 AM | Attr =    ]
(mmc_2K) mmc_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\mmc_2k.sys -> Sonic Solutions [Ver = 8.0.5.39 | Size = 27136 bytes | Modified Date = 10/20/2005 8:05:00 AM | Attr =    ]
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 113952 bytes | Modified Date = 7/13/2007 10:20:24 AM | Attr =    ]
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ASACPI.sys ->  [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Modified Date = 8/12/2004 10:56:20 PM | Attr = R  ]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8205 | Size = 3535520 bytes | Modified Date = 1/24/2006 6:15:00 AM | Attr =    ]
(nvata) nvata [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvata.sys -> NVIDIA Corporation [Ver = 5.10.2600.0650 built by: WinDDK | Size = 99584 bytes | Modified Date = 1/27/2006 2:04:16 AM | Attr = R  ]
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.03.05023 | Size = 34176 bytes | Modified Date = 2/16/2006 10:28:30 PM | Attr = R  ]
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.00.05023 | Size = 13056 bytes | Modified Date = 2/16/2006 10:28:32 PM | Attr = R  ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2/28/2006 8:00:00 AM | Attr =    ]
(pwd_2k) pwd_2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\Pwd_2k.sys -> Sonic Solutions [Ver = 8.0.5.39 | Size = 119168 bytes | Modified Date = 10/20/2005 8:05:00 AM | Attr =    ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.09a | Size = 46080 bytes | Modified Date = 8/19/2005 7:00:00 PM | Attr =    ]
(RxFilter) RxFilter [File_System | System | Running] -> %SystemRoot%\system32\drivers\RxFilter.sys -> Sonic Solutions [Ver = 8.0.5.47 built by: WinDDK | Size = 50176 bytes | Modified Date = 10/21/2005 2:34:30 PM | Attr =    ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr =    ]
(SenFiltService) SenFilt Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\senfilt.sys -> Sensaura [Ver = 5.10.00.3521 | Size = 393088 bytes | Modified Date = 8/11/2005 1:49:28 AM | Attr = R  ]
(wg111nd5) NETGEAR WG111 802.11g Wireless USB Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wg111nd5.sys -> NETGEAR, Inc. [Ver = 3.0.18 | Size = 379488 bytes | Modified Date = 6/4/2004 1:12:10 PM | Attr =    ]
(PCANDIS5) PCANDIS5 Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\PCANDIS5.SYS -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.00.13.50 | Size = 16292 bytes | Modified Date = 5/20/2004 9:46:42 AM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
 ->  [] -> File not found
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe ["H:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr =    ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 8:51:56 PM | Attr =    ]
CanonMyPrinter -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE [H:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon] -> CANON INC. [Ver = 1, 3, 0, 0 | Size = 1191936 bytes | Modified Date = 3/21/2006 9:30:00 PM | Attr =    ]
High Definition Audio Property Page Shortcut -> %SystemRoot%\system32\HdAShCut.exe [HDAShCut.exe] -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5012 built by: WinDDK | Size = 61952 bytes | Modified Date = 10/27/2004 4:21:30 PM | Attr =    ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["H:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 10:36:36 AM | Attr =    ]
KernelFaultCheck ->  [%systemroot%\system32\dumprep 0 -k] -> File not found
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [H:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/3/2007 11:33:14 PM | Attr =    ]
MSPY2002 -> %SystemRoot%\system32\IME\PINTLGNT\IMSCINST.EXE [H:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] ->  [Ver =  | Size = 59392 bytes | Modified Date = 2/28/2006 8:00:00 AM | Attr =    ]
nTrayFw -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe] -> NVIDIA Corporation [Ver = 2, 2, 0, 489 | Size = 270336 bytes | Modified Date = 2/17/2006 11:40:36 AM | Attr =    ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8205 | Size = 7311360 bytes | Modified Date = 1/24/2006 6:15:00 AM | Attr =    ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.8205 | Size = 86016 bytes | Modified Date = 1/24/2006 6:15:00 AM | Attr =    ]
NWEReboot ->  [] -> File not found
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] ->  [Ver =  | Size = 1519616 bytes | Modified Date = 1/24/2006 6:15:00 AM | Attr =    ]
OpwareSE4 -> %ProgramFiles%\ScanSoft\OmniPageSE4.0\OpWareSE4.exe ["H:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"] -> ScanSoft, Inc. [Ver = 15.0 | Size = 69632 bytes | Modified Date = 3/21/2006 2:19:40 PM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["H:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 10/25/2006 7:58:18 PM | Attr =    ]
RoxioDragToDisc -> %ProgramFiles%\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe ["H:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"] -> Sonic Solutions [Ver = 8.0.5.23 | Size = 1687552 bytes | Modified Date = 10/20/2005 9:47:58 PM | Attr =    ]
RoxWatchTray -> %CommonProgramFiles%\Roxio Shared\SharedCOM8\RoxWatchTray.exe ["H:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"] ->  [Ver = 8.0.5.55 | Size = 163840 bytes | Modified Date = 10/21/2005 4:13:40 PM | Attr =    ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.exe ["H:\Program Files\SiteAdvisor\6261\SiteAdv.exe"] -> McAfee, Inc. [Ver = 1.6.0.23 | Size = 35992 bytes | Modified Date = 7/24/2006 4:28:22 PM | Attr =    ]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe ["H:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray] -> Analog Devices, Inc. [Ver = 5, 2, 0, 12 | Size = 716800 bytes | Modified Date = 9/7/2005 4:35:36 PM | Attr =    ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe [H:\Program Files\Analog Devices\Core\smax4pnp.exe] -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 5/19/2005 9:11:06 PM | Attr = R  ]
SSBkgdUpdate -> %CommonProgramFiles%\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe ["H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot] -> Scansoft, Inc. [Ver = 1, 0, 0, 6 | Size = 155648 bytes | Modified Date = 9/30/2003 1:14:58 AM | Attr = R  ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> File not found
CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe ["H:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"] ->  [Ver = 6.1.9.0 | Size = 700416 bytes | Modified Date = 9/4/2006 7:18:32 PM | Attr =    ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 7/17/2007 12:00:15 AM | Attr =    ]
< All Users Startup Folder > -> H:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk -> %ProgramFiles%\NETGEAR\WG111 Configuration Utility\WG111CFG.exe ->  [Ver = 2, 0, 2, 7 | Size = 1056864 bytes | Modified Date = 6/5/2004 3:10:08 PM | Attr =    ]
< Owner Startup Folder > -> H:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
msapsspc.dll schannel.dll digest.dll msnsspc.dll ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 AM | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
H:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 2/28/2006 8:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 2/28/2006 8:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 11:34:01 PM | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 2/28/2006 8:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 2/28/2006 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPIONEER_DVD-RW__DVR-111D________________1.23____\46_044483350363036375731204c202020202020 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< HOSTS File > (224776 bytes) -> H:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> H:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4201 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6313 domain(s) found. -> 
turbotax.com .[https] -> Trusted sites -> 
38 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr =    ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 927008 bytes | Modified Date = 5/16/2008 12:49:40 PM | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 12:43:28 PM | Attr =    ]
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\EWPBrowseLoader.dll [EWPBrowseObject Class] ->  [Ver = 2, 6, 3, 0 | Size = 34304 bytes | Modified Date = 4/18/2006 8:04:14 PM | Attr =    ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 66880 bytes | Modified Date = 7/24/2007 1:02:40 PM | Attr =    ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 4/11/2008 5:13:46 PM | Attr =    ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll [McAfee SiteAdvisor] ->  [Ver =  | Size = 927008 bytes | Modified Date = 5/16/2008 12:49:40 PM | Attr =    ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R  ]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] ->  [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr =    ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 12:43:28 PM | Attr =    ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll ->  [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr =    ]
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll ->  [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr =    ]
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll ->  [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr =    ]
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll ->  [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{0C686905-2B56-42EB-B2B9-E0EDC960491F} ->    (1394 Net Adapter) -> 
{45C0B071-2B7A-48C7-8CDD-B43A294AC986} ->    (NVIDIA nForce Networking Controller) -> 
{F0085615-050F-43AB-8990-AAB883D4D793} ->    (NETGEAR WG111 802.11g Wireless USB2.0 Adapter) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\nvappfilter.dll -> NVIDIA [Ver = 1, 0, 2, 0 | Size = 131072 bytes | Modified Date = 2/17/2006 11:39:14 AM | Attr =    ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll[Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 927008 bytes | Modified Date = 5/16/2008 12:49:40 PM | Attr =    ]
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> -> 



[Files/Folders - Created Within 30 days]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/22/2008 11:25:44 AM | Attr =    ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/22/2008 11:25:43 AM | Attr =    ]

[Files/Folders - Modified Within 30 days]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/22/2008 12:56:10 PM | Attr = R  ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/13/2008 3:09:29 AM | Attr =    ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 8/17/2008 3:01:14 PM | Attr =    ]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 8/17/2008 3:01:18 PM | Attr =    ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 8/18/2008 9:08:08 PM | Attr =    ]
Config.MPF -> %SystemRoot%\System32\Config.MPF ->  [Ver =  | Size = 11992 bytes | Modified Date = 8/22/2008 12:55:24 PM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 8/13/2008 3:02:06 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 8/22/2008 12:56:10 PM | Attr =    ]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 43531 bytes | Modified Date = 8/22/2008 12:56:46 PM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 59780 bytes | Modified Date = 8/17/2008 10:27:44 PM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 397560 bytes | Modified Date = 8/17/2008 10:27:44 PM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 464860 bytes | Modified Date = 8/17/2008 10:27:44 PM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13646 bytes | Modified Date = 8/22/2008 12:56:31 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 8/13/2008 3:01:59 AM | Attr =  H ]
5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/22/2008 12:56:23 PM | Attr =   S]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 8/13/2008 3:02:02 AM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/15/2008 5:17:49 PM | Attr =  H ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/22/2008 12:58:28 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 8/11/2008 12:50:04 AM | Attr =  H ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 8/22/2008 12:54:05 PM | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 8/22/2008 12:58:56 PM | Attr =    ]
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job ->  [Ver =  | Size = 264 bytes | Modified Date = 8/15/2008 1:00:30 AM | Attr =    ]
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job ->  [Ver =  | Size = 356 bytes | Modified Date = 8/1/2008 1:00:24 AM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/22/2008 12:56:35 PM | Attr =  H ]
H:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> H:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 12/11/2006 9:14:41 AM | Attr =    ]
qmgr0.dat -> H:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5522 bytes | Modified Date = 8/22/2008 12:58:13 PM | Attr =    ]
qmgr1.dat -> H:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5522 bytes | Modified Date = 8/22/2008 12:58:13 PM | Attr =    ]
H:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> H:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data ->  [Folder | Modified Date = 9/3/2007 11:39:17 PM | Attr =    ]
data.dat -> H:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1388 bytes | Modified Date = 8/11/2008 10:48:47 AM | Attr =    ]
H:\WINDOWS\Temp\ -> H:\WINDOWS\Temp ->  [Folder | Modified Date = 8/22/2008 12:59:57 PM | Attr =    ]
CTPBSeq.exe -> H:\WINDOWS\Temp\CTPBSeq.exe -> Creative Technology Ltd. [Ver = 1, 0, 0, 2 | Size = 65536 bytes | Modified Date = 5/31/2005 1:02:00 PM | Attr = R  ]
48 H:\WINDOWS\Temp\*.tmp files -> H:\WINDOWS\Temp\*.tmp -> 
H:\WINDOWS\Temp\ -> H:\WINDOWS\Temp ->  [Folder | Modified Date = 8/22/2008 12:59:57 PM | Attr =    ]
Perflib_Perfdata_610.dat -> H:\WINDOWS\Temp\Perflib_Perfdata_610.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 5/15/2008 10:48:40 AM | Attr =    ]
Perflib_Perfdata_6fc.dat -> H:\WINDOWS\Temp\Perflib_Perfdata_6fc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 9/7/2007 4:01:18 AM | Attr =    ]
Perflib_Perfdata_78c.dat -> H:\WINDOWS\Temp\Perflib_Perfdata_78c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 5/4/2007 4:02:35 AM | Attr =    ]
Perflib_Perfdata_7dc.dat -> H:\WINDOWS\Temp\Perflib_Perfdata_7dc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 1/6/2007 2:44:24 PM | Attr =    ]
Perflib_Perfdata_ab8.dat -> H:\WINDOWS\Temp\Perflib_Perfdata_ab8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/11/2008 10:39:33 AM | Attr =    ]
Perflib_Perfdata_b0c.dat -> H:\WINDOWS\Temp\Perflib_Perfdata_b0c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/12/2008 12:20:47 AM | Attr =    ]
Perflib_Perfdata_b6c.dat -> H:\WINDOWS\Temp\Perflib_Perfdata_b6c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/1/2007 1:42:41 PM | Attr =    ]
Perflib_Perfdata_b7c.dat -> H:\WINDOWS\Temp\Perflib_Perfdata_b7c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/3/2007 1:40:03 AM | Attr =    ]
Perflib_Perfdata_ccc.dat -> H:\WINDOWS\Temp\Perflib_Perfdata_ccc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/3/2007 1:37:08 AM | Attr =    ]
Perflib_Perfdata_cec.dat -> H:\WINDOWS\Temp\Perflib_Perfdata_cec.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 12/1/2007 1:38:57 PM | Attr =    ]
Perflib_Perfdata_da0.dat -> H:\WINDOWS\Temp\Perflib_Perfdata_da0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 10/10/2007 10:24:13 AM | Attr =    ]
48 H:\WINDOWS\Temp\*.tmp files -> H:\WINDOWS\Temp\*.tmp -> 

< End of report >



The virus seems to be gone, the bg is no longer displaying the warning that i have a virus, and I can now get into my display panel to change the background.
teen8bo1
Active Member
 
Posts: 5
Joined: August 15th, 2008, 1:58 pm

Re: hijackthis results for comp with jokebluescreen.c

Unread postby Shaba » August 22nd, 2008, 1:13 pm

That is nice to hear :)

Please post also a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: hijackthis results for comp with jokebluescreen.c

Unread postby Shaba » August 27th, 2008, 1:40 am

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware