Unsolved
This post is more than 5 years old
14 Posts
0
942
Hijack this log
- The virus came from a Winfixer download that poped up on my computer, i think.
- I am getting a Trojam warning found.
- It says " The file C:\WINDOWS\system32\vtuts.dll is infected by the Vundo trojan and cannot be cleared.
Logfile of HijackThis v1.99.1
Scan saved at 7:50:53 PM, on 9/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Scan saved at 7:50:53 PM, on 9/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\LVComsX.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\EHTray.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\Rar$EX00.093\HijackThis.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\LVComsX.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\EHTray.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\Rar$EX00.093\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mpfplus/en-us/mpfplus7/default.asp?affid=105-79&dtag=d4dmh91&langid=1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {419A23EC-B09C-4B57-84A2-65982EF25F14} - C:\WINDOWS\system32\vtuts.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\dhvntbgf.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NI.USYP_0002_N91M1708] "c:\documents and settings\jessica antrobus\application data\sysprotectscannerinstall[1].exe" -nag
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: pushow49.dll,wbsys.dll
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winegi32 - winegi32.dll (file missing)
O20 - Winlogon Notify: winfmy32 - winfmy32.dll (file missing)
O20 - Winlogon Notify: wingjc32 - wingjc32.dll (file missing)
O20 - Winlogon Notify: wingwn32 - wingwn32.dll (file missing)
O20 - Winlogon Notify: winiae32 - winiae32.dll (file missing)
O20 - Winlogon Notify: winijp32 - winijp32.dll (file missing)
O20 - Winlogon Notify: winilb32 - winilb32.dll (file missing)
O20 - Winlogon Notify: winstu32 - winstu32.dll (file missing)
O20 - Winlogon Notify: winxza32 - winxza32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: WUSB54GSv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe (file missing)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mpfplus/en-us/mpfplus7/default.asp?affid=105-79&dtag=d4dmh91&langid=1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {419A23EC-B09C-4B57-84A2-65982EF25F14} - C:\WINDOWS\system32\vtuts.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\dhvntbgf.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NI.USYP_0002_N91M1708] "c:\documents and settings\jessica antrobus\application data\sysprotectscannerinstall[1].exe" -nag
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: pushow49.dll,wbsys.dll
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winegi32 - winegi32.dll (file missing)
O20 - Winlogon Notify: winfmy32 - winfmy32.dll (file missing)
O20 - Winlogon Notify: wingjc32 - wingjc32.dll (file missing)
O20 - Winlogon Notify: wingwn32 - wingwn32.dll (file missing)
O20 - Winlogon Notify: winiae32 - winiae32.dll (file missing)
O20 - Winlogon Notify: winijp32 - winijp32.dll (file missing)
O20 - Winlogon Notify: winilb32 - winilb32.dll (file missing)
O20 - Winlogon Notify: winstu32 - winstu32.dll (file missing)
O20 - Winlogon Notify: winxza32 - winxza32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: WUSB54GSv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe (file missing)
Mr_JAk3
159 Posts
0
September 19th, 2006 17:00
Download HijackThis from here to your desktop -> Link
Create a new folder named HijackThis to your desktop and move HijackThis.exe into that folder.
Please download VundoFix.exe to your desktop.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Message Edited by Mr_JAk3 on 09-19-2006 01:45 PM
autobus25
14 Posts
0
September 19th, 2006 23:00
Mr_JAk3
159 Posts
0
September 20th, 2006 03:00
Then we'll continue ;)
Message Edited by Mr_JAk3 on 09-19-2006 11:53 PM
autobus25
14 Posts
0
September 20th, 2006 05:00
Beginning removal...
Beginning removal...
Beginning removal...
VundoFix V6.1.5
Beginning removal...
Scan saved at 11:08:20 PM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Matthew Antrobus\Desktop\VundoFix.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\Rar$EX08.907\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mpfplus/en-us/mpfplus7/default.asp?affid=105-79&dtag=d4dmh91&langid=1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {419A23EC-B09C-4B57-84A2-65982EF25F14} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\dhvntbgf.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NI.USYP_0002_N91M1708] "c:\documents and settings\jessica antrobus\application data\sysprotectscannerinstall[1].exe" -nag
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: pushow49.dll,wbsys.dll
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll (file missing)
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winegi32 - winegi32.dll (file missing)
O20 - Winlogon Notify: winfmy32 - winfmy32.dll (file missing)
O20 - Winlogon Notify: wingjc32 - wingjc32.dll (file missing)
O20 - Winlogon Notify: wingwn32 - wingwn32.dll (file missing)
O20 - Winlogon Notify: winiae32 - winiae32.dll (file missing)
O20 - Winlogon Notify: winijp32 - winijp32.dll (file missing)
O20 - Winlogon Notify: winilb32 - winilb32.dll (file missing)
O20 - Winlogon Notify: winstu32 - winstu32.dll (file missing)
O20 - Winlogon Notify: winxza32 - winxza32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: WUSB54GSv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe (file missing)
Mr_JAk3
159 Posts
0
September 20th, 2006 12:00
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download and install ewido anti-spyware 4.0
Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.
Download HijackThis from here to your desktop -> Link
Create a new folder named HijackThis to your desktop and move HijackThis.exe into that folder.
Then, make your hidden files visible:
Download RemAdvertisemen by Atribune to your desktop.
Double click the file remadvertisemen.exe
Once it is running click the " Start Removal" button and wait for the " Done Removal! Please reboot your computer now" message.
Once you see that Click ok and then reboot your computer.
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O2 - BHO: (no name) - {419A23EC-B09C-4B57-84A2-65982EF25F14} - C:\WINDOWS\system32\vtuts.dll (file missing)
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\dhvntbgf.dll
O4 - HKLM\..\Run: "c:\documents and settings\jessica antrobus\application data\sysprotectscannerinstall1>.exe" -nag
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: vtuts - C:\WINDOWS\system32\vtuts.dll (file missing)
O20 - Winlogon Notify: winegi32 - winegi32.dll (file missing)
O20 - Winlogon Notify: winfmy32 - winfmy32.dll (file missing)
O20 - Winlogon Notify: wingjc32 - wingjc32.dll (file missing)
O20 - Winlogon Notify: wingwn32 - wingwn32.dll (file missing)
O20 - Winlogon Notify: winiae32 - winiae32.dll (file missing)
O20 - Winlogon Notify: winijp32 - winijp32.dll (file missing)
O20 - Winlogon Notify: winilb32 - winilb32.dll (file missing)
O20 - Winlogon Notify: winstu32 - winstu32.dll (file missing)
O20 - Winlogon Notify: winxza32 - winxza32.dll (file missing)
Restart your computer to the safe mode:
Go to the My Computer and delete the following files(if present):
c:\documents and settings\jessica antrobus\application data\ sysprotectscannerinstall[1].exe
C:\WINDOWS\system32\ dhvntbgf.dll
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
NOTE The following will clear all of your cookies, forms and history from FireFox. Feel free to skip this step.
If you use Firefox browser
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Now scan your computer with Ewido.
When you're ready, post the following logs to here:
- Ewido's report
- a fresh HijackThis log
Message Edited by Mr_JAk3 on 09-20-2006 08:04 AM
autobus25
14 Posts
0
September 21st, 2006 03:00
ewido anti-spyware - Scan Report
---------------------------------------------------------
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@harpo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@heavyhammerinc.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@in2m.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@marketlive.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@e-2dj6wfk4oiazmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@e-2dj6wgkigod5kcq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@ehg-shoes.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Jessica Antrobus\Cookies\jessica antrobus@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
::Report end
autobus25
14 Posts
0
September 21st, 2006 03:00
Scan saved at 9:39:37 PM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/mpfplus/en-us/mpfplus7/default.asp?affid=105-79&dtag=d4dmh91&langid=1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [NI.USYP_0002_N91M1708] "c:\documents and settings\jessica antrobus\application data\sysprotectscannerinstall[1].exe" -nag
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: WUSB54GSv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe (file missing)
Mr_JAk3
159 Posts
0
September 21st, 2006 12:00
There is this one leftover that we'll need to remove. Please do the following:
Please download WinPFind2.
autobus25
14 Posts
0
September 21st, 2006 15:00
WinPFind2 by OldTimer - Version 1.0.10 Folder = C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\Rar$EX00.234\WinPFind2\
Microsoft Windows XP (Version = Service Pack 2)
Internet Explorer (Version - 6.0.2900.2180)
[Start Post #1]
Image Name---------------ProcessID--Thread Count--Parent ID--Base Priority--
#Full Path
##(Version Info)
#c:\program files\infinite mind lc\eyeq\arlaunch.exe
##( [Ver = | Size = 323584 bytes | Date = 02/14/2002 17:13 | Attr = ])
#c:\windows\system32\ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Date = 08/04/2005 03:02 | Attr = ])
#c:\program files\ewido anti-spyware 4.0\ewido.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 6283264 bytes | Date = 06/16/2006 07:39 | Attr = ])
#c:\program files\logitech\video\fxsvr2.exe
##(Logitech Inc. [Ver = 8.4.7.1034 | Size = 192512 bytes | Date = 06/08/2005 14:44 | Attr = ])
#c:\program files\google\googletoolbarnotifier\1.0.720.3640\googletoolbarnotifier.exe
##(Google Inc. [Ver = 1, 0, 720, 3640 | Size = 155896 bytes | Date = 09/13/2006 08:01 | Attr = ])
#c:\program files\ewido anti-spyware 4.0\guard.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/16/2006 07:38 | Attr = ])
#c:\program files\ipod\bin\ipodservice.exe
##(Apple Computer, Inc. [Ver = 7.0.0.70 | Size = 451136 bytes | Date = 09/12/2006 01:58 | Attr = ])
#c:\program files\itunes\ituneshelper.exe
##(Apple Computer, Inc. [Ver = 7.0.0.70 | Size = 229952 bytes | Date = 09/12/2006 01:58 | Attr = ])
#c:\program files\logitech\video\logitray.exe
##(Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Date = 06/08/2005 15:14 | Attr = ])
#c:\windows\system32\lvcomsx.exe
##(Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Date = 07/19/2005 17:32 | Attr = ])
#c:\progra~1\mcafee\mcafee~1\masalert.exe
##(McAfee, Inc. [Ver = 1.5.0.110 | Size = 327680 bytes | Date = 01/06/2006 15:14 | Attr = ])
#c:\progra~1\mcafee\mcafee antispyware\massrv.exe
##(McAfee, Inc. [Ver = 1.5.0.110 | Size = 876544 bytes | Date = 01/06/2006 15:13 | Attr = ])
#c:\progra~1\mcafee.com\agent\mcagent.exe
##(McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Date = 09/22/2005 18:29 | Attr = ])
#c:\program files\mcafee.com\agent\mcdetect.exe
##(McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Date = 10/13/2005 19:56 | Attr = ])
#c:\progra~1\mcafee.com\vso\mcshield.exe
##(McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Date = 08/10/2005 11:22 | Attr = ])
#c:\progra~1\mcafee.com\agent\mctskshd.exe
##(McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Date = 08/24/2005 16:01 | Attr = ])
#c:\progra~1\mcafee.com\vso\mcvsescn.exe
##(McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 483328 bytes | Date = 07/08/2005 18:16 | Attr = ])
#c:\progra~1\mcafee.com\vso\mcvsftsn.exe
##(McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 299008 bytes | Date = 07/01/2005 20:43 | Attr = ])
#c:\program files\mcafee.com\vso\mcvsshld.exe
##(McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Date = 08/10/2005 12:49 | Attr = ])
#c:\progra~1\mcafee.com\person~1\mpfagent.exe
##(McAfee Security [Ver = 6.1.0.44 | Size = 495616 bytes | Date = 04/05/2005 14:46 | Attr = ])
#c:\progra~1\mcafee.com\person~1\mpfservice.exe
##(McAfee Corporation [Ver = 6.1.0.44 | Size = 552960 bytes | Date = 04/05/2005 14:40 | Attr = ])
#c:\progra~1\mcafee.com\person~1\mpftray.exe
##(McAfee Security [Ver = 6.1.0.44 | Size = 950272 bytes | Date = 04/05/2005 14:41 | Attr = ])
#c:\progra~1\mcafee\spamki~1\mskagent.exe
##(McAfee Inc. [Ver = 6.1.0.6 | Size = 126976 bytes | Date = 03/23/2005 16:33 | Attr = ])
#c:\progra~1\mcafee\spamki~1\msksrvr.exe
##(McAfee Inc. [Ver = 6.1.0.7 | Size = 956928 bytes | Date = 04/05/2005 17:56 | Attr = ])
#c:\program files\mcafee.com\vso\oasclnt.exe
##(McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Date = 08/11/2005 22:02 | Attr = ])
#c:\program files\mcafee\mcafee quickclean\plguni.exe
##(McAfee, Inc. [Ver = 5.00.1.0 | Size = 94208 bytes | Date = 08/25/2004 05:00 | Attr = ])
#c:\program files\quicktime\qttask.exe
##(Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Date = 09/01/2006 15:57 | Attr = ])
#c:\program files\dantz\retrospect express hd\retrorun.exe
##(Dantz Development Corporation [Ver = 1.0.196 | Size = 69632 bytes | Date = 07/30/2004 16:47 | Attr = ])
#c:\docume~1\matthe~1\locals~1\temp\rar$ex00.234\winpfind2\winpfind2.exe
##(OldTimer Tools [Ver = 1.0.10.0 | Size = 392704 bytes | Date = 09/17/2006 11:39 | Attr = ])
#c:\program files\winrar\winrar.exe
##( [Ver = | Size = 916992 bytes | Date = 07/13/2006 19:03 | Attr = ])
#c:\program files\realvnc\vnc4\winvnc4.exe
##(RealVNC Ltd. [Ver = 4.1.2 | Size = 439248 bytes | Date = 05/12/2006 15:04 | Attr = ])
#c:\program files\linksys wireless-g usb wireless network monitor\wlservice.exe
##(GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Date = 02/06/2004 22:56 | Attr = ])
#c:\program files\linksys wireless-g usb wireless network monitor\wusb54gsv2.exe
##(Linksys [Ver = 1.0.0.1 | Size = 5044736 bytes | Date = 05/03/2005 23:27 | Attr = ])
Registry Entries
##(Version Info)
#http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
##
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##
#http://www.dell.com
##
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##
#%SystemRoot%\system32\blank.htm
##
#http://www.google.com/ig/dell?hl=en
##
#http://www.google.com/ie
##
#http://www.google.com
##
#http://www.google.com/ig/dell?hl=en
##
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##
#C:\WINDOWS\system32\blank.htm
##
#http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
##
#http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
##
#Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1497088 bytes | Date = 06/23/2006 04:25 | Attr = ])
#0
##
#AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
##(Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Date = 01/12/2006 21:38 | Attr = ])
#SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Date = 11/10/2005 14:22 | Attr = ])
#Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
##(Microsoft Corporation [Ver = 4.000.249.1 | Size = 324416 bytes | Date = 07/07/2006 12:29 | Attr = ])
#Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
##(Google Inc. [Ver = 4, 0, 1019, 5266 | Size = 2018368 bytes | Date = 08/09/2006 17:52 | Attr = R ])
#CBrowserHelperObject Object = c:\Program Files\GoogleAFE\GoogleAE.dll
##(Google [Ver = 1.0.0.1 | Size = 90112 bytes | Date = 12/08/2005 13:00 | Attr = ])
#&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1497088 bytes | Date = 06/23/2006 04:25 | Attr = ])
#Shell Search Band = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 04:25 | Attr = ])
#Favorites Band = %SystemRoot%\system32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1497088 bytes | Date = 06/23/2006 04:25 | Attr = ])
#Explorer Band = %SystemRoot%\system32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1497088 bytes | Date = 06/23/2006 04:25 | Attr = ])
#&Google = c:\program files\google\googletoolbar1.dll
##(Google Inc. [Ver = 4, 0, 1019, 5266 | Size = 2018368 bytes | Date = 08/09/2006 17:52 | Attr = R ])
#McAfee VirusScan = c:\progra~1\mcafee.com\vso\mcvsshl.dll
##(McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 07/01/2005 20:44 | Attr = ])
#&Address = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 04:25 | Attr = ])
#&Google = c:\program files\google\googletoolbar1.dll
##(Google Inc. [Ver = 4, 0, 1019, 5266 | Size = 2018368 bytes | Date = 08/09/2006 17:52 | Attr = R ])
#Reg Data missing or invalid = Reg Data missing or invalid
##(File not found)
#Reg Data missing or invalid = Reg Data missing or invalid
##(File not found)
#&Address = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 04:25 | Attr = ])
#&Links = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 06:33 | Attr = ])
#&Google = c:\program files\google\googletoolbar1.dll
##(Google Inc. [Ver = 4, 0, 1019, 5266 | Size = 2018368 bytes | Date = 08/09/2006 17:52 | Attr = R ])
#Reg Data missing or invalid = Reg Data missing or invalid
##(File not found)
#Reg Data missing or invalid = Reg Data missing or invalid
##(File not found)
#Yahoo! Toolbar = Reg Data missing or invalid
##(File not found)
#8192 - Sun Java Console
##
#8195 - Reg Data missing or invalid
##
#8196 - Reg Data missing or invalid
##
#8193 - Reg Data missing or invalid
##
#8194 - Windows Messenger
##
#8197
##
autobus25
14 Posts
0
September 21st, 2006 15:00
#
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Logitech Inc. [Ver = 8.4.7.1034 | Size = 282624 bytes | Date = 06/08/2005 15:13 | Attr = ])
# ( [Ver = | Size = 24576 bytes | Date = 09/18/2003 02:18 | Attr = R ])
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 73728 bytes | Date = 06/10/2005 09:43 | Attr = ])
# (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 49265 bytes | Date = 11/10/2005 14:03 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Intel(R) Corporation [Ver = 7.2.3.2 | Size = 77824 bytes | Date = 11/18/2004 09:02 | Attr = ])
# (Sigmatel, Inc. [Ver = 1.0.4447.0 nd82 cp1 | Size = 143441 bytes | Date = 03/22/2005 04:22 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 05:16 | Attr = ])
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/10/2004 04:00 | Attr = ])
# (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 05:16 | Attr = ])
#
# = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
#( [Ver = | Size = 84 bytes | Date = 08/16/2005 03:43 | Attr = HS])
#C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe ( [Ver = | Size = 323584 bytes | Date = 02/14/2002 17:13 | Attr = ])
# = %ALLUSERSPROFILE%\Start Menu\Programs\Startup
# = C:\Documents and Settings\Matthew Antrobus\Start Menu\Programs\Startup
#( [Ver = | Size = 84 bytes | Date = 08/16/2005 03:43 | Attr = HS])
# = %USERPROFILE%\Start Menu\Programs\Startup
#
#Explorer.exe
#[Rename]
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
#NUL=
autobus25
14 Posts
0
September 21st, 2006 15:00
# (Linksys Wireless-G USB Network Adapter with SpeedBooster v2)
##
# (Intel(R) PRO/100 VE Network Connection)
##
# ()
##
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\System32\winrnr.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16896 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 04:00 | Attr = ])
#
##(File not found)
#
##(File not found)
Name--Internal Name--Startup Type--State--Service Type--
#Path
##(Version Info)
#C:\WINDOWS\system32\Ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Date = 08/04/2005 03:02 | Attr = ])
#C:\Program Files\ewido anti-spyware 4.0\guard.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/16/2006 07:38 | Attr = ])
#"C:\Program Files\iPod\bin\iPodService.exe"
##(Apple Computer, Inc. [Ver = 7.0.0.70 | Size = 451136 bytes | Date = 09/12/2006 01:58 | Attr = ])
#"c:\progra~1\mcafee\mcafee antispyware\massrv.exe"
##(McAfee, Inc. [Ver = 1.5.0.110 | Size = 876544 bytes | Date = 01/06/2006 15:13 | Attr = ])
#c:\program files\mcafee.com\agent\mcdetect.exe
##(McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Date = 10/13/2005 19:56 | Attr = ])
#c:\PROGRA~1\mcafee.com\vso\mcshield.exe
##(McAfee Inc. [Ver = 11.0.0.151 | Size = 221184 bytes | Date = 08/10/2005 11:22 | Attr = ])
#c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
##(McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Date = 08/24/2005 16:01 | Attr = ])
#C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
##(McAfee Corporation [Ver = 6.1.0.44 | Size = 552960 bytes | Date = 04/05/2005 14:40 | Attr = ])
#C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
##(McAfee Inc. [Ver = 6.1.0.7 | Size = 956928 bytes | Date = 04/05/2005 17:56 | Attr = ])
#C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
##(Dantz Development Corporation [Ver = 1.0.196 | Size = 69632 bytes | Date = 07/30/2004 16:47 | Attr = ])
#"C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service
##(RealVNC Ltd. [Ver = 4.1.2 | Size = 439248 bytes | Date = 05/12/2006 15:04 | Attr = ])
#"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GSv2.exe"
##(GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Date = 02/06/2004 22:56 | Attr = ])
autobus25
14 Posts
0
September 21st, 2006 15:00
#NUL=C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\nstmp\uninstall.ini
#NUL=C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\nstmp
#REM Windows MS-DOS Startup File
#REM
#REM CONFIG.SYS vs CONFIG.NT
#REM CONFIG.SYS is not used to initialize the MS-DOS environment.
#REM CONFIG.NT is used to initialize the MS-DOS environment unless a
#REM different startup file is specified in an application's PIF.
#REM
#REM ECHOCONFIG
#REM By default, no information is displayed when the MS-DOS environment
#REM is initialized. To display CONFIG.NT/AUTOEXEC.NT information, add
#REM the command echoconfig to CONFIG.NT or other startup file.
#REM
#REM NTCMDPROMPT
#REM When you return to the command prompt from a TSR or while running an
#REM MS-DOS-based application, Windows runs COMMAND.COM. This allows the
#REM TSR to remain active. To run CMD.EXE, the Windows command prompt,
#REM rather than COMMAND.COM, add the command ntcmdprompt to CONFIG.NT or
#REM other startup file.
#REM
#REM DOSONLY
#REM By default, you can start any type of application when running
#REM COMMAND.COM. If you start an application other than an MS-DOS-based
#REM application, any running TSR may be disrupted. To ensure that only
#REM MS-DOS-based applications can be started, add the command dosonly to
#REM CONFIG.NT or other startup file.
#REM
#REM EMM
#REM You can use EMM command line to configure EMM(Expanded Memory Manager).
#REM The syntax is:
#REM
#REM EMM = [A=AltRegSets] [B=BaseSegment] [RAM]
#REM
#REM AltRegSets
#REM specifies the total Alternative Mapping Register Sets you
#REM want the system to support. 1 <= AltRegSets <= 255. The
#REM default value is 8.
#REM BaseSegment
#REM specifies the starting segment address in the Dos conventional
#REM memory you want the system to allocate for EMM page frames.
#REM The value must be given in Hexdecimal.
#REM 0x1000 <= BaseSegment <= 0x4000. The value is rounded down to
#REM 16KB boundary. The default value is 0x4000
#REM RAM
#REM specifies that the system should only allocate 64Kb address
#REM space from the Upper Memory Block(UMB) area for EMM page frames
#REM and leave the rests(if available) to be used by DOS to support
#REM loadhigh and devicehigh commands. The system, by default, would
#REM allocate all possible and available UMB for page frames.
#REM
#REM The EMM size is determined by pif file(either the one associated
#REM with your application or _default.pif). If the size from PIF file
#REM is zero, EMM will be disabled and the EMM line will be ignored.
#REM
#dos=high, umb
#device=%SystemRoot%\system32\himem.sys
#files=40
#@echo off
#REM AUTOEXEC.BAT is not used to initialize the MS-DOS environment.
#REM AUTOEXEC.NT is used to initialize the MS-DOS environment unless a
#REM different startup file is specified in an application's PIF.
#REM Install CD ROM extensions
#lh %SystemRoot%\system32\mscdexnt.exe
#REM Install network redirector (load before dosx.exe)
#lh %SystemRoot%\system32\redir
#REM Install DPMI support
#lh %SystemRoot%\system32\dosx
#REM The following line enables Sound Blaster 2.0 support on NTVDM.
#REM The command for setting the BLASTER environment is as follows:
#REM SET BLASTER=A220 I5 D1 P330
#REM where:
#REM A specifies the sound blaster's base I/O port
#REM I specifies the interrupt request line
#REM D specifies the 8-bit DMA channel
#REM P specifies the MPU-401 base I/O port
#REM T specifies the type of sound blaster card
#REM 1 - Sound Blaster 1.5
#REM 2 - Sound Blaster Pro I
#REM 3 - Sound Blaster 2.0
#REM 4 - Sound Blaster Pro II
#REM 6 - SOund Blaster 16/AWE 32/32/64
#REM
#REM The default value is A220 I5 D1 T3 and P330. If any of the switches is
#REM left unspecified, the default value will be used. (NOTE, since all the
#REM ports are virtualized, the information provided here does not have to
#REM match the real hardware setting.) NTVDM supports Sound Blaster 2.0 only.
#REM The T switch must be set to 3, if specified.
#SET BLASTER=A220 I5 D1 P330 T3
#REM To disable the sound blaster 2.0 support on NTVDM, specify an invalid
#REM SB base I/O port address. For example:
#REM SET BLASTER=A0
#
#
# ( [Ver = | Size = 62 bytes | Date = 08/16/2005 03:33 | Attr = HS])
# ( [Ver = | Size = 1755 bytes | Date = 09/20/2006 21:52 | Attr = ])
#
# ( [Ver = | Size = 875 bytes | Date = 02/28/2006 02:02 | Attr = ])
# ( [Ver = | Size = 4837 bytes | Date = 09/07/2006 20:48 | Attr = ])
# ( [Ver = | Size = 62 bytes | Date = 08/16/2005 03:33 | Attr = HS])
# ( [Ver = | Size = 0 bytes | Date = 02/28/2006 02:02 | Attr = ])
# ( [Ver = | Size = 12358 bytes | Date = 02/21/2006 00:08 | Attr = ])
# ( [Ver = | Size = 61678 bytes | Date = 02/21/2006 00:08 | Attr = ])
#
# (RealNetworks, Inc. [Ver = 1, 0, 1, 6 | Size = 774144 bytes | Date = 04/26/2006 14:58 | Attr = ])
# ( [Ver = | Size = 251 bytes | Date = 03/10/2006 18:22 | Attr = ])
#
#
#MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
#Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
#McAfee.com Operating System Class - CodeBase = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
#Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
#ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
#DwnldGroupMgr Class - CodeBase = http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
#Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
#Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
#Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
# - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
#C:\WINDOWS\System32\drivers\etc\Hosts
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
autobus25
14 Posts
0
September 21st, 2006 15:00
Full Path
#Details
#
#
#
#
#PEC2 ( [Ver = | Size = 41397 bytes | Date = 08/10/2004 04:00 | Attr = ])
#FSG! (DivXNetworks, Inc. [Ver = 5.1.1.1031 | Size = 236544 bytes | Date = 11/11/2003 17:00 | Attr = ])
#aspack ( [Ver = | Size = 126464 bytes | Date = 08/07/2003 14:01 | Attr = ])
#PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 571184 bytes | Date = 06/19/2006 16:19 | Attr = ])
#PECompact2 (Microsoft Corporation [Ver = 1.20.1625.0 | Size = 8960936 bytes | Date = 09/11/2006 10:37 | Attr = ])
#aspack (Microsoft Corporation [Ver = 1.20.1625.0 | Size = 8960936 bytes | Date = 09/11/2006 10:37 | Attr = ])
#WSUD (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Date = 08/10/2004 04:00 | Attr = ])
#aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/10/2004 04:00 | Attr = ])
#WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/10/2004 04:00 | Attr = ])
#Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/10/2004 04:00 | Attr = ])
#winsync ( [Ver = | Size = 1309184 bytes | Date = 08/10/2004 04:00 | Attr = ])
#PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 06/19/2006 16:19 | Attr = ])
#
#
# ( [Ver = | Size = 2048 bytes | Date = 09/20/2006 22:49 | Attr = S])
# ( [Ver = | Size = 7680 bytes | Date = 09/20/2006 20:21 | Attr = HS])
# ( [Ver = | Size = 786757 bytes | Date = 09/07/2006 22:36 | Attr = HS])
# ( [Ver = | Size = 901267 bytes | Date = 09/18/2006 16:23 | Attr = HS])
# ( [Ver = | Size = 791352 bytes | Date = 09/08/2006 18:35 | Attr = HS])
# ( [Ver = | Size = 900799 bytes | Date = 09/18/2006 16:24 | Attr = HS])
# ( [Ver = | Size = 788611 bytes | Date = 09/08/2006 18:35 | Attr = HS])
# ( [Ver = | Size = 23751 bytes | Date = 07/28/2006 05:16 | Attr = S])
# ( [Ver = | Size = 10337 bytes | Date = 07/27/2006 07:00 | Attr = S])
# ( [Ver = | Size = 11749 bytes | Date = 08/21/2006 06:00 | Attr = S])
# ( [Ver = | Size = 1024 bytes | Date = 09/20/2006 22:52 | Attr = H ])
# ( [Ver = | Size = 1024 bytes | Date = 09/21/2006 07:10 | Attr = H ])
# ( [Ver = | Size = 1024 bytes | Date = 09/21/2006 00:50 | Attr = H ])
# ( [Ver = | Size = 1024 bytes | Date = 09/21/2006 07:21 | Attr = H ])
# ( [Ver = | Size = 1024 bytes | Date = 09/21/2006 07:11 | Attr = H ])
# ( [Ver = | Size = 1024 bytes | Date = 09/12/2006 21:13 | Attr = H ])
# ( [Ver = | Size = 341 bytes | Date = 08/19/2006 18:36 | Attr = S])
# ( [Ver = | Size = 413 bytes | Date = 08/19/2006 18:36 | Attr = S])
# ( [Ver = | Size = 126 bytes | Date = 08/19/2006 18:36 | Attr = S])
# ( [Ver = | Size = 98 bytes | Date = 08/19/2006 18:36 | Attr = S])
# ( [Ver = | Size = 388 bytes | Date = 08/24/2006 16:34 | Attr = HS])
# ( [Ver = | Size = 24 bytes | Date = 08/24/2006 16:34 | Attr = HS])
# ( [Ver = | Size = 6 bytes | Date = 09/20/2006 22:52 | Attr = H ])
# ( [Ver = | Size = 113 bytes | Date = 09/20/2006 22:26 | Attr = HS])
# ( [Ver = | Size = 67 bytes | Date = 09/20/2006 22:26 | Attr = HS])
# ( [Ver = | Size = 67 bytes | Date = 09/20/2006 22:26 | Attr = HS])
# ( [Ver = | Size = 67 bytes | Date = 09/20/2006 22:26 | Attr = HS])
# ( [Ver = | Size = 67 bytes | Date = 09/20/2006 22:26 | Attr = HS])
# ( [Ver = | Size = 67 bytes | Date = 09/20/2006 22:26 | Attr = HS])
autobus25
14 Posts
0
September 21st, 2006 15:00
#MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
##(Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Date = 11/10/2005 14:22 | Attr = ])
#MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Date = 11/10/2005 14:22 | Attr = ])
#ButtonText: Research = Reg Data missing or invalid
##(File not found)
#ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe
##(Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Date = 10/13/2004 09:24 | Attr = HS])
#res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
##(Microsoft Corporation [Ver = 11.0.8033 | Size = 10196752 bytes | Date = 06/23/2006 12:38 | Attr = ])
#Autoplay for SlideShow = Reg Data missing or invalid
##(File not found)
#Taskbar and Start Menu = Reg Data missing or invalid
##(File not found)
#WindowBlinds CPL Extension = C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll
##(Stardock.Net, Inc [Ver = 5.0 | Size = 95232 bytes | Date = 12/06/2005 21:29 | Attr = ])
#My Logitech Pictures = C:\Program Files\Logitech\Video\Namespc2.dll
##(Logitech Inc. [Ver = 8.4.7.1034 | Size = 135168 bytes | Date = 06/08/2005 15:25 | Attr = ])
#Display Panning CPL Extension = deskpan.dll
##(File not found)
#MediaFace extension = C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll
##(Fellowes, Inc. [Ver = 4,0,1,27 | Size = 86016 bytes | Date = 08/18/2003 18:45 | Attr = ])
#Shell extensions for file compression = Reg Data missing or invalid
##(File not found)
#User Accounts = Reg Data missing or invalid
##(File not found)
#NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Date = 11/15/2005 12:07 | Attr = ])
#Encryption Context Menu = Reg Data missing or invalid
##(File not found)
#HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll
##(Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 08/10/2004 04:00 | Attr = ])
#NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Date = 11/15/2005 12:07 | Attr = ])
#WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 126464 bytes | Date = 07/13/2006 19:04 | Attr = ])
#iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll
##(Apple Computer, Inc. [Ver = 7.0.0.70 | Size = 132672 bytes | Date = 09/12/2006 01:58 | Attr = ])
#Reg Data missing or invalid = c:\progra~1\mcafee.com\vso\mcvsshl.dll
##(McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 07/01/2005 20:44 | Attr = ])
#Reg Data missing or invalid = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
##(Nero AG [Ver = 2, 0, 4, 3 | Size = 73728 bytes | Date = 01/25/2006 21:22 | Attr = ])
#{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/16/2006 07:38 | Attr = ])
#{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} = C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll
##(Fellowes, Inc. [Ver = 4,0,1,27 | Size = 86016 bytes | Date = 08/18/2003 18:45 | Attr = ])
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 126464 bytes | Date = 07/13/2006 19:04 | Attr = ])
#{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/16/2006 07:38 | Attr = ])
#{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} = C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll
##(Fellowes, Inc. [Ver = 4,0,1,27 | Size = 86016 bytes | Date = 08/18/2003 18:45 | Attr = ])
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 126464 bytes | Date = 07/13/2006 19:04 | Attr = ])
#Reg Data missing or invalid = c:\progra~1\mcafee.com\vso\mcvsshl.dll
##(McAfee, Inc. [Ver = 10, 0, 0, 19 | Size = 114688 bytes | Date = 07/01/2005 20:44 | Attr = ])
#Reg Data missing or invalid = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
##(Nero AG [Ver = 2, 0, 4, 3 | Size = 73728 bytes | Date = 01/25/2006 21:22 | Attr = ])
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 126464 bytes | Date = 07/13/2006 19:04 | Attr = ])
#NeroDigitalColumnHandler Class = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Date = 11/15/2005 12:07 | Attr = ])
#PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
##(Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Date = 12/14/2004 03:20 | Attr = ])
#batfile
##
#"%1" %*
##
#cmdfile
##
#"%1" %*
##
#comfile
##
#"%1" %*
##
#exefile
##
#"%1" %*
##
#htafile
##
#C:\WINDOWS\system32\mshta.exe "%1" %*
##
#JSFile
##
#%SystemRoot%\System32\WScript.exe "%1" %*
##
#JSEFile
##
#%SystemRoot%\System32\WScript.exe "%1" %*
##
#scrfile
##
#"%1" /S
##
#VBEFile
##
#%SystemRoot%\System32\WScript.exe "%1" %*
##
#VBSFile
##
#%SystemRoot%\System32\WScript.exe "%1" %*
##
#WSFFile
##
#%SystemRoot%\System32\WScript.exe "%1" %*
##
#WSHFile
##
#%SystemRoot%\System32\WScript.exe "%1" %*
##
#txtfile
##
#%SystemRoot%\system32\NOTEPAD.EXE %1
##
#"C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 6283264 bytes | Date = 06/16/2006 07:39 | Attr = ])
#c:\progra~1\mcafee\MCAFEE~1\masalert.exe
##(McAfee, Inc. [Ver = 1.5.0.110 | Size = 327680 bytes | Date = 01/06/2006 15:14 | Attr = ])
#"C:\Program Files\Microsoft IntelliPoint\point32.exe"
##(Microsoft Corporation [Ver = 5.20.413.0 | Size = 204800 bytes | Date = 06/03/2004 01:50 | Attr = ])
#"C:\Program Files\iTunes\iTunesHelper.exe"
##(Apple Computer, Inc. [Ver = 7.0.0.70 | Size = 229952 bytes | Date = 09/12/2006 01:58 | Attr = ])
#C:\Program Files\Logitech\Video\ISStart.exe
##(Logitech Inc. [Ver = 8.4.7.1034 | Size = 458752 bytes | Date = 06/08/2005 15:24 | Attr = ])
#C:\Program Files\Logitech\Video\LogiTray.exe
##(Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Date = 06/08/2005 15:14 | Attr = ])
#c:\PROGRA~1\mcafee.com\agent\mcagent.exe
##(McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Date = 09/22/2005 18:29 | Attr = ])
#c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
##(McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Date = 01/11/2006 12:05 | Attr = ])
#C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
##(McAfee Security [Ver = 6.1.0.44 | Size = 950272 bytes | Date = 04/05/2005 14:41 | Attr = ])
#C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
##(McAfee Inc. [Ver = 6.1.0.6 | Size = 126976 bytes | Date = 03/23/2005 16:33 | Attr = ])
#"c:\documents and settings\jessica antrobus\application data\sysprotectscannerinstall[1].exe" -nag
##(File not found)
#C:\Program Files\McAfee.com\VSO\oasclnt.exe
##(McAfee, Inc. [Ver = 10, 0, 0, 24 | Size = 53248 bytes | Date = 08/11/2005 22:02 | Attr = ])
#"C:\Program Files\QuickTime\qttask.exe" -atboottime
##(Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Date = 09/01/2006 15:57 | Attr = ])
#"C:\Program Files\Microsoft IntelliType Pro\type32.exe"
##(Microsoft Corporation [Ver = 5.20.413.0 | Size = 172032 bytes | Date = 06/03/2004 01:51 | Attr = ])
#%systemroot%\system32\dumprep 0 -u
##(File not found)
#C:\Program Files\McAfee.com\VSO\mcvsshld.exe
##(McAfee, Inc. [Ver = 10, 0, 0, 22 | Size = 163840 bytes | Date = 08/10/2005 12:49 | Attr = ])
#"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
##(McAfee, Inc. [Ver = 10, 0, 0, 20 | Size = 151552 bytes | Date = 07/08/2005 18:18 | Attr = ])
#Installed = 1
##
#Installed = 1
##
#Installed = 1
##
#"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
##(Logitech Inc. [Ver = 8.4.7.1034 | Size = 196608 bytes | Date = 06/08/2005 14:44 | Attr = ])
#C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
##(McAfee, Inc. [Ver = 5.00.1.0 | Size = 94208 bytes | Date = 08/25/2004 05:00 | Attr = ])
#C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
##(McAfee Inc. [Ver = 6.1.0.6 | Size = 126976 bytes | Date = 03/23/2005 16:33 | Attr = ])
#"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
##(Microsoft Corporation [Ver = 8.0.0812.00 | Size = 5354792 bytes | Date = 07/29/2006 19:34 | Attr = ])
#C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
##(Google Inc. [Ver = 1, 0, 720, 3640 | Size = 155896 bytes | Date = 09/13/2006 08:01 | Attr = ])
#Debugger = ntsd -d
##
autobus25
14 Posts
0
September 21st, 2006 15:00
#{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 06:33 | Attr = ])
#{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 06:33 | Attr = ])
#{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Date = 08/10/2004 04:00 | Attr = ])
#{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Date = 08/10/2004 04:00 | Attr = ])
#CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 73728 bytes | Date = 06/16/2006 07:38 | Attr = ])
#URL Exec Hook = shell32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 06:33 | Attr = ])
#Browseui preloader = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 04:25 | Attr = ])
#Component Categories cache daemon = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 04:25 | Attr = ])
#
##
#msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
##
#stera;
##
#
##
#Adobe Gamma Loader = C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
##(Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Date = 11/04/1999 16:06 | Attr = ])
#Adobe Reader Speed Launch = C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
##(Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Date = 09/23/2005 23:05 | Attr = ])
#Adobe Gamma = C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
##(Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Date = 11/04/1999 16:06 | Attr = ])
#LimeWire On Startup = C:\Program Files\LimeWire\LimeWire.exe -startup
##(File not found)
#1d7eb48a = C:\Documents and Settings\Matthew Antrobus\Local Settings\Application Data\1d7eb48a.exe
##(File not found)
#atiptaxx = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
##(ATI Technologies, Inc. [Ver = 6.14.10.5160 | Size = 344064 bytes | Date = 08/05/2005 20:05 | Attr = ])
#BearShare = "C:\Program Files\BearShare\BearShare.exe" /pause
##(File not found)
#NMBgMonitor = "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
##(Nero AG [Ver = 1, 0, 2, 8 | Size = 98304 bytes | Date = 02/01/2006 17:45 | Attr = ])
#MediaDetect = C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
##(File not found)
#DSAgnt = "C:\Program Files\Dell Support\DSAgnt.exe" /startup
##(Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Date = 05/15/2005 01:04 | Attr = ])
#DVDLauncher = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
##(CyberLink Corp. [Ver = 3.00.0000 | Size = 53248 bytes | Date = 02/23/2005 15:19 | Attr = ])
#ehtray = C:\WINDOWS\ehome\ehtray.exe
##(Microsoft Corporation [Ver = 5.1.2715.2765 (xpsp(wmbla).050928-2135) | Size = 67584 bytes | Date = 09/29/2005 13:01 | Attr = ])
#E_FATIADA = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
##(SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 98304 bytes | Date = 02/01/2005 20:00 | Attr = ])
#GoogleDesktop = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
##( [Ver = | Size = 168448 bytes | Date = 02/13/2006 06:02 | Attr = ])
#IntelMEM = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
##(Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Date = 09/03/2003 19:12 | Attr = ])
#isuspm = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
##(InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Date = 06/10/2005 09:44 | Attr = ])
#issch = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
##(InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Date = 06/10/2005 09:44 | Attr = ])
#LVCOMSX = C:\WINDOWS\system32\LVCOMSX.EXE
##(Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Date = 07/19/2005 17:32 | Attr = ])
#Onetouch = C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
##(Maxtor Corporation [Ver = 3, 0, 0, 2 | Size = 823296 bytes | Date = 12/22/2004 09:21 | Attr = ])
#SetHook = C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
##(Fellowes, Inc. [Ver = 4,0,1,27 | Size = 53248 bytes | Date = 08/18/2003 18:46 | Attr = ])
#MSKDetct = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
##(McAfee, Inc. [Ver = 6.1.0.6 | Size = 1111040 bytes | Date = 03/23/2005 15:47 | Attr = ])
#msmsgs = "C:\Program Files\Messenger\msmsgs.exe" /background
##(Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Date = 10/13/2004 09:24 | Attr = HS])
#MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
##(Microsoft Corporation [Ver = 8.0.0812.00 | Size = 5354792 bytes | Date = 07/29/2006 19:34 | Attr = ])
#MXOALDR = C:\WINDOWS\MXOALDR.EXE
##(Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 94208 bytes | Date = 02/20/2006 20:02 | Attr = ])
#NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
##(Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Date = 01/12/2006 16:40 | Attr = ])
#NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
##(Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Date = 01/12/2006 16:40 | Attr = ])
#qttask = "C:\Program Files\QuickTime\qttask.exe" -atboottime
##(Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Date = 09/01/2006 15:57 | Attr = ])
#RealPlay = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
##(File not found)
#RetroExpress = C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
##(Dantz Development Corporation [Ver = 1.0.196.0 | Size = 6946816 bytes | Date = 07/30/2004 16:47 | Attr = ])
#stsystra = stsystra.exe
##(SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Date = 03/22/2005 23:20 | Attr = ])
#jusched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
##(Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Date = 11/10/2005 14:03 | Attr = ])
#
##
#C:\WINDOWS\system32\userinit.exe,
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Date = 08/10/2004 04:00 | Attr = ])
#Explorer.exe
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Date = 08/10/2004 04:00 | Attr = ])
#
##(File not found)
#rundll32 shell32,Control_RunDLL "sysdm.cpl"
##
#crypt32.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Date = 08/10/2004 04:00 | Attr = ])
#cryptnet.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Date = 08/10/2004 04:00 | Attr = ])
#cscdll.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Date = 08/10/2004 04:00 | Attr = ])
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 04:00 | Attr = ])
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 04:00 | Attr = ])
#sclgntfy.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Date = 08/10/2004 04:00 | Attr = ])
#WlNotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 04:00 | Attr = ])
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 04:00 | Attr = ])
#C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
##(Stardock [Ver = 5, 0, 0, 1 | Size = 176128 bytes | Date = 12/20/2005 22:57 | Attr = ])
#WgaLogon.dll
##(Microsoft Corporation [Ver = 1.5.0540.0 | Size = 702768 bytes | Date = 06/19/2006 16:20 | Attr = ])
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 04:00 | Attr = ])