1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ifected by winantivirus pro 2007

Discussion in 'Virus & Other Malware Removal' started by ariel2007, Mar 19, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. ariel2007

    ariel2007 Thread Starter

    Joined:
    Mar 19, 2007
    Messages:
    9
    hi there, my pc hass been infected by the winantivirus pro 2007, the pop ups are not very frequent but my internet connection is slow, would appreciate if anyone could help me with this. Thanks
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
    go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
    Click on the entry in start menu or on the desktop to run HijackThis
    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  3. ariel2007

    ariel2007 Thread Starter

    Joined:
    Mar 19, 2007
    Messages:
    9
    Thanks this is my hijackthis logfile

    Logfile of HijackThis v1.99.1
    Scan saved at 23:43:13, on 19/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061018
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061018
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174341339245
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
    http://gmer.net/catchme.php

    Download catchme.exe ( 25kB ) to your desktop.

    Double click the catchme.exe to run it

    Open catchme.log to see results and paste the results back here
     
  5. ariel2007

    ariel2007 Thread Starter

    Joined:
    Mar 19, 2007
    Messages:
    9
    it has not accused anything,

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
    ok lets see what this shows

    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
    • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
      • In the Processes group click Non-Microsoft
      • In the Win32 Services group click Non-Microsoft
      • In the Driver Services group click Non-Microsoft
      • In the Registry group click Non-Microsoft
      • In the Files Created Within group click 30 days Make sure Non-Microsoft only is CHECKED
      • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is CHECKED
      • In the File String Search group select Non-Microsoft
    • Now click the Run Scan button on the toolbar.
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    Use the Reply button and attach the notepad file here . I will review it when it comes in
     
  7. ariel2007

    ariel2007 Thread Starter

    Joined:
    Mar 19, 2007
    Messages:
    9
    Here it goes:
    Part 1/2

    WinPFind3 logfile created on: 20/03/2007 22:41:38
    WinPFind3U by OldTimer - Version 1.0.27 Folder = C:\Documents and Settings\A Sattar\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 6.0.2900.2180)

    1022 Mb Total Physical Memory | 581 Mb Available Physical Memory | 56.88% Memory free
    2 Gb Paging File | 2 Gb Available in Paging File | 84.47% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 51 Gb Total Space | 29 Gb Free Space | 56.98% Space Free
    Drive D: | 17 Gb Total Space | 17 Gb Free Space | 99.63% Space Free
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    Computer Name: SATTAR
    Current User Name: A Sattar
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4133 | Size = 409600 bytes | Modified Date = 23/05/2006 13:59:38 | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4133 | Size = 409600 bytes | Modified Date = 23/05/2006 13:59:38 | Attr = ]
    cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 02/01/2006 17:41:22 | Attr = ]
    cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 02/01/2006 17:41:22 | Attr = ]
    ctsvolfe.exe -> %ProgramFiles%\Creative\Mixer\CTSVolFE.exe -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 57344 bytes | Modified Date = 23/02/2005 15:57:24 | Attr = ]
    dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29/10/2003 02:06:00 | Attr = ]
    dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10, 1, 1, 84 | Size = 397381 bytes | Modified Date = 01/05/2006 09:26:14 | Attr = ]
    dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 09/12/2005 20:29:52 | Attr = ]
    evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 114753 bytes | Modified Date = 01/05/2006 09:20:52 | Attr = ]
    ghoststartservice.exe -> %ProgramFiles%\Symantec\Norton Ghost 2003\GhostStartService.exe -> Symantec Corporation [Ver = 2003.789 | Size = 200704 bytes | Modified Date = 28/05/2003 19:11:02 | Attr = ]
    ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10, 1, 1, 19 | Size = 602182 bytes | Modified Date = 01/05/2006 09:28:26 | Attr = ]
    issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 10/06/2005 10:44:02 | Attr = ]
    kavpf.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe -> Kaspersky Lab [Ver = 1.9.0.37 | Size = 2195583 bytes | Modified Date = 19/07/2006 14:51:58 | Attr = ]
    nicconfigsvc.exe -> %ProgramFiles%\Dell\QuickSet\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 03/08/2006 18:50:46 | Attr = ]
    realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 18/10/2006 17:33:38 | Attr = ]
    regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Modified Date = 01/05/2006 09:20:26 | Attr = ]
    s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 1, 34 | Size = 540745 bytes | Modified Date = 01/05/2006 09:22:42 | Attr = ]
    smsystemanalyzer.exe -> %ProgramFiles%\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe -> [Ver = | Size = 557056 bytes | Modified Date = 20/12/2006 17:47:56 | Attr = ]
    syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 08/03/2006 18:48:02 | Attr = ]
    tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 06/12/2004 01:05:00 | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.27.0 | Size = 316416 bytes | Modified Date = 19/03/2007 17:58:42 | Attr = ]
    wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10, 1, 1, 28 | Size = 262217 bytes | Modified Date = 01/05/2006 09:34:00 | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4133 | Size = 409600 bytes | Modified Date = 23/05/2006 13:59:38 | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 10/08/2004 05:00:00 | Attr = ]
    (EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 114753 bytes | Modified Date = 01/05/2006 09:20:52 | Attr = ]
    (GhostStartService) GhostStartService [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\Norton Ghost 2003\GhostStartService.exe -> Symantec Corporation [Ver = 2003.789 | Size = 200704 bytes | Modified Date = 28/05/2003 19:11:02 | Attr = ]
    (kavsvc) Kaspersky Anti-Virus Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe -> Kaspersky Lab [Ver = 5.0.676.1 | Size = 1020010 bytes | Modified Date = 19/07/2006 15:26:40 | Attr = ]
    (NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\QuickSet\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 03/08/2006 18:50:46 | Attr = ]
    (RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 1, 1 | Size = 217164 bytes | Modified Date = 01/05/2006 09:20:26 | Attr = ]
    (S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 1, 34 | Size = 540745 bytes | Modified Date = 01/05/2006 09:22:42 | Attr = ]
    (WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10, 1, 1, 28 | Size = 262217 bytes | Modified Date = 01/05/2006 09:34:00 | Attr = ]

    [Driver Services - Non-Microsoft Only]
    (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
    (AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.10.0 [Kernel | Auto | Running] -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.10.0 | Size = 21275 bytes | Modified Date = 18/10/2006 17:26:28 | Attr = ]
    (AliIde) AliIde [Kernel | Disabled | Stopped] -> %System32%\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 17/08/2001 13:51:56 | Attr = ]
    (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %System32%\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 03/08/2004 23:07:44 | Attr = ]
    (APPDRV) APPDRV [Kernel | System | Running] -> %System32%\drivers\APPDRV.SYS -> Dell Inc [Ver = 1, 0, 1, 1 | Size = 16128 bytes | Modified Date = 12/08/2005 17:50:46 | Attr = ]
    (asc) asc [Kernel | Disabled | Stopped] -> %System32%\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 17/08/2001 13:52:00 | Attr = ]
    (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %System32%\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 17/08/2001 13:51:58 | Attr = ]
    (ASCTRM) ASCTRM [Kernel | Auto | Running] -> %System32%\drivers\asctrm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 18/10/2006 17:33:40 | Attr = ]
    (Aspi32) Aspi32 [Kernel | Auto | Running] -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0001) | Size = 17005 bytes | Modified Date = 28/05/2003 18:53:46 | Attr = ]
    (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
    (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6618 | Size = 1578496 bytes | Modified Date = 23/05/2006 14:06:36 | Attr = ]
    (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.52.0.0 built by: WinDDK | Size = 44544 bytes | Modified Date = 25/08/2006 07:23:08 | Attr = ]
    (Changer) Changer [Kernel | System | Stopped] -> -> File not found
    (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %System32%\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 17/08/2001 13:51:54 | Attr = ]
    (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %System32%\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 17/08/2001 13:52:16 | Attr = ]
    (dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 10/08/2004 05:00:00 | Attr = ]
    (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 10/08/2004 05:00:00 | Attr = ]
    (dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 10/08/2004 05:00:00 | Attr = ]
    (drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.22.03a | Size = 87488 bytes | Modified Date = 01/12/2004 03:22:00 | Attr = ]
    (drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.43a | Size = 40480 bytes | Modified Date = 23/11/2004 02:56:00 | Attr = ]
    (DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Dell Support\GTAction\triggers\DSproct.sys -> GTek Technologies Ltd. [Ver = 1, 0, 0, 28 | Size = 4864 bytes | Modified Date = 10/01/2006 12:07:58 | Attr = ]
    (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 17/08/2001 12:12:10 | Attr = ]
    (FileDisk) FileDisk [Kernel | System | Running] -> %System32%\drivers\filedisk.sys -> iolo technologies, LLC (based on original work by Bo Brantén) [Ver = 2.0 | Size = 9341 bytes | Modified Date = 28/03/2006 02:54:00 | Attr = ]
    (GhPciScan) GhostPciScanner [Kernel | System | Running] -> %ProgramFiles%\Symantec\Norton Ghost 2003\ghpciscan.sys -> Symantec Corporation [Ver = 2003.789 | Size = 5632 bytes | Modified Date = 28/05/2003 19:01:06 | Attr = ]
    (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %System32%\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5011 built by: WinDDK | Size = 137728 bytes | Modified Date = 12/08/2004 17:45:54 | Attr = ]
    (HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.32.00 built by: WinDDK | Size = 201600 bytes | Modified Date = 22/07/2005 03:01:08 | Attr = ]
    (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.32.00 built by: WinDDK | Size = 1035008 bytes | Modified Date = 22/07/2005 03:02:12 | Attr = ]
    (Kl1) Kl1 [Kernel | Boot | Running] -> %System32%\drivers\kl1.sys -> Kaspersky Lab [Ver = 5.0.676.0 | Size = 33299 bytes | Modified Date = 18/05/2006 18:01:16 | Attr = ]
    (Klif) Klif [Kernel | System | Running] -> %System32%\drivers\klif.sys -> Kaspersky Labs [Ver = 6.12.10.161 | Size = 139024 bytes | Modified Date = 18/05/2006 18:38:00 | Attr = ]
    (Klmc) Klmc [Kernel | System | Running] -> %System32%\drivers\klmc.sys -> Kaspersky Lab [Ver = 5.0.676.4 | Size = 14771 bytes | Modified Date = 18/05/2006 18:38:02 | Attr = ]
    (Klpf) Klpf [Kernel | Boot | Running] -> %System32%\drivers\Klpf.sys -> KL [Ver = 2, 0, 0, 18 | Size = 28979 bytes | Modified Date = 11/05/2006 15:05:56 | Attr = ]
    (Klpid) Klpid [Kernel | Boot | Running] -> %System32%\drivers\Klpid.sys -> KL [Ver = 2, 0, 0, 17 | Size = 36534 bytes | Modified Date = 11/05/2006 15:06:06 | Attr = ]
    (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
    (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 17/03/2004 03:04:14 | Attr = ]
    (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %System32%\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 17/08/2001 13:52:12 | Attr = ]
    (nv) nv [Kernel | On_Demand | Stopped] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 03/08/2004 22:29:56 | Attr = ]
    (omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\drivers\omci.sys -> Dell Inc [Ver = 7, 1, 382, 0 | Size = 17153 bytes | Modified Date = 13/02/2004 16:46:00 | Attr = ]
    (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
    (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
    (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
    (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
    (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
    (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 10/08/2004 05:00:00 | Attr = ]
    (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 17/08/2001 13:52:20 | Attr = ]
    (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 17/08/2001 13:52:20 | Attr = ]
    (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %System32%\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 17/08/2001 13:52:18 | Attr = ]
    (rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %System32%\drivers\rimmptsk.sys -> REDC [Ver = 1.0.0.6 | Size = 28544 bytes | Modified Date = 14/10/2005 15:40:18 | Attr = ]
    (rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %System32%\drivers\rimsptsk.sys -> REDC [Ver = 1.00.01.12 | Size = 51328 bytes | Modified Date = 14/10/2005 15:40:18 | Attr = ]
    (rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %System32%\drivers\rixdptsk.sys -> REDC [Ver = 1.00.02.04 | Size = 307968 bytes | Modified Date = 14/10/2005 15:40:18 | Attr = ]
    (s24trans) WLAN Transport [Kernel | Auto | Running] -> %System32%\drivers\s24trans.sys -> Intel Corporation [Ver = 10, 1, 1, 3 | Size = 13568 bytes | Modified Date = 01/05/2006 09:52:02 | Attr = ]
    (Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.00.060 | Size = 163644 bytes | Modified Date = 21/10/2006 14:40:12 | Attr = ]
    (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
    (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %System32%\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 03/08/2004 23:07:44 | Attr = ]
    (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %System32%\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 17/08/2001 14:07:44 | Attr = ]
    (sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 14/07/2004 11:29:04 | Attr = ]
    (ssrtln) ssrtln [File_System | System | Running] -> %System32%\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 14/07/2004 11:28:50 | Attr = ]
    (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %System32%\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4995.1 nd446 cp1 | Size = 1156648 bytes | Modified Date = 24/03/2006 23:34:30 | Attr = ]
    (symc810) symc810 [Kernel | Disabled | Stopped] -> %System32%\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 17/08/2001 14:07:34 | Attr = ]
    (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %System32%\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 17/08/2001 14:07:36 | Attr = ]
    (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 17/08/2001 14:07:40 | Attr = ]
    (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %System32%\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 17/08/2001 14:07:42 | Attr = ]
    (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 191872 bytes | Modified Date = 08/03/2006 18:35:10 | Attr = ]
    (tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25883 bytes | Modified Date = 06/12/2004 01:05:00 | Attr = ]
    (tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 06/12/2004 01:05:00 | Attr = ]
    (tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 06/12/2004 01:05:00 | Attr = ]
    (tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 06/12/2004 01:05:00 | Attr = ]
    (tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86586 bytes | Modified Date = 06/12/2004 01:05:00 | Attr = ]
    (tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 15227 bytes | Modified Date = 06/12/2004 01:05:00 | Attr = ]
    (tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 06/12/2004 01:05:00 | Attr = ]
    (tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 06/12/2004 01:05:00 | Attr = ]
    (tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 06/12/2004 01:05:00 | Attr = ]
    (ultra) ultra [Kernel | Disabled | Stopped] -> %System32%\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 17/08/2001 13:52:22 | Attr = ]
    (w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\w39n51.sys -> Intel® Corporation [Ver = 10, 1, 1, 7 | Size = 1429632 bytes | Modified Date = 26/04/2006 23:13:04 | Attr = ]
    (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found
    (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
    (winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.32.00 built by: WinDDK | Size = 717952 bytes | Modified Date = 22/07/2005 03:01:00 | Attr = ]
     
  8. ariel2007

    ariel2007 Thread Starter

    Joined:
    Mar 19, 2007
    Messages:
    9
    Part 2/2. thanks

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 02/01/2006 17:41:22 | Attr = ]
    CTSVolFE.exe -> %ProgramFiles%\Creative\Mixer\CTSVolFE.exe -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 57344 bytes | Modified Date = 23/02/2005 15:57:24 | Attr = ]
    dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 06/12/2004 01:05:00 | Attr = ]
    DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 09/12/2005 20:29:52 | Attr = ]
    ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 10/06/2005 10:44:02 | Attr = ]
    ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 10/06/2005 10:44:02 | Attr = ]
    KAVPersonal50 -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe -> Kaspersky Lab [Ver = 5.0.676.1 | Size = 98407 bytes | Modified Date = 19/07/2006 15:27:24 | Attr = ]
    MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Modified Date = 12/08/2005 16:16:44 | Attr = ]
    RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 18/10/2006 17:33:38 | Attr = ]
    SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 08/03/2006 18:48:02 | Attr = ]
    < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
    IMAIL -> Installed = 1 ->
    MAPI -> Installed = 1 ->
    MSFS -> Installed = 1 ->
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ModemOnHold -> %ProgramFiles%\NetWaiting\netWaiting.exe -> [Ver = | Size = 20480 bytes | Modified Date = 10/09/2003 02:24:00 | Attr = ]
    SMSystemAnalyzer -> %ProgramFiles%\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe -> [Ver = | Size = 557056 bytes | Modified Date = 20/12/2006 17:47:56 | Attr = ]
    < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    %AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29/10/2003 02:06:00 | Attr = ]
    %AllUsersStartup%\Kaspersky Anti-Hacker.lnk -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe -> Kaspersky Lab [Ver = 1.9.0.37 | Size = 2195583 bytes | Modified Date = 19/07/2006 14:51:58 | Attr = ]
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
    Control_RunDLL -> -> File not found
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4133 | Size = 61440 bytes | Modified Date = 23/05/2006 14:00:44 | Attr = ]
    WRNotifier -> WRLogonNTF.dll -> File not found
    < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
    127.0.0.1 localhost -> ->
    < Internet Explorer Settings > ->
    HKLM: Default_Page_URL -> http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen ->
    HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
    HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Start Page -> http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
    HKLM: SearchAssistant -> http://www.google.com/ie ->
    HKCU: Default_Page_URL -> www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061018 ->
    HKCU: Search Bar -> http://www.google.com/ie ->
    HKCU: Search Page -> http://www.google.com ->
    HKCU: Start Page -> http://www.bbc.co.uk/ ->
    HKCU: SearchAssistant -> http://www.google.com/ie ->
    HKCU: ProxyEnable -> 0 ->
    < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    msn.com [ - ] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 12/01/2006 20:38:22 | Attr = ]
    {5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 06/12/2004 01:05:00 | Attr = ]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/2006 03:23:24 | Attr = ]
    {CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 30/08/2006 18:40:20 | Attr = ]
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_11\bin\npjpi150_11.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 75528 bytes | Modified Date = 15/12/2006 03:23:26 | Attr = ]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_11\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 440056 bytes | Modified Date = 15/12/2006 03:23:24 | Attr = ]
    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
    {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
    < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
    E&xport to Microsoft Excel -> -> File not found
    < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
    SV1 -> ->
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
    {6C3A1829-5C01-4E79-B641-E7E3558F6BEB} -> (Broadcom 440x 10/100 Integrated Controller) ->
    {A772F4B5-9634-46F8-A6D7-7817A5A6CD6D} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
    {FB67240B-0019-405E-A3F8-FFCF61DA9BA6} -> (1394 Net Adapter) ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174341339245 ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
    {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab ->


    [Files/Folders - Created Within 30 days]
    $NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 03/03/2007 18:52:16 | Attr = H ]
    $NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 03/03/2007 18:52:32 | Attr = H ]
    $NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 03/03/2007 18:52:21 | Attr = H ]
    $NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 03/03/2007 18:53:01 | Attr = H ]
    $NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 03/03/2007 18:52:55 | Attr = H ]
    $NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Created Date = 03/03/2007 18:51:31 | Attr = H ]
    $NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 03/03/2007 18:52:39 | Attr = H ]
    $NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 23/02/2007 16:41:34 | Attr = H ]
    $NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Created Date = 15/03/2007 23:38:38 | Attr = H ]
    $NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Created Date = 03/03/2007 18:52:27 | Attr = H ]
    DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Created Date = 23/02/2007 05:25:19 | Attr = ]
    divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.5.1.0 | Size = 679936 bytes | Created Date = 23/02/2007 05:25:13 | Attr = ]
    DivXMedia.ax -> %System32%\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Created Date = 23/02/2007 05:25:12 | Attr = ]
    DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 5, 1, 0 | Size = 524288 bytes | Created Date = 23/02/2007 05:29:58 | Attr = ]
    divxsm.tlb -> %System32%\divxsm.tlb -> [Ver = | Size = 4816 bytes | Created Date = 23/02/2007 05:29:58 | Attr = ]
    divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 823296 bytes | Created Date = 23/02/2007 05:25:19 | Attr = ]
    divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 823296 bytes | Created Date = 23/02/2007 05:25:19 | Attr = ]
    divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 802816 bytes | Created Date = 23/02/2007 05:25:19 | Attr = ]
    dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 73728 bytes | Created Date = 23/02/2007 05:25:24 | Attr = ]
    dpu10.dll -> %System32%\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 23/02/2007 05:25:22 | Attr = ]
    dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 23/02/2007 05:25:22 | Attr = ]
    dpuGUI10.dll -> %System32%\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 23/02/2007 05:25:23 | Attr = ]
    dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 23/02/2007 05:25:22 | Attr = ]
    dpus11.dll -> %System32%\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 23/02/2007 05:25:22 | Attr = ]
    dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 23/02/2007 05:25:22 | Attr = ]
    dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 196608 bytes | Created Date = 23/02/2007 05:25:24 | Attr = ]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49248 bytes | Created Date = 17/03/2007 20:30:53 | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 53346 bytes | Created Date = 17/03/2007 20:30:53 | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 127078 bytes | Created Date = 17/03/2007 20:30:53 | Attr = ]
    jpicpl32.cpl -> %System32%\jpicpl32.cpl -> Sun Microsystems, Inc. [Ver = 5.0.110.3 | Size = 49265 bytes | Created Date = 17/03/2007 20:30:53 | Attr = ]
    libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 23/02/2007 05:29:49 | Attr = ]
    pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 129784 bytes | Created Date = 04/03/2007 16:14:37 | Attr = ]
    pxcpya64.exe -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 64760 bytes | Created Date = 04/03/2007 16:14:37 | Attr = ]
    pxcpyi64.exe -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 116472 bytes | Created Date = 04/03/2007 16:14:38 | Attr = ]
    pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 72440 bytes | Created Date = 04/03/2007 16:14:37 | Attr = ]
    pxinsa64.exe -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 64760 bytes | Created Date = 04/03/2007 16:14:37 | Attr = ]
    pxinsi64.exe -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 118520 bytes | Created Date = 04/03/2007 16:14:37 | Attr = ]
    qt-dx331.dll -> %System32%\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Created Date = 23/02/2007 05:29:56 | Attr = ]
    ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 23/02/2007 05:29:49 | Attr = ]
    WNASPI32.DLL -> %System32%\WNASPI32.DLL -> Adaptec [Ver = 4.71 (0001) | Size = 45056 bytes | Created Date = 07/03/2007 23:24:44 | Attr = ]
    ASPI32.SYS -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0001) | Size = 17005 bytes | Created Date = 07/03/2007 23:24:44 | Attr = ]
    cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Created Date = 04/03/2007 16:14:38 | Attr = ]
    cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Created Date = 04/03/2007 16:14:38 | Attr = ]

    [Files/Folders - Modified Within 30 days]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072103424 bytes | Modified Date = 20/03/2007 20:16:54 | Attr = HS]
    i386 -> %SystemDrive%\i386 -> [Folder | Modified Date = 04/03/2007 20:32:48 | Attr = ]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 19/03/2007 23:15:10 | Attr = R ]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 20/03/2007 20:17:38 | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 15/03/2007 20:53:36 | Attr = H ]
    $NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 03/03/2007 18:52:18 | Attr = H ]
    $NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Modified Date = 03/03/2007 18:52:34 | Attr = H ]
    $NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Modified Date = 03/03/2007 18:52:24 | Attr = H ]
    $NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Modified Date = 03/03/2007 18:53:04 | Attr = H ]
    $NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Modified Date = 03/03/2007 18:52:58 | Attr = H ]
    $NtUninstallKB928090$ -> %SystemRoot%\$NtUninstallKB928090$ -> [Folder | Modified Date = 03/03/2007 18:51:38 | Attr = H ]
    $NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Modified Date = 03/03/2007 18:52:42 | Attr = H ]
    $NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 23/02/2007 16:41:36 | Attr = H ]
    $NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ -> [Folder | Modified Date = 15/03/2007 23:38:42 | Attr = H ]
    $NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Modified Date = 03/03/2007 18:52:28 | Attr = H ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 20/03/2007 20:16:56 | Attr = S]
    CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 14/03/2007 23:27:30 | Attr = HS]
    Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 04/03/2007 20:32:46 | Attr = ]
    Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 19/03/2007 22:55:58 | Attr = S]
    Help -> %SystemRoot%\Help -> [Folder | Modified Date = 11/03/2007 23:28:28 | Attr = ]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 20/03/2007 08:51:22 | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 20/03/2007 00:35:30 | Attr = HS]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 20/03/2007 22:40:44 | Attr = ]
    Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 20/03/2007 20:17:20 | Attr = ]
    repair -> %SystemRoot%\repair -> [Folder | Modified Date = 04/03/2007 20:32:46 | Attr = ]
    SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 19/03/2007 22:56:10 | Attr = ]
    SysMech6.INI -> %SystemRoot%\SysMech6.INI -> [Ver = | Size = 1444 bytes | Modified Date = 20/03/2007 09:04:40 | Attr = ]
    system -> %SystemRoot%\system -> [Folder | Modified Date = 07/03/2007 23:24:46 | Attr = ]
    system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 250 bytes | Modified Date = 07/03/2007 23:13:38 | Attr = ]
    system32 -> %System32% -> [Folder | Modified Date = 20/03/2007 08:51:24 | Attr = ]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 20/03/2007 22:34:44 | Attr = ]
    WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 03/03/2007 18:52:36 | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 20/03/2007 20:17:00 | Attr = H ]
    AUTOEXEC.NT -> %System32%\AUTOEXEC.NT -> [Ver = | Size = 1789 bytes | Modified Date = 07/03/2007 23:13:38 | Attr = ]
    CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 20/03/2007 08:51:20 | Attr = ]
    DivX.dll -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 23/02/2007 05:25:20 | Attr = ]
    divxdec.ax -> %System32%\divxdec.ax -> DivX, Inc. [Ver = 6.5.1.0 | Size = 679936 bytes | Modified Date = 23/02/2007 05:25:14 | Attr = ]
    DivXMedia.ax -> %System32%\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Modified Date = 23/02/2007 05:25:14 | Attr = ]
    DivXsm.exe -> %System32%\DivXsm.exe -> DivX Inc. [Ver = 6, 5, 1, 0 | Size = 524288 bytes | Modified Date = 23/02/2007 05:30:00 | Attr = ]
    divxsm.tlb -> %System32%\divxsm.tlb -> [Ver = | Size = 4816 bytes | Modified Date = 23/02/2007 05:30:00 | Attr = ]
    divx_xx07.dll -> %System32%\divx_xx07.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 823296 bytes | Modified Date = 23/02/2007 05:25:20 | Attr = ]
    divx_xx0c.dll -> %System32%\divx_xx0c.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 823296 bytes | Modified Date = 23/02/2007 05:25:20 | Attr = ]
    divx_xx11.dll -> %System32%\divx_xx11.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 802816 bytes | Modified Date = 23/02/2007 05:25:20 | Attr = ]
    dllcache -> %System32%\dllcache -> [Folder | Modified Date = 15/03/2007 23:38:46 | Attr = ]
    dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 73728 bytes | Modified Date = 23/02/2007 05:25:26 | Attr = ]
    dpu10.dll -> %System32%\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 23/02/2007 05:25:24 | Attr = ]
    dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 23/02/2007 05:25:24 | Attr = ]
    dpuGUI10.dll -> %System32%\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Modified Date = 23/02/2007 05:25:24 | Attr = ]
    dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Modified Date = 23/02/2007 05:25:24 | Attr = ]
    dpus11.dll -> %System32%\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Modified Date = 23/02/2007 05:25:24 | Attr = ]
    dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Modified Date = 23/02/2007 05:25:24 | Attr = ]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 14/03/2007 19:42:20 | Attr = ]
    dtu100.dll -> %System32%\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 196608 bytes | Modified Date = 23/02/2007 05:25:26 | Attr = ]
    FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 19/03/2007 01:22:52 | Attr = ]
    libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 23/02/2007 05:29:50 | Attr = ]
    Px.dll -> %System32%\Px.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 527096 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 129784 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    pxcpya64.exe -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 64760 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    pxcpyi64.exe -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 116472 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    pxdrv.dll -> %System32%\pxdrv.dll -> Sonic Solutions [Ver = 1.02.01a | Size = 502520 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    pxhpinst.exe -> %System32%\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 72440 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    pxinsa64.exe -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 64760 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    pxinsi64.exe -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 118520 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    PxMas.dll -> %System32%\PxMas.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 183032 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    PxSFS.DLL -> %System32%\PxSFS.DLL -> Sonic Solutions [Ver = 3.4.46.500 | Size = 1329912 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    PxWave.dll -> %System32%\PxWave.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 379640 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    qt-dx331.dll -> %System32%\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Modified Date = 23/02/2007 05:29:58 | Attr = ]
    QuickTime -> %System32%\QuickTime -> [Folder | Modified Date = 04/03/2007 18:38:18 | Attr = ]
    ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 23/02/2007 05:29:50 | Attr = ]
    VXBLOCK.dll -> %System32%\VXBLOCK.dll -> Sonic Solutions [Ver = 1.00.74a | Size = 39672 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 11/03/2007 23:12:52 | Attr = ]
    cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]
    klick.sys -> %System32%\drivers\klick.sys -> Kaspersky Lab [Ver = 2.0.0.395 | Size = 75932 bytes | Modified Date = 14/03/2007 19:42:20 | Attr = ]
    klin.sys -> %System32%\drivers\klin.sys -> Kaspersky Lab [Ver = 2.0.0.395 | Size = 74396 bytes | Modified Date = 14/03/2007 19:42:20 | Attr = ]
    pxhelp20.sys -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.43J | Size = 36624 bytes | Modified Date = 23/02/2007 05:29:54 | Attr = ]

    [File String Scan - Non-Microsoft Only]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 10/08/2004 05:00:00 | Attr = ]
    PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 23/02/2007 05:25:20 | Attr = ]
    aspack , -> %System32%\Incinerator.dll -> [Ver = | Size = 1212416 bytes | Modified Date = 20/12/2006 17:48:02 | Attr = ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 10/08/2004 05:00:00 | Attr = ]

    < End of report >
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
    nothing showing there at all

    what tells you that you are infected with winantivirus
     
  10. ariel2007

    ariel2007 Thread Starter

    Joined:
    Mar 19, 2007
    Messages:
    9
    I had some pop-ups advising me to download the winantivirus pro 2007, this was more frequent when pages i visited took long to load. i haven't had any pop-ups recently although internet is a tad slower than it used to be.
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
    I think they were just on the pages you were on but lets see if this finds anything

    Download the Trial version of Superantispyware Pro (SAS)


    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  12. ariel2007

    ariel2007 Thread Starter

    Joined:
    Mar 19, 2007
    Messages:
    9
    SUPERAntiSpyware Scan Log
    Generated 03/22/2007 at 08:18 PM

    Application Version : 3.6.1000

    Core Rules Database Version : 3190
    Trace Rules Database Version: 1200

    Scan type : Complete Scan
    Total Scan Time : 01:28:49

    Memory items scanned : 637
    Memory threats detected : 0
    Registry items scanned : 5760
    Registry threats detected : 0
    File items scanned : 72578
    File threats detected : 20

    Adware.Tracking Cookie
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][1].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][1].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][1].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][1].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][1].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][2].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][1].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][1].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][2].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][2].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][1].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][2].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][2].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][1].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][2].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][3].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][1].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][1].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][1].txt
    C:\Documents and Settings\A Sattar\Cookies\a [email protected][1].txt
     
  13. ariel2007

    ariel2007 Thread Starter

    Joined:
    Mar 19, 2007
    Messages:
    9
    Logfile of HijackThis v1.99.1
    Scan saved at 20:27:15, on 22/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061018
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061018
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174341339245
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,222
    First Name:
    Derek
    that has found nothing either and I have never known winantivirus to hide from all those
     
  15. ariel2007

    ariel2007 Thread Starter

    Joined:
    Mar 19, 2007
    Messages:
    9
    it's been a while since a got a pop up so you are probably right. thanks a lot for your help anyway, i will make a donation to Hedgehog Rescue Centre.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/553024

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice