Win32:Trogan-gen (Other) infection [RESOLVED] |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
  |
 Aug 24 2008, 03:05 AM
Post
#1
|
|
|
Member  Posts: 40 OS: Windows XP  |
I have been having some trouble with my PC, in that programs (especially firefox 3.0) seems to be randomly closing itself down for no reason. When the program closes itself, the "Dr Watson Post-mortem debugger" opens, says it is creating an error log, then that closes aswell most of the time, however sometimes the debugger freezez aswell, and i have to close it through task manager. I ran a virus scan with avast, and it showed 2 virus', one called Win32:Trojan-gen (Other) and one called Win32:Adware-gen (Other). The first virus (Trojan-gen) was found in a file within C:\\recycler... and the other file (adware-gen) was found in C:\\System Volume Information\...\A0111257.exe. Both files were "successfully deleted" by avast. below are is my HijackThis log, hope you guys can help me get this sorted again! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:04:01, on 24/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\APPS\Powercinema\PCMService.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\wltray.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\SpywareGuard\sgmain.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\D-Tools\daemon.exe c:\progra~1\common~1\instal~1\update~1\isuspm.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{AEA52C0D-7AD4-4CE7-9B60-786757B2378D}: NameServer = 192.168.1.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 9650 bytes Thanks in advance for any help you guys can offer me. littlebigman |
 |
 
|
|
Aug 27 2008, 04:56 PM
Post
#2
|
|
 Trusted Helper  Posts: 2,659 From: Ohio, USA OS: linux, Windows XP |
Hello littlebigman,
Sorry about the delay, everyone here has been very busy. Please post a fresh HijackThis log in your next reply. |
|
|
|
|
Aug 28 2008, 01:42 AM
Post
#3
|
|
|
Member Posts: 40 OS: Windows XP |
Hi Jimmy.
Thankyou for your reply! Don't worry about the delay, i know you are all really busy, i am VERY grateful for your help with this! Below is the new HiJack This Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:38:11, on 28/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\APPS\Powercinema\PCMService.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\wltray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Program Files\SpywareGuard\sgbhp.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{AEA52C0D-7AD4-4CE7-9B60-786757B2378D}: NameServer = 192.168.1.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 9393 bytes Thanks again for your help with this, i will reply back as soon as possible after your next reply. unfortunately, i am at work until 6pm UK time, so will not be able to reply until then. Thanks, Dan |
|
|
|
|
Aug 28 2008, 11:25 AM
Post
#4
|
|
|
Trusted Helper Posts: 2,659 From: Ohio, USA OS: linux, Windows XP |
Hello littlebigman,
QUOTE i am at work until 6pm UK time, so will not be able to reply until then. Thats no problem. STEP 1 I do not see a Firewall on your computer. A firewall can help protect you from Hackers and some types of Malware. I recommend you download a firewall. Here are a few to chose from(all are free). Comodo Zone Alarm OutPost Out of these I would recommend Comodo, please only install one firewall at a time. If you need any help installing/using one of these firewalls please let me know. STEP 2 I see that you have a P2P(Peer to Peer) program on your computer. While the program it self may be safe the files you get can be illegal and can also have malware in them. I recommend you remove the following program. (if you do not want to remove the P2P program please skip this step and go to the next one) Please click Start>Control Panel>Add or Remove Programs. And remove the following program (if present) Also remove any other P2P programs you may have. uTorrent Once you have done that please remove the following folder (if present) C:\Program Files\uTorrent STEP 3 Download OTViewIt to your desktop.
|
|
|
|
|
Aug 28 2008, 12:06 PM
Post
#5
|
|
|
Member Posts: 40 OS: Windows XP |
Hi Jimmy Thanks again for your reply! I have installed the Comodo firewall as recommended  .I used the p2p program to download Open Office last week (although i havnt had time to install it yet), that is all it has been used for. Is it safe to keep it installed for further versions of the program? I am also considering installing linux on my PC, is it safe to download linux using a torrent? Below are the 2 logs from OTViewIt. I will post the first log (OTViewIt.txt) in this post, and then the Extras.txt in another, as you recommended: OTViewIt.txt OTViewIt logfile created on: 28/08/2008 18:58:11 - Run 1 OTViewIt by OldTimer - Version 1.0.0.15 Folder = C:\Documents and Settings\Dan\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.94 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 74.60% Memory free 2.45 Gb Paging File | 2.05 Gb Available in Paging File | 83.65% Paging File free Paging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.63 Gb Total Space | 2.73 Gb Free Space | 3.92% Space Free | Partition Type: NTFS Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Drive E: | 133.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 399.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive K: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: DANPC Current User Name: Dan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On ===== Processes - Non-Microsoft Only ===== [01/19/2005 12:01 PM | 00,065,536 | ---- | M] () - C:\WINDOWS\system32\wltrysvc.exe [01/29/2005 03:09 AM | 00,876,649 | ---- | M] (BT Voyager Corporation) - C:\WINDOWS\system32\bcmwltry.exe [07/19/2008 03:25 PM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [07/19/2008 03:38 PM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe [10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [04/06/2005 05:03 PM | 00,110,592 | ---- | M] () - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [02/23/2006 07:09 PM | 00,266,338 | ---- | M] () - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe [08/28/2008 06:47 PM | 00,519,936 | ---- | M] () - C:\Program Files\COMODO\Firewall\cmdagent.exe [02/23/2006 07:08 PM | 01,073,152 | ---- | M] (Cyberlink) - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe [10/20/2005 01:15 PM | 00,090,112 | ---- | M] () - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [02/23/2006 07:09 PM | 00,114,784 | ---- | M] () - c:\APPS\Powercinema\Kernel\TV\CLSched.exe [07/19/2008 03:38 PM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [07/23/2008 03:25 PM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [10/04/2004 08:03 PM | 00,310,272 | ---- | M] () - C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe [09/15/2005 04:05 AM | 00,344,064 | ---- | M] (ATI Technologies, Inc.) - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [01/29/2005 03:09 AM | 00,696,422 | ---- | M] (BT Voyager Corporation) - C:\WINDOWS\system32\wltray.exe [07/19/2008 03:38 PM | 00,078,008 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashDisp.exe [08/28/2008 06:46 PM | 01,655,552 | ---- | M] () - C:\Program Files\COMODO\Firewall\cfp.exe [08/29/2003 08:05 PM | 00,360,448 | ---- | M] () - C:\Program Files\SpywareGuard\sgmain.exe [08/29/2003 12:14 PM | 00,233,472 | ---- | M] () - C:\Program Files\SpywareGuard\sgbhp.exe ===== Win32 Services - Non-Microsoft Only ===== (Adobe LM Service) Adobe LM Service [On_Demand | Stopped] [01/22/2007 09:13 AM | 00,072,704 | ---- | M] (Adobe Systems) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Apple Mobile Device) Apple Mobile Device [Auto | Running] [10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (aswUpdSv) avast! iAVS4 Control Service [Auto | Running] [07/19/2008 03:25 PM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ATI Smart) ATI Smart [Auto | Stopped] [09/15/2005 04:05 AM | 00,516,096 | ---- | M] () - C:\WINDOWS\system32\ati2sgag.exe (avast! Antivirus) avast! Antivirus [Auto | Running] [07/19/2008 03:38 PM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running] [07/19/2008 03:38 PM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! Web Scanner) avast! Web Scanner [On_Demand | Running] [07/23/2008 03:25 PM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (BlueSoleil Hid Service) BlueSoleil Hid Service [Auto | Running] [04/06/2005 05:03 PM | 00,110,592 | ---- | M] () - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (CLCapSvc) CyberLink Background Capture Service (CBCS) [Auto | Running] [02/23/2006 07:09 PM | 00,266,338 | ---- | M] () - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe (CLSched) CyberLink Task Scheduler (CTS) [Auto | Running] [02/23/2006 07:09 PM | 00,114,784 | ---- | M] () - c:\APPS\Powercinema\Kernel\TV\CLSched.exe (cmdAgent) COMODO Firewall Pro Helper Service [Auto | Running] [08/28/2008 06:47 PM | 00,519,936 | ---- | M] () - C:\Program Files\COMODO\Firewall\cmdagent.exe (CyberLink Media Library Service) CyberLink Media Library Service [Auto | Running] [02/23/2006 07:08 PM | 01,073,152 | ---- | M] (Cyberlink) - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe (USBDeviceService) USBDeviceService [Auto | Running] [10/20/2005 01:15 PM | 00,090,112 | ---- | M] () - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe (wltrysvc) Broadcom Wireless LAN Tray Service [Auto | Running] [01/19/2005 12:01 PM | 00,065,536 | ---- | M] () - C:\WINDOWS\system32\wltrysvc.exe ===== Driver Services - Non-Microsoft Only ===== (Aavmker4) avast! Asynchronous Virus Monitor [System | Running] [07/19/2008 03:32 PM | 00,026,944 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys (ASCTRM) ASCTRM [Auto | Running] [08/27/2006 09:28 PM | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) - C:\WINDOWS\System32\drivers\asctrm.sys (aswFsBlk) aswFsBlk [Auto | Running] [07/19/2008 03:37 PM | 00,020,560 | ---- | M] (ALWIL Software) - C:\WINDOWS\system32\drivers\aswFsBlk.sys (aswMon2) avast! Standard Shield Support [Auto | Running] [07/19/2008 03:37 PM | 00,094,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys (aswRdr) aswRdr [On_Demand | Running] [07/19/2008 03:33 PM | 00,023,152 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys (aswSP) avast! Self Protection [System | Running] [07/19/2008 03:35 PM | 00,078,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys (aswTdi) avast! Network Shield Support [System | Running] [07/19/2008 03:32 PM | 00,042,912 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys (atapi) Standard IDE/ESDI Hard Disk Controller [Boot | Running] [02/28/2006 01:00 PM | 00,095,360 | ---- | M] () - C:\WINDOWS\system32\drivers\atapi.sys (BCM43XX) BCM 802.11g Network Adapter Driver [On_Demand | Stopped] [01/12/2003 01:25 PM | 00,163,712 | R--- | M] (Belkin Corporation) - C:\WINDOWS\system32\drivers\BCMWL5.SYS (BlueletAudio) Bluetooth Audio Service [On_Demand | Running] [05/31/2005 04:40 PM | 00,020,480 | ---- | M] (IVT Corporation) - C:\WINDOWS\system32\drivers\blueletaudio.sys (BT) Bluetooth PAN Network Adapter [On_Demand | Stopped] [04/30/2005 03:48 PM | 00,010,804 | ---- | M] (IVT Corporation) - C:\WINDOWS\system32\drivers\BtNetDrv.sys (Btcsrusb) Bluetooth USB For Bluetooth Service [On_Demand | Stopped] [05/31/2005 10:42 AM | 00,023,000 | ---- | M] (IVT Corporation) - C:\WINDOWS\system32\drivers\btcusb.sys (BTHidEnum) Bluetooth HID Enumerator [On_Demand | Running] [04/30/2005 03:50 PM | 00,011,860 | ---- | M] () - C:\WINDOWS\system32\drivers\vbtenum.sys (BTHidMgr) Bluetooth HID Manager Service [Boot | Running] [04/30/2005 03:50 PM | 00,028,271 | ---- | M] (IVT Corporation) - C:\WINDOWS\system32\drivers\BTHidMgr.sys (catchme) catchme [On_Demand | Stopped] File not found - C:\DOCUME~1\Dan\LOCALS~1\Temp\catchme.sys (d346bus) d346bus [Boot | Running] [03/12/2004 11:41 PM | 00,156,800 | ---- | M] ( ) - C:\WINDOWS\system32\drivers\d346bus.sys (d346prt) d346prt [Boot | Running] [03/12/2004 11:41 PM | 00,005,248 | ---- | M] ( ) - C:\WINDOWS\system32\drivers\d346prt.sys (LHidUsbK) Logitech SetPoint USB Receiver device driver [On_Demand | Stopped] File not found - C:\WINDOWS\System32\Drivers\LHidUsbK.Sys (libusb0) LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120 [On_Demand | Running] [05/11/2007 12:12 AM | 00,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) - C:\WINDOWS\system32\drivers\libusb0.sys (LMouKE) Logitech SetPoint Mouse Filter Driver [On_Demand | Stopped] File not found - C:\WINDOWS\System32\Drivers\LMouKE.sys (MxlW2k) MxlW2k [On_Demand | Running] [08/23/2007 05:26 PM | 00,028,352 | ---- | M] (MusicMatch, Inc.) - C:\WINDOWS\System32\drivers\MxlW2k.sys (Pcouffin) Low level access layer for CD devices [On_Demand | Stopped] File not found - C:\WINDOWS\System32\Drivers\Pcouffin.sys (RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [On_Demand | Running] [02/27/2006 12:46 PM | 00,081,408 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtnicxp.sys (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Stopped] [08/03/2004 11:31 PM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\RTL8139.sys (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) [On_Demand | Stopped] [09/18/2006 04:58 PM | 00,061,600 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27bus.sys (SE27mdfl) Sony Ericsson Device 039 USB WMC Modem Filter [On_Demand | Stopped] [09/18/2006 04:58 PM | 00,009,360 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mdfl.sys (SE27mdm) Sony Ericsson Device 039 USB WMC Modem Driver [On_Demand | Stopped] [09/18/2006 04:58 PM | 00,097,184 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mdm.sys (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) [On_Demand | Stopped] [09/18/2006 04:58 PM | 00,088,688 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mgmt.sys (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) [On_Demand | Stopped] [09/18/2006 04:59 PM | 00,018,704 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se27nd5.sys (SE27obex) Sony Ericsson Device 039 USB WMC OBEX Interface [On_Demand | Stopped] [09/18/2006 04:59 PM | 00,086,560 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27obex.sys (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) [On_Demand | Stopped] [09/18/2006 04:59 PM | 00,090,800 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se27unic.sys (SNP325) USB PC Camera (SNPSTD325) [On_Demand | Stopped] File not found - C:\WINDOWS\System32\DRIVERS\snp325.sys (USBAAPL) Apple Mobile USB Driver [On_Demand | Stopped] [10/31/2007 03:09 PM | 00,030,464 | ---- | M] (Apple, Inc.) - C:\WINDOWS\system32\drivers\usbaapl.sys (VComm) Virtual Serial port driver [On_Demand | Running] [10/19/2004 02:37 PM | 00,061,312 | ---- | M] (IVT Corporation) - C:\WINDOWS\system32\drivers\VComm.sys (VcommMgr) Bluetooth VComm Manager Service [On_Demand | Running] [03/25/2005 06:18 PM | 00,082,148 | ---- | M] (IVT Corporation) - C:\WINDOWS\system32\drivers\VcommMgr.sys (VHidMinidrv) Bluetooth HID Device Service [On_Demand | Running] [04/30/2005 03:50 PM | 00,011,736 | ---- | M] (IVT Corporation) - C:\WINDOWS\system32\drivers\VHIDMini.sys (wanatw) WAN Miniport (ATW) [On_Demand | Stopped] File not found - C:\WINDOWS\System32\DRIVERS\wanatw4.sys ===== Run Keys ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/15/2005 04:05 AM | 00,344,064 | ---- | M] (ATI Technologies, Inc.) "avast!" = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [07/19/2008 03:38 PM | 00,078,008 | ---- | M] (ALWIL Software) "bcmwltry" = bcmwltry.exe [01/29/2005 03:09 AM | 00,876,649 | ---- | M] (BT Voyager Corporation) "COMODO Firewall Pro" = "C:\Program Files\COMODO\Firewall\cfp.exe" -h [08/28/2008 06:46 PM | 01,655,552 | ---- | M] () "ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [07/27/2004 11:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation) "ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [07/27/2004 11:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation) "PCMService" = "c:\APPS\Powercinema\PCMService.exe" [02/23/2006 07:08 PM | 00,147,456 | ---- | M] (CyberLink Corp.) "QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.) "removecpl" = RemoveCpl.exe [01/15/2003 09:33 PM | 00,024,576 | ---- | M] () "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) "Vade Retro Outlook Express" = "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [10/04/2004 08:03 PM | 00,310,272 | ---- | M] () "wltray.exe" = C:\WINDOWS\system32\wltray.exe [01/29/2005 03:09 AM | 00,696,422 | ---- | M] (BT Voyager Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Value load does not exist or could not be read. "run" = Reg Error: Value run does not exist or could not be read. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "µTorrent" = "C:\Program Files\uTorrent\utorrent.exe" [07/02/2006 05:29 PM | 00,174,163 | ---- | M] () "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [01/15/2007 05:14 PM | 00,147,456 | ---- | M] (Nero AG) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. ===== Startup Folders ===== [All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup] [Dan Startup Folder - C:\Documents and Settings\Dan\Start Menu\Programs\Startup] [03/16/2005 08:16 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.) - C:\Documents and Settings\Dan\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [08/29/2003 08:05 PM | 00,360,448 | ---- | M] () - C:\Documents and Settings\Dan\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ===== BHO's ===== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] HKLM CLSID: (AcroIEHlprObj Class) - [12/14/2004 08:56 AM | 00,063,136 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}] HKLM CLSID: (SpywareGuardDLBLOCK.CBrowserHelper) - [08/03/2003 12:24 AM | 00,192,512 | R--- | M] () C:\Program Files\SpywareGuard\dlprotect.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] HKLM CLSID: (SSVHelper Class) - [02/22/2008 04:25 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll ===== Toolbars ===== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{C4069E3A-68F1-403E-B40E-20066696354B}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened. ===== Policies ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] Unable to open key or key not present! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername" = 0 "legalnoticecaption" = "legalnoticetext" = "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! ===== Desktop Components ===== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "FriendlyName" = "My Current Home Page" "Source" = "About:Home" "SubscribedURL" = "About:Home" ===== Shared Task Scheduler ===== ===== AppInit_Dlls ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls] " C:\WINDOWS\system32\guard32.dll" - [08/28/2008 06:47 PM | 00,143,104 | ---- | M] () C:\WINDOWS\system32\guard32.dll ===== Lsa Authentication Packages ===== ===== Lsa Security Packages ===== ===== Authorized Applications List ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [02/28/2006 01:00 PM | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe File not found "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 01:44 PM | 00,557,568 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 01:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/04/2007 05:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [02/28/2006 01:00 PM | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found "C:\APPS\Powercinema\PowerCinema.exe" = C:\APPS\Powercinema\PowerCinema.exe [02/23/2006 07:08 PM | 00,053,248 | ---- | M] (CyberLink Corp.) "C:\APPS\Powercinema\PCMService.exe" = C:\APPS\Powercinema\PCMService.exe [02/23/2006 07:08 PM | 00,147,456 | ---- | M] (CyberLink Corp.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe File not found "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe File not found "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [06/06/2005 02:23 PM | 01,183,744 | ---- | M] (IVT Corporation) "C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe File not found "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe File not found "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/14/2004 12:24 AM | 01,694,208 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 01:44 PM | 00,557,568 | ---- | M] (Microsoft Corporation) "C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe [07/02/2006 05:29 PM | 00,174,163 | ---- | M] () "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 01:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/04/2007 05:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe [07/02/2008 07:35 PM | 07,667,312 | ---- | M] (Mozilla Corporation) "C:\Program Files\TVersity\Media Server\TVersity.exe" = C:\Program Files\TVersity\Media Server\TVersity.exe File not found "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [10/27/2006 04:16 PM | 12,813,096 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [10/27/2006 04:37 PM | 00,338,216 | ---- | M] (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [10/27/2006 04:03 PM | 01,018,664 | ---- | M] (Microsoft Corporation) "C:\Program Files\PSPHost\files\usbhostfs.exe" = C:\Program Files\PSPHost\files\usbhostfs.exe File not found "C:\Documents and Settings\Dan\Desktop\usbhostfs_pc\usbhostfs_pc.exe" = C:\Documents and Settings\Dan\Desktop\usbhostfs_pc\usbhostfs_pc.exe File not found "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe [02/28/2006 01:00 PM | 00,083,456 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe [02/28/2006 01:00 PM | 00,033,280 | ---- | M] (Microsoft Corporation) "C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe File not found "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [06/02/2008 11:13 AM | 20,638,504 | ---- | M] (Apple Inc.) ===== HKLM Winlogon Settings ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell] "Explorer.exe" - [06/13/2007 11:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit] "C:\WINDOWS\system32\userinit.exe" - [02/28/2006 01:00 PM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost] "logonui.exe" - [02/28/2006 01:00 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet] "rundll32 shell32" - [10/26/2007 04:34 AM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll "Control_RunDLL "sysdm.cpl"" - [02/28/2006 01:00 PM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl ===== User's Winlogon Settings ===== ===== Winlogon Notify Settings ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DllName" = C:\WINDOWS\system32\ati2evxx.dll [09/15/2005 05:53 PM | 00,046,080 | ---- | M] (ATI Technologies Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] "DllName" = File not found ===== Safeboot Options ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] "AlternateShell" = cmd.exe ===== Disabled MsConfig Items ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services] "KService" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk File not found "backup" = C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk File not found "location" = Common Startup "command" = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 11:44 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) "item" = Adobe Reader Speed Launch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk File not found "backup" = C:\WINDOWS\pss\AOL 9.0 T File not found "location" = Common Startup "command" = C:\PROGRA~1\AOL9~1.0\aoltray.exe File not found "item" = AOL 9.0 Tray Icon [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk File not found "backup" = C:\WINDOWS\pss\AOL Companion.lnk File not found "location" = Common Startup "command" = C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE File not found "item" = AOL Companion [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk File not found "backup" = C:\WINDOWS\pss\BlueSoleil.lnk File not found "location" = Common Startup "command" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [06/06/2005 02:23 PM | 01,183,744 | ---- | M] (IVT Corporation) "item" = BlueSoleil [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk File not found "backup" = C:\WINDOWS\pss\Logitech SetPoint.lnk File not found "location" = Common Startup "command" = C:\PROGRA~1\Logitech\SetPoint\KEM.exe File not found "item" = Logitech SetPoint [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV On-Demand Monitor.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TV On-Demand Monitor.lnk File not found "backup" = C:\WINDOWS\pss\TV On-Demand Monitor.lnk File not found "location" = Common Startup "command" = C:\WINDOWS\Installer\{DF5F33C5-EC50-47A7-830C-1106DA120248}\_6F7BB4C7A76BE7E52EFDD6.exe File not found "item" = TV On-Demand Monitor [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = "hkey" = HKLM "command" = "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\4oD] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = KHost "hkey" = HKLM "command" = C:\Program Files\Kontiki\KHost.exe File not found "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Spyware Protection] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = AOLSP Scheduler "hkey" = HKLM "command" = C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe File not found "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLDialer] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = AOLDial "hkey" = HKLM "command" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe File not found "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools-1033] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = C:\WINDOWS\daemon.dll [03/15/2004 08:28 PM | 00,069,120 | ---- | M] () "hkey" = HKLM "command" = C:\Program Files\D-Tools\daemon.exe [03/12/2004 11:43 PM | 00,081,920 | ---- | M] (DAEMON'S HOME) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DetectorApp] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = DetectorApp "hkey" = HKLM "command" = C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe [10/20/2005 01:15 PM | 00,102,400 | ---- | M] () "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FixCamera] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = C:\WINDOWS\FixCamera.exe [02/12/2007 02:50 PM | 00,020,480 | ---- | M] () "hkey" = HKLM "command" = C:\WINDOWS\FixCamera.exe [02/12/2007 02:50 PM | 00,020,480 | ---- | M] () "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = GrooveMonitor "hkey" = HKLM "command" = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [10/27/2006 01:47 AM | 00,031,016 | ---- | M] (Microsoft Corporation) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = iTunesHelper "hkey" = HKLM "command" = C:\Program Files\iTunes\iTunesHelper.exe [06/02/2008 11:13 AM | 00,267,048 | ---- | M] (Apple Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kdx] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = KHost "hkey" = HKCU "command" = C:\Program Files\Kontiki\KHost.exe File not found "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lexmark 1200 Series] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = lxczbmgr "hkey" = HKLM "command" = C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe File not found "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Hardware Abstraction Layer] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = KHALMNPR "hkey" = HKLM "command" = KHALMNPR.EXE "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Muchobene] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = Muchobene "hkey" = HKCU "command" = C:\Program Files\Muchobene\Muchobene.exe [07/30/2008 01:52 AM | 00,651,264 | ---- | M] () "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = NeroCheck "hkey" = HKLM "command" = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [01/12/2006 04:40 PM | 00,155,648 | ---- | M] (Nero AG) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = QTTask "hkey" = HKLM "command" = C:\Program Files\QuickTime\QTTask.exe [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = RealPlay "hkey" = HKLM "command" = C:\Program Files\Real\RealPlayer\realplay.exe [08/27/2006 09:28 PM | 00,026,112 | ---- | M] (RealNetworks, Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Recguard] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = RECGUARD "hkey" = HKLM "command" = C:\WINDOWS\SMINST\Recguard.exe [09/13/2002 09:42 PM | 00,212,992 | ---- | M] () "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = Skype "hkey" = HKCU "command" = C:\Program Files\Skype\Phone\Skype.exe File not found "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony Ericsson PC Suite] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = Application Launcher "hkey" = HKLM "command" = C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [10/26/2005 06:17 PM | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMan] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = C:\WINDOWS\soundman.exe [03/01/2006 11:22 PM | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) "hkey" = HKLM "command" = C:\WINDOWS\soundman.exe [03/01/2006 11:22 PM | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state] "system.ini" = 0 "win.ini" = 0 "bootini" = 0 "services" = 2 "startup" = 2 ===== DNS Name Servers ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{17A78830-D441-4939-8253-CEB4896A8F20}] Servers: | Description: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{25EA5E44-24E3-41C2-BC05-E1CD43AF22CD}] Servers: | Description: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{263C736D-A5CB-4479-8D8D-EDCF7040A4C0}] Servers: | Description: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{2D4138DC-1B73-4C77-9E79-A210BD088ECB}] Servers: | Description: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{38BC9C0D-4B88-496E-BA18-B5CFF022857F}] Servers: | Description: Sony Ericsson Device 039 USB Ethernet Emulation (NDIS 5) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{4703DF73-4DB2-42D2-A390-CB1BD41B658C}] Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{62295252-E2A0-4571-8E78-64A127BA1FCE}] Servers: | Description: BT Voyager 1055 Laptop Adapter [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{67161E81-F8DA-45D5-B1C3-4C448A206E24}] Servers: | Description: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8205D248-A8D8-4DBC-946B-2F127C9DFF09}] Servers: | Description: Belkin 802.11g Network Adapter [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AEA52C0D-7AD4-4CE7-9B60-786757B2378D}] Servers: 192.168.1.1 | Description: BT Voyager 1055 Laptop Adapter [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{DAB66FCE-E171-426D-98E8-FE639283EBBE}] Servers: | Description: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{FAD8D89F-A18E-4916-BD0D-90C02E5AEEC6}] Servers: | Description: ===== CDRom AutoRun Settings ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ===== Autorun Files on Drives ===== AUTOEXEC.BAT [] [08/27/2006 08:32 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ] AUTORUN.INF [[autorun] | OPEN=SETUP.EXE /AUTORUN | ICON=SETUP.EXE,1 | | shell\configure=&Configure... | shell\configure\command=SETUP.EXE | | shell\install=&Install... | shell\install\command=SETUP.EXE | ] [06/20/2003 01:00 PM | 00,000,184 | R--- | M] () E:\AUTORUN.INF [ CDFS ] AUTORUN.INF [[autorun] | OPEN=SETUP.EXE /AUTORUN | ICON=SETUP.EXE,1 | | shell\configure=&Configure... | shell\configure\command=SETUP.EXE | | shell\install=&Install... | shell\install\command=SETUP.EXE | ] [06/20/2003 01:00 PM | 00,000,184 | R--- | M] () J:\AUTORUN.INF [ CDFS ] ===== MountPoints2 ===== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07d67c82-35ce-11db-ba55-0016ecbde158}\Shell] "" = None [HKEY_CURRENT_USER\SO |