Welcome Guest ( Log In | Register )

      
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
2 Pages V   1 2 >  
 Closed TopicStart new topic
win32: trojan - gen [RESOLVED]
luciaw
post Oct 4 2008, 12:40 PM
Post #1


Member
**
Posts: 19
OS: Windows XP Home Edition
So, I managed to get some kind of malware/virus on my computer this week. It came in the form of saying I needed to download codecs for a media player, and when I downloaded the file, it put icons on my desktop for free games/porn and some other things. I immediataly deleted the file, but obviously it was too late.

What it does is keep bringing a pop-up which says that my system has been infected and click the pop-up to download a program to clean it. No matter what you say(yes/no, try to close it) it opens a tab in my browser (firefox) which shows a simulated 'My Computer' window with a system being scanned which has lots of errors. First it seemed to be linked to Internet Explorer, because if you opened IE, you cant click on any links, and all it does is bring up that pop-up. Now whenever I open any folder in My Documents or My Music, it brings the same thing.

I use avast as my anti-virus program, and also run Ad-Aware and Spybot - Search&Destroy. The first time I ran them (yesterday), all of them found some kind of trojan (Win32:Trojan - gen(other), virus/worm) and quarantined/deleted the files. I ran them again today and they all said the system was clean, but this pop-up still keeps showing up. I also ran the free cleaner you can get from avast (http://www.avast.com/eng/down_cleaner.html), but this didnt find any problems.

I followed the steps in the Malware cleaning guide, but had some problems:
-I couldnt create a system restore point with the program listed. Whenever I would try to run the program, it would give a "Failed to Initialize Properly" error
-When I tried to download and run the 'Malwarebytes' Anti-Malware' program, at 96% of installation, avast would detect a virus (again win32 trojan), so I thought it best to leave it.

Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:49 PM, on 10/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arseblog.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Anyway toolbar - {7F47CD2E-581E-4C07-9AD5-82451B604699} - C:\WINDOWS\system32\gjopli.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MMTrayLSI] C:\WINDOWS\System32\MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] C:\WINDOWS\System32\MMTray2k.exe
O4 - HKLM\..\Run: [MMTray] C:\WINDOWS\System32\MMTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134593685625
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://gto.postbank.nl/GTO/PBGNX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 9080 bytes



Thanks for the help!

-lucia.

This post has been edited by luciaw: Oct 4 2008, 12:42 PM
Go to the top of the page
 
+Quote Post
OldTimer
post Oct 4 2008, 12:52 PM
Post #2


GeekU Moderator
Group Icon
Posts: 1,612
From: Holland Michigan USA
OS: XP Pro
Hello luciaw and welcome to GeeksToGo. Let's see what we can find.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Do not change any settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
Go to the top of the page
 
+Quote Post
luciaw
post Oct 4 2008, 01:05 PM
Post #3


Member
**
Posts: 19
OS: Windows XP Home Edition
Hi,

This is what I get:

First part:
[code]
OTScanIt logfile created on: 10/4/2008 9:02:09 PM - Run
OTScanIt2 by OldTimer - Version 1.0.0.0b Folder = C:\Documents and Settings\lucia Wamiti\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 178.64 Mb Available Physical Memory | 35.03% Memory free
1.22 Gb Paging File | 0.75 Gb Available in Paging File | 61.62% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 5.96 Gb Free Space | 8.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACHIEVER
Current User Name: lucia Wamiti
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/06/21 11:00:23 | 00,611,664 | ---- | M] (Lavasoft)
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/07/19 16:25:06 | 00,016,056 | ---- | M] (ALWIL Software)
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/07/19 16:38:28 | 00,147,640 | ---- | M] (ALWIL Software)
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
mmtraylsi.exe -> %SystemRoot%\SYSTEM32\mmtraylsi.exe -> [2003/03/25 05:49:02 | 00,053,248 | ---- | M] (Morgan Multimedia)
mmtray2k.exe -> %SystemRoot%\SYSTEM32\mmtray2k.exe -> [2003/03/25 05:49:02 | 00,057,344 | ---- | M] ()
mmtray.exe -> %SystemRoot%\SYSTEM32\mmtray.exe -> [2003/03/25 05:49:02 | 00,053,248 | ---- | M] (Morgan Multimedia)
hkcmd.exe -> %SystemRoot%\SYSTEM32\hkcmd.exe -> [2005/10/19 08:59:12 | 00,126,976 | ---- | M] (Intel Corporation)
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> [2008/07/19 16:38:34 | 00,078,008 | ---- | M] (ALWIL Software)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.)
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [2008/08/04 01:02:20 | 00,036,352 | ---- | M] ()
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> [2008/09/16 12:16:08 | 01,833,296 | ---- | M] (Safer Networking Limited)
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 04:06:00 | 00,024,576 | R--- | M] (BVRP Software)
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/07/19 16:38:04 | 00,250,040 | ---- | M] (ALWIL Software)
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/07/23 16:25:45 | 00,348,344 | ---- | M] (ALWIL Software)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/09/30 07:51:01 | 00,307,712 | ---- | M] (Mozilla Corporation)
usnsvc.exe -> %ProgramFiles%\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/10/04 14:38:26 | 00,413,696 | ---- | M] (OldTimer Tools)

[Win32 Services - Safe List]
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> [2008/06/21 11:00:23 | 00,611,664 | ---- | M] (Lavasoft)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.)
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/07/19 16:25:06 | 00,016,056 | ---- | M] (ALWIL Software)
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/07/19 16:38:28 | 00,147,640 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/07/19 16:38:04 | 00,250,040 | ---- | M] (ALWIL Software)
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/07/23 16:25:45 | 00,348,344 | ---- | M] (ALWIL Software)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(Buzzsaw_Defragmentation) Buzzsaw_Defragmentation [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\MATCO\BuzzSawService.exe -> [2006/04/01 13:11:28 | 00,323,584 | ---- | M] (SpyderComm, Inc.)
(CiscoVpnInstallService) Cisco Systems, Inc. Installer service [Win32_Own | Disabled | Stopped] -> %UserProfile%\Local Settings\Temp\RarSFX0\installservice.exe -> File not found
(CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\cisvc.exe -> [2008/04/14 02:12:14 | 00,005,632 | ---- | M] (Microsoft Corporation)
(DirMS_Defragmentation) DirMS_Defragmentation [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\MATCO\DirmsService.exe -> [2006/04/01 13:11:54 | 00,233,472 | ---- | M] ()
(Fax) Fax [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\fxssvc.exe -> [2008/04/14 02:12:21 | 00,267,776 | ---- | M] (Microsoft Corporation)
(getPlus® Helper) getPlus® Helper [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\NOS\bin\getPlus_HelperSvc.exe -> [2008/08/29 10:01:22 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.)
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2007/02/01 19:23:38 | 00,138,168 | ---- | M] (Google)
(IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.)
(KPF4) Sunbelt Kerio Personal Firewall 4 [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Sunbelt Software\Personal Firewall\kpf4ss.exe -> [2006/07/18 12:02:58 | 01,205,784 | ---- | M] (Sunbelt Software)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation)
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2008/07/19 16:32:15 | 00,026,944 | ---- | M] (ALWIL Software)
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ABP480N5.SYS -> [2001/08/17 15:52:00 | 00,023,552 | ---- | M] (Microsoft Corporation)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ADPU160M.SYS -> [2001/08/17 16:07:32 | 00,101,888 | ---- | M] (Microsoft Corporation)
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\aeaudio.sys -> [2002/04/01 15:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation)
(agpCPQ) Compaq AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\agpcpq.sys -> [2008/04/13 20:36:39 | 00,044,928 | ---- | M] (Microsoft Corporation)
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\AHA154X.SYS -> [2001/08/17 15:52:02 | 00,012,800 | ---- | M] (Microsoft Corporation)
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\AIC78U2.SYS -> [2001/08/17 16:07:36 | 00,055,168 | ---- | M] (Microsoft Corporation)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\AIC78XX.SYS -> [2001/08/17 16:07:38 | 00,056,960 | ---- | M] (Microsoft Corporation)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ALIIDE.SYS -> [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(alim1541) ALI AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\alim1541.sys -> [2008/04/13 20:36:38 | 00,042,752 | ---- | M] (Microsoft Corporation)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\amdagp.sys -> [2008/04/13 20:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(amsint) amsint [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\AMSINT.SYS -> [2001/08/17 15:52:04 | 00,012,032 | ---- | M] (Microsoft Corporation)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC.SYS -> [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC3350P.SYS -> [2001/08/17 15:52:04 | 00,022,400 | ---- | M] (Microsoft Corporation)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC3550.SYS -> [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(ASPI32) ASPI32 [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\aspi32.sys -> [2002/07/17 09:05:10 | 00,016,512 | ---- | M] (Adaptec)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\aswFsBlk.sys -> [2008/07/19 16:37:42 | 00,020,560 | ---- | M] (ALWIL Software)
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2008/07/19 16:37:21 | 00,094,416 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2008/07/19 16:33:42 | 00,023,152 | ---- | M] (ALWIL Software)
(aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> [2008/07/19 16:35:18 | 00,078,416 | ---- | M] (ALWIL Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2008/07/19 16:32:36 | 00,042,912 | ---- | M] (ALWIL Software)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\bcm4sbxp.sys -> [2003/07/15 18:20:46 | 00,043,136 | ---- | M] (Broadcom Corporation)
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CD20XRNT.SYS -> [2001/08/17 15:52:06 | 00,007,680 | ---- | M] (Microsoft Corporation)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CMDIDE.SYS -> [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CPQARRAY.SYS -> [2001/08/17 15:52:06 | 00,014,976 | ---- | M] (Microsoft Corporation)
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CVirtA.sys -> [2007/01/18 16:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DAC2W2K.SYS -> [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DAC960NT.SYS -> [2001/08/17 15:52:16 | 00,014,720 | ---- | M] (Microsoft Corporation)
(Dot4Scan) Scan Class Driver for IEEE-1284.4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\Dot4scan.sys -> [2001/08/17 13:47:32 | 00,008,704 | ---- | M] (Microsoft Corporation)
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DPTI2O.SYS -> [2001/08/17 16:07:44 | 00,020,192 | ---- | M] (Microsoft Corporation)
(EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\EL90XBC5.SYS -> [2001/08/17 14:11:06 | 00,066,591 | ---- | M] (3Com Corporation)
(fwdrv) Firewall Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\fwdrv.sys -> [2006/07/18 12:02:50 | 00,284,184 | ---- | M] (Sunbelt Software)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(gkmixern) gkmixern [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Helen\LOCALS~1\Temp\gkmixern.sys -> File not found
(hpn) hpn [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\HPN.SYS -> [2001/08/17 16:07:44 | 00,025,952 | ---- | M] (Microsoft Corporation)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSFHWBS2.sys -> [2003/07/02 12:26:20 | 00,202,368 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSF_DP.sys -> [2003/07/02 12:24:16 | 01,063,936 | ---- | M] (Conexant Systems, Inc.)
(i2omgmt) i2omgmt [Kernel | System | Running] -> %SystemRoot%\System32\drivers\i2omgmt.sys -> [2008/04/13 20:41:22 | 00,008,576 | ---- | M] (Microsoft Corporation)
(i2omp) i2omp [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\i2omp.sys -> [2008/04/13 20:41:22 | 00,018,560 | ---- | M] (Microsoft Corporation)
(i81x) i81x [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\i81xnt5.sys -> [2004/08/04 07:29:36 | 00,161,020 | ---- | M] (Intel® Corporation)
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv01nt.sys -> [2004/08/04 07:29:37 | 00,012,415 | ---- | M] (Intel® Corporation)
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv02nt.sys -> [2004/08/04 07:29:37 | 00,012,127 | ---- | M] (Intel® Corporation)
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv05nt.sys -> [2004/08/04 07:29:37 | 00,011,775 | ---- | M] (Intel® Corporation)
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wsiintxx.sys -> [2004/08/04 07:29:47 | 00,012,063 | ---- | M] (Intel® Corporation)
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wvchntxx.sys -> [2004/08/04 07:29:49 | 00,019,455 | ---- | M] (Intel® Corporation)
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv01nt.sys -> [2004/08/04 07:29:41 | 00,029,311 | ---- | M] (Intel® Corporation)
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv02nt.sys -> [2004/08/04 07:29:42 | 00,019,551 | ---- | M] (Intel® Corporation)
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv04nt.sys -> [2004/08/04 07:29:43 | 00,033,599 | ---- | M] (Intel® Corporation)
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wch7xxnt.sys -> [2004/08/04 07:29:45 | 00,023,615 | ---- | M] (Intel® Corporation)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmnt5.sys -> [2005/10/19 08:59:12 | 00,807,998 | ---- | M] (Intel Corporation)
(ini910u) ini910u [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\INI910U.SYS -> [2001/08/17 15:52:08 | 00,016,000 | ---- | M] (Microsoft Corporation)
(intelppm) Intel Processor Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\intelppm.sys -> [2008/04/13 20:31:32 | 00,036,352 | ---- | M] (Microsoft Corporation)
(irda) IrDA Protocol [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\irda.sys -> [2008/04/13 20:54:36 | 00,088,192 | ---- | M] (Microsoft Corporation)
(khips) Kerio HIPS Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\khips.sys -> [2006/07/18 12:02:52 | 00,091,672 | ---- | M] (Sunbelt Software)
(KS-959) Kingsun KS-959 USB Infrared Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\KS-959.sys -> [2005/09/05 03:59:24 | 00,019,034 | R--- | M] (Kingsun Corporation)
(MA-620) Mobile Action MA-660 USB Infrared Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MA-620.sys -> [2003/03/25 10:55:04 | 00,027,136 | R--- | M] (Mobile Action Tech. Inc.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mdmxsdk.sys -> [2003/04/09 15:48:08 | 00,011,043 | ---- | M] (Conexant)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(MSIRCOMM) Microsoft IR Communications Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\msircomm.sys -> [2008/04/13 20:54:28 | 00,022,016 | ---- | M] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nv4_mini.sys -> [2004/08/04 07:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\omci.sys -> [2002/11/08 15:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation)
(PCIIde) PCIIde [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PCIIDE.SYS -> [2001/08/17 15:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation)
(perc2) perc2 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\PERC2.SYS -> [2001/08/17 16:07:40 | 00,027,296 | ---- | M] (Microsoft Corporation)
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\PERC2HIB.SYS -> [2001/08/17 16:07:42 | 00,005,504 | ---- | M] (Microsoft Corporation)
(Processor) Processor Driver [Kernel | System | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\processr.sys -> [2008/04/13 20:31:30 | 00,035,840 | ---- | M] (Microsoft Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PTILINK.SYS -> [2002/08/29 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pxhelp20.sys -> [2007/03/08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1080.SYS -> [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL10WNT.SYS -> [2001/08/17 15:52:16 | 00,033,152 | ---- | M] (Microsoft Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL12160.SYS -> [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1240.SYS -> [2001/08/17 15:52:16 | 00,040,448 | ---- | M] (Microsoft Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1280.SYS -> [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(Rasirda) WAN Miniport (IrDA) [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\rasirda.sys -> [2001/08/17 13:51:32 | 00,019,584 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> [2007/11/13 12:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sisagp.sys -> [2008/04/13 20:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> [2003/02/28 11:17:18 | 00,545,024 | ---- | M] (Analog Devices, Inc.)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\sptd.sys -> [2007/02/28 20:08:26 | 00,639,224 | ---- | M] ()
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC810.SYS -> [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC8XX.SYS -> [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_HI.SYS -> [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_U3.SYS -> [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(tbhsd) Tunebite High-Speed Dubbing [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\tbhsd.sys -> [2005/10/03 13:52:58 | 00,014,080 | ---- | M] (RapidSolution Software)
(TIEHDUSB) TIEHDUSB [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\tiehdusb.sys -> [2004/02/04 10:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated)
(TosIde) TosIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\TOSIDE.SYS -> [2001/08/17 15:51:56 | 00,004,992 | ---- | M] (Microsoft Corporation)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ULTRA.SYS -> [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(USB-100) SMC Compact USB to Ethernet converter [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SMC2208.SYS -> [2002/06/14 16:12:00 | 00,023,938 | ---- | M] (SMC2208USB/ETH)
(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\usbehci.sys -> [2008/04/13 20:45:35 | 00,030,208 | ---- | M] (Microsoft Corporation)
(viaagp) VIA AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\viaagp.sys -> [2008/04/13 20:36:40 | 00,042,240 | ---- | M] (Microsoft Corporation)
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\viaide.sys -> [2008/04/13 20:40:31 | 00,005,376 | ---- | M] (Microsoft Corporation)
(vsdatant) vsdatant [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\vsdatant.sys -> [2006/07/09 13:42:44 | 00,392,824 | ---- | M] (Zone Labs, LLC)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSF_CNXT.sys -> [2003/07/02 12:25:24 | 00,631,680 | ---- | M] (Conexant Systems, Inc.)
(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wpdusb.sys -> [2006/10/18 21:00:00 | 00,038,528 | ---- | M] (Microsoft Corporation)
(WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\WudfPf.sys -> [2006/09/28 19:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation)
(WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\WudfRd.sys -> [2006/09/28 20:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation)
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmsbw.sys -> [2003/10/08 12:12:24 | 00,120,830 | ---- | M] (Intel Corporation)
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmkchw.sys -> [2003/10/08 12:12:16 | 00,098,842 | ---- | M] (Intel Corporation)


This post has been edited by luciaw: Oct 4 2008, 01:10 PM
Go to the top of the page
 
+Quote Post
luciaw
post Oct 4 2008, 01:12 PM
Post #4


Member
**
Posts: 19
OS: Windows XP Home Edition
2nd part:
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Secondary_Page_URL -> ->
HKEY_LOCAL_MACHINE\: Main\\Extensions Off Page -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Secondary Start Pages -> ->
HKEY_LOCAL_MACHINE\: Main\\Security Risk Page -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Page_Transitions -> ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\SearchDefaultBranded -> ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.arseblog.com/ ->
HKEY_CURRENT_USER\: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %SystemRoot%\SYSTEM32\ieframe.dll [Microsoft Url Search Hook] -> [2008/06/23 18:57:33 | 06,066,176 | ---- | M] (Microsoft Corporation)
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< HOSTS File > (224670 bytes and 7928 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 22:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> %ProgramFiles%\Skype\Phone\IEPlugin\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2006/12/18 18:30:10 | 00,726,568 | ---- | M] (Skype Technologies S.A.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 14:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 04:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{7F47CD2E-581E-4C07-9AD5-82451B604699} [HKLM] -> %SystemRoot%\SYSTEM32\gjopli.dll [Anyway toolbar] -> [2008/10/02 21:07:32 | 00,065,536 | ---- | M] ()
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2007/09/20 10:30:18 | 00,328,752 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> [2007/01/20 00:55:32 | 02,403,392 | R--- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [Google Toolbar Notifier BHO] -> [2008/09/19 16:49:04 | 00,737,776 | ---- | M] (Google Inc.)
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> [2005/02/22 13:50:34 | 00,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> [2007/01/20 00:55:32 | 02,403,392 | R--- | M] (Google Inc.)
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/22 13:50:34 | 00,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> [2007/01/20 00:55:32 | 02,403,392 | R--- | M] (Google Inc.)
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> [2007/01/20 00:55:32 | 02,403,392 | R--- | M] (Google Inc.)
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 9.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2008/06/12 02:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2008/09/03 20:12:50 | 00,111,936 | ---- | M] (Apple Inc.)
"avast!" -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> [2008/07/19 16:38:34 | 00,078,008 | ---- | M] (ALWIL Software)
"EPSON Stylus DX3800 Series" -> %SystemRoot%\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIACE.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"] -> [2005/02/08 06:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION)
"HotKeysCmds" -> %SystemRoot%\SYSTEM32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2005/10/19 08:59:12 | 00,126,976 | ---- | M] (Intel Corporation)
"IgfxTray" -> %SystemRoot%\SYSTEM32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2005/10/19 08:59:14 | 00,155,648 | ---- | M] (Intel Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.)
"MMTray" -> %SystemRoot%\SYSTEM32\mmtray.exe [C:\WINDOWS\System32\MMTray.exe] -> [2003/03/25 05:49:02 | 00,053,248 | ---- | M] (Morgan Multimedia)
"MMTray2K" -> %SystemRoot%\SYSTEM32\mmtray2k.exe [C:\WINDOWS\System32\MMTray2k.exe] -> [2003/03/25 05:49:02 | 00,057,344 | ---- | M] ()
"MMTrayLSI" -> %SystemRoot%\SYSTEM32\mmtraylsi.exe [C:\WINDOWS\System32\MMTrayLSI.exe] -> [2003/03/25 05:49:02 | 00,053,248 | ---- | M] (Morgan Multimedia)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/09/06 15:09:14 | 00,413,696 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"WinampAgent" -> %ProgramFiles%\Winamp\winampa.exe ["C:\Program Files\Winamp\winampa.exe"] -> [2008/08/04 01:02:20 | 00,036,352 | ---- | M] ()
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2008/09/16 12:16:08 | 01,833,296 | ---- | M] (Safer Networking Limited)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 04:06:00 | 00,024,576 | R--- | M] (BVRP Software)
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA9.EXE -> [2000/01/21 03:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation)
< lucia Wamiti Startup Folder > -> C:\Documents and Settings\lucia Wamiti\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Last.fm Helper.lnk -> %ProgramFiles%\Last.fm\LastFMHelper.exe -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"AllowLegacyWebView" -> [1] -> File not found
\\"AllowUnhashedWebView" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" -> [0] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 02:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 02:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2006/08/29 19:54:40 | 04,621,816 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4190 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4204 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] ->
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [HKLM] -> http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[Symantec AntiVirus scanner] ->
{33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] ->
{41F17733-B041-4099-A042-B518BB6A408C} [HKLM] -> http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe[Reg Error: Key does not exist or could not be opened.] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab[MSN Photo Upload Tool] ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[Symantec RuFSI Utility Class] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdat...b?1134593685625[MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_07] ->
{9600F64D-755F-11D4-A47F-0001023E6D5A} [HKLM] -> http://web1.shutterfly.com/downloads/Uploader.cab[Shutterfly Picture Upload Plugin] ->
{C946EF6D-296D-4907-A6E1-ED0E8E5AF024} [HKLM] -> http://mail.lycos.com/hanmail-ax/AttachMail.cab[LycosMail Upload Control] ->
{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl...indows-i586.cab[Java Plug-in 1.4.2_14] ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_04] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_06] ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_09] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_11] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[Shockwave Flash Object] ->
{DE591B16-A452-11D6-AED1-0001030A4E46} [HKLM] -> https://gto.postbank.nl/GTO/PBGNX.cab[PBGNX Control] ->
ppctlcab [HKLM] -> http://www.pestscan.com/scanner/ppctlcab.cab[Reg Error: Key does not exist or could not be opened.] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{3FB900EB-B293-41B4-B844-770FFFB1858F} -> (Broadcom 440x 10/100 Integrated Controller) ->
{4F42D624-77EC-4F8F-8308-EA62C3CD2E06} -> (SMC Compact USB to Ethernet converter) ->
{5CBF4796-D682-4822-8C01-F64031D5EBBB} -> (SMC Compact USB to Ethernet converter) ->
{CAC94420-A4B3-40F8-B342-7D2404F927A9} -> (SMC Compact USB to Ethernet converter) ->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> [2005/10/19 08:59:14 | 00,348,160 | ---- | M] (Intel Corporation)
WgaLogon -> %SystemRoot%\SYSTEM32\WgaLogon.dll -> [2007/03/15 18:16:42 | 00,236,928 | ---- | M] (Microsoft Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKLM] -> %SystemRoot%\SYSTEM32\upnpui.dll [UPnPMonitor] -> [2008/04/14 02:12:08 | 00,239,616 | ---- | M] (Microsoft Corporation)
"{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> %SystemRoot%\SYSTEM32\WPDShServiceObj.dll [WPDShServiceObj] -> [2006/10/18 22:47:22 | 00,133,632 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 02:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 02:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\ABC\abc.exe" -> C:\Program Files\ABC\abc.exe [C:\Program Files\ABC\abc.exe:*:Enabled:abc] -> File not found
"C:\Program Files\Azureus\Azureus.exe" -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> [2008/05/06 18:10:54 | 00,254,976 | ---- | M] (Azureus Inc)
"C:\Program Files\BitTorrent\btdownloadgui.exe" -> C:\Program Files\BitTorrent\btdownloadgui.exe [C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui] -> File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.)
"C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe" -> C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe [C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary] -> [2005/06/03 02:24:14 | 00,049,250 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe" -> C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe [C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary] -> [2005/11/10 12:27:16 | 00,049,250 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" -> C:\Program Files\Kazaa Lite K++\KazaaLite.kpp [C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Disabled:KazaaLite] -> File not found
"C:\Program Files\Maple 11\jre\bin\java.exe" -> C:\Program Files\Maple 11\jre\bin\java.exe [C:\Program Files\Maple 11\jre\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary] -> [2007/11/16 09:02:22 | 00,049,248 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\Maple 11\jre\bin\maple.exe" -> C:\Program Files\Maple 11\jre\bin\maple.exe [C:\Program Files\Maple 11\jre\bin\maple.exe:*:Enabled:Maple 11] -> [2007/11/16 09:02:37 | 00,057,442 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger] -> [2008/04/14 02:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\mIRC\mirc.exe" -> C:\Program Files\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Disabled:mIRC] -> File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2008/09/30 07:51:01 | 00,307,712 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Real\RealOne Player\realplay.exe" -> C:\Program Files\Real\RealOne Player\realplay.exe [C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player] -> [2006/05/19 16:23:45 | 00,208,941 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2006/12/18 18:32:52 | 25,365,032 | ---- | M] (Skype Technologies S.A.)
"C:\Program Files\Soulseek\slsk.exe" -> C:\Program Files\Soulseek\slsk.exe [C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek] -> [2005/04/18 00:08:10 | 03,112,960 | ---- | M] ()
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe" -> C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe [C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI] -> [2006/07/18 12:02:56 | 01,955,352 | ---- | M] (Sunbelt Software)
"C:\Pr