it was initially Symantec Antivirus that showed the warning. it is under the "Risk History" report within Symantec that showed it was Adware.ZangoSearch (which it still currently does), showed that i was infected, and that it could neither be removed or quarantined. running ewido anti-spyware, it was able to detect 5 infected files.
anywho, i followed your advice and here are the results to the WindPFind scan:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 9/13/2006 9:27:28 PM
WinPFind v1.5.0 Folder = C:\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
FSG! 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
PEC2 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
PECompact2 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
Umonitor 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
qoologic 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
aspack 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
PTech 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
urllogic 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
ad-beh 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
ad-behNior.com 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
sYVLLSAKY 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
_rtneg3 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
SAHAgent 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
buddy.exe 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
ZepMon 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
aurora.exe 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
;2x(V]@BMD 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
Tlji7Mk 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
urllogic 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
KavSvc 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
69.59.186.63 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
209.66.67.134 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
66.63.167.97 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
66.63.167.77 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
abetterinternet.com 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
8B!7F\(T 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
testpopup 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
web-nex 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
yourkey 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
winsync 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
rec2_run 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
WinShutDown 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
ad-w-a-r-e.com 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
WSUD 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
Call (RPC) Help 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
lightspeedsarch 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
NIWU.UWIN 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
UpackByDwing 8/13/2006 10:46:30 AM 429 C:\patterns.txt ()
UPX! 9/2/2006 11:17:04 AM 210432 C:\winpfind.exe (OldTimer Tools)
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 12/21/1999 8:58:02 AM 21312 C:\WINDOWS\choice.exe ()
Checking %System% folder...
UPX! 9/17/2001 1:20:02 PM 9216 C:\WINDOWS\SYSTEM32\cpuinf32.dll ()
PEC2 3/31/2003 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dll (DivX, Inc.)
PECompact2 4/19/2006 10:09:20 PM 619156 C:\WINDOWS\SYSTEM32\divx.dll (DivX, Inc.)
PTech 6/19/2006 5:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 9/11/2006 11:37:22 AM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 9/11/2006 11:37:22 AM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/18/2001 12:36:52 AM 1135616 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/4/2004 1:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
PEC2 2/28/2002 1:42:54 PM 13107200 C:\WINDOWS\SYSTEM32\oembios.bin ()
Umonitor 8/4/2004 1:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 3/31/2003 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 5:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)
Checking %System%\Drivers folder and sub-folders...
PTech 2/16/2003 6:33:00 PM 1293192 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys ( )
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS
127.0.0.1 download1.shopathomeselect.com #[ADW_SAHAGENT.A]
127.0.0.1 www.shopathomeselect.com #[Adware.SAHAgent]
127.0.0.1 web-nexus.net #[Adw.Web-Nexus.WebNexusAdServer]
127.0.0.1 ax.web-nexus.net #[TROJ_QOOLAID.R]
127.0.0.1 dl.web-nexus.net #[eTrust.Win32.Qoologic]
127.0.0.1 dl.web-nexus.net #[eTrust.Win32.Qoologic]
127.0.0.1 stech.web-nexus.net #[Trojan-Downloader.Win32.Qoologic.p]
127.0.0.1 stech.web-nexus.net #[Trojan-Downloader.Win32.Qoologic.p]
127.0.0.1 www.web-nexus.net
127.0.0.1 agentq.vpptechnologies.com
127.0.0.1 js.vpptechnologies.com
127.0.0.1 media-0.vpptechnologies.com
127.0.0.1 media-1.vpptechnologies.com
127.0.0.1 media-2.vpptechnologies.com #[SiteAdvisor.fish-screensaver.com]
127.0.0.1 media-4.vpptechnologies.com
127.0.0.1 media-5.vpptechnologies.com
127.0.0.1 media-6.vpptechnologies.com
127.0.0.1 media-8.vpptechnologies.com #[SiteAdvisor.fish-screensaver.com]
127.0.0.1 media-a.vpptechnologies.com
127.0.0.1 media-b.vpptechnologies.com
127.0.0.1 media-c.vpptechnologies.com
127.0.0.1 media-d.vpptechnologies.com
127.0.0.1 media-e.vpptechnologies.com
127.0.0.1 media-f.vpptechnologies.com
127.0.0.1 msxml.vpptechnologies.com
127.0.0.1 static.vpptechnologies.com #[hotsearchbar.com]
127.0.0.1 xml.vpptechnologies.com #[BlazeFind]
127.0.0.1 ad-w-a-r-e.com #[Win32.Canbede][Troj/Dloader-IG]
127.0.0.1 www.ad-w-a-r-e.com #[AdWare.Win32.Look2Me.ab]
127.0.0.1 abetterinternet.com #[Downloader.Stubby.A][Adware.Aurora]
127.0.0.1 download.abetterinternet.com #[Adware.StopPopupAdsNow]
127.0.0.1 s.abetterinternet.com #[server down?]
127.0.0.1 st.abetterinternet.com
127.0.0.1 static.abetterinternet.com
127.0.0.1 thinstall.abetterinternet.com
127.0.0.1 www.abetterinternet.com #[Trojan-Downloader.Win32.Stubby.d]
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/13/2006 9:25:22 PM S 2048 C:\WINDOWS\bootstat.dat ()
9/12/2006 6:40:10 AM H 54156 C:\WINDOWS\QTFont.qfn ()
7/28/2006 6:16:08 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat ()
7/27/2006 8:00:28 AM S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat ()
7/21/2006 3:03:14 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat ()
8/21/2006 7:00:10 AM S 11749 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat ()
9/13/2006 9:25:10 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
9/13/2006 9:25:42 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
9/13/2006 9:25:24 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG ()
9/13/2006 9:26:38 PM H 188416 C:\WINDOWS\system32\config\software.LOG ()
9/13/2006 9:25:30 PM H 991232 C:\WINDOWS\system32\config\system.LOG ()
9/13/2006 5:37:42 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
9/13/2006 9:22:08 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()
Checking for CPL files...
8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 1:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 1:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 1:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
3/31/2003 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
3/31/2003 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
10/6/2003 3:16:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
5/6/2001 1:14:22 PM 24665 C:\WINDOWS\SYSTEM32\plugincpl131.cpl (Sun Microsystems)
3/4/2002 5:38:02 PM 45148 C:\WINDOWS\SYSTEM32\plugincpl131_02.cpl (Sun Microsystems)
8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
1/17/2003 3:55:36 AM 397312 C:\WINDOWS\SYSTEM32\slcpappl.cpl ()
9/2/2003 7:23:50 PM 73728 C:\WINDOWS\SYSTEM32\sscpl.cpl (NVIDIA Corporation)
8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
3/31/2003 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
Checking for Downloaded Program Files...
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase =
http://update.micros...b?1152256406140{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.3.1 - CodeBase =
http://java.sun.com/...all-131-win.cab{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - a-squared Scanner - CodeBase =
http://ax.emsisoft.com/asquared.cab{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} - Java Plug-in 1.3.1 - CodeBase =
http://java.sun.com/...all-131-win.cab{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - Java Plug-in 1.3.1_02 - CodeBase =
http://java.sun.com/...-131_02-win.cab{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase =
http://fpdownload.ma...ent/swflash.cab»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
8/9/2006 5:25:24 PM 1538 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk ()
2/5/2004 4:43:38 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
Checking files in %ALLUSERSPROFILE%\Application Data folder...
2/4/2004 8:40:18 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
Checking files in %USERPROFILE%\Startup folder...
2/5/2004 4:43:38 AM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini ()
Checking files in %USERPROFILE%\Application Data folder...
2/4/2004 8:40:18 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini ()
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
>>> Internet Explorer Settings <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page -
http://www.microsoft...p...ER}&ar=home \\Search Page -
http://www.microsoft...amp;ar=iesearch \\Default_Page_URL -
http://www.emachines.com \\Default_Search_URL -
http://www.microsoft...amp;ar=iesearch \\Local Page - %SystemRoot%\system32\blank.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page -
http://www.emachines.com/ \\Search Bar -
http://www.google.com/ie \\Search Page -
http://www.microsoft...amp;ar=iesearch \\Local Page - C:\WINDOWS\System32\blank.htm
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch -
http://ie.search.msn...st/srchcust.htm \\SearchAssistant -
http://ie.search.msn...st/srchasst.htm[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
\{4A368E80-174F-4872-96B5-0B27DDD11DB2} - SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll ()
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{4B30061A-5B39-11D3-80F8-0090276F843F} - 8192 =
\\NEXTID - 8196
\\{6224f700-cba3-4071-b251-47cb894244cd} - 8193 = ICQ
\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} - 8194 =
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8195 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - ButtonText: ieSpell = res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - MenuText: ieSpell Options = ()
\{6224f700-cba3-4071-b251-47cb894244cd} - ButtonText: ICQ = C:\Program Files\ICQ\ICQ.exe ()
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - MenuText: = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{F802F260-519B-11D1-BB5D-0060974C6013} - ICQ Shell Extension = C:\Program Files\ICQ\ICQShExt.dll ()
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{5E44E225-A408-11CF-B581-008029601108} - Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll (Roxio)
\\{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC} - My Media = C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll (Roxio, Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{BDA77241-42F6-11d0-85E2-00AA001FE28C} - LDVP Shell Extensions = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\\{81559C35-8464-49F7-BB0E-07A383BEF910} - = C:\Program Files\SpywareGuard\spywareguard.dll ()
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = ()
\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll (Nero AG)
\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll (Nero AG)
\\{D120D80B-BD26-4A74-8E43-2C2AF0966139} - QuickPar ContextMenu extension = C:\Program Files\QuickPar\QuickParShlExt.dll (Peter B Clements)
\\{880E1C60-DBEB-11D3-A4C4-A58C7193AA36} - Privacy Suite Context Menu Shell Extension = C:\PROGRA~1\CYBERS~1\cybshell.dll (CyberScrub LLC)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\Privacy_Suite - {880E1C60-DBEB-11D3-A4C4-A58C7193AA36} = C:\PROGRA~1\CYBERS~1\cybshell.dll (CyberScrub LLC)
\Quick Par - {D120D80B-BD26-4A74-8E43-2C2AF0966139} = C:\Program Files\QuickPar\QuickParShlExt.dll (Peter B Clements)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)
[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation)
\Privacy_Suite - {880E1C60-DBEB-11D3-A4C4-A58C7193AA36} = C:\PROGRA~1\CYBERS~1\cybshell.dll (CyberScrub LLC)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)
>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll (Nero AG)
>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll ()
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
nForce Tray Options - C:\WINDOWS\SYSTEM32\sstray.exe (NVIDIA Corporation)
CHotkey - C:\WINDOWS\zHotkey.exe (Chicony)
Sunkist2k - c:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
RoxioEngineUtility - C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
RoxioDragToDisc - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
RoxioAudioCentral - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
SafetyNet - C:\Program Files\NetVeda\Safety.Net\ipcTray.exe (NetVeda LLC)
SafetyNet_Notifier - C:\Program Files\NetVeda\Safety.Net\ipcLn.exe (NetVeda)
ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
vptray - C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
AnyDVD - C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
TrueImageMonitor.exe - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
AcronisTimounterMonitor - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
Acronis Scheduler2 Service - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
NeroFilterCheck - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
!ewido - C:\Program Files\ewido anti-spyware 4.0\ewido.exe (Anti-Malware Development a.s.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
NeroHomeFirstStart - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk - C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini ()
>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[All Users Startup Folder Disabled Items]
[Current User Startup Folder Disabled Items]
>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -
>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d
>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{81559C35-8464-49F7-BB0E-07A383BEF910} - SpywareGuard.Handler = C:\Program Files\SpywareGuard\spywareguard.dll ()
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\NavLogon - C:\WINDOWS\System32\NavLogon.dll = (Symantec Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
>>> DNS Name Servers <<<
{80E027D1-2C8D-4602-BF1B-68AD67E241E8} - (NVIDIA nForce MCP Networking Controller)
>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()
>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]
>>> Selected AddOn's <<<
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»