Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Error "__"disabled by administrator [RESOLVED]


  • This topic is locked This topic is locked

#1
pandora13

pandora13

    Member

  • Member
  • PipPip
  • 28 posts
Hi, I posted a thread yesterday about my error message that says things like task manager,etc has been disabled, also system restore tab is missing from computer properties. I just did a system recovery a few of weeks ago when i got a dialer. I have followed every step from the list of thing to do under START HERE. My task manager seems to be working but i still am missing the system restore tab. Yesterday i found some advice on how to get these back...it worked but was unable to click anything to turn on system restore. This is my hijack this log. I really appreciate the time everyone takes to help us. Thank you so much in advance.
Logfile of HijackThis v1.99.1
Scan saved at 12:22:11 PM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [WMP Plugin] C:\Program Files\Windows Media Player Plugin\wmplugin.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  • 0

Advertisements


#2
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi pandora13,

Go to Start > Run and copy paste the following lines one by one into the Run box and click OK after pasting each line.

sc stop SharedAccess
sc delete SharedAccess


Running the following program should restore the defaults. Even if doesn't find any infections let it run till the end.

Download SDFix and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

  • 0

#3
pandora13

pandora13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
SDFix: Version 1.26
-------------------

Scan run on:
Sun 09/24/2006

At:
09:49 AM


Microsoft Windows XP [Version 5.1.2600]

Running from: C:\Documents and Settings\Owner\Desktop\SDFix\SDFix

Stage One...

Checking Services...

Name:
-----


Path:
----





Repairing Registry...

Restoring Default Hosts File...

Stage One Complete

Rebooting!

Stage Two...

Registry Cleaning Finished...

Checking For Malware Files:
--------------------------


Backing Up and Removing any Files Found...

Final Check:

Remaining Services:
------------------

Remaining Files:
--------------



*Any removed Files are saved in the SDFix\backups Folder*

*FINISHED*
  • 0

#4
pandora13

pandora13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Sorry, forgot to add that my system restore tab is still missing and cant access firewall settings, not sure what else yet

Thank you
  • 0

#5
pandora13

pandora13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
sorry, what a dummy....forgot the hijackthis report

Logfile of HijackThis v1.99.1
Scan saved at 10:49:51 AM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [WMP Plugin] C:\Program Files\Windows Media Player Plugin\wmplugin.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = ?
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  • 0

#6
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Ok, let's take a look at the registry.

Download WinPFind2.zip and unzip it to your Desktop. It will create a folder named WinPFind2. Do NOT run the program directly from the zip file.
  • Open the folder and double-click on winpfind2.exe to start the program.
  • Click on the Services tab.
  • From the two drop down boxes next to Filter list:, on the left one choose List all type of services and on the right one choose List all services.
  • Click on the Configuration tab.
  • Keep the standard settings and then in the AddOn-Options box click the checkboxes for
    • HKCU_IEDesktop.def
    • Policies.def
    • SID_Run_Policies.def
    • Security.def
    • SystemRestore.def
    to select them.
  • Under File Options click Select All
  • Under Other Options put a check to both Show All boxes
  • Please maximize the window in order to be able to view the Status Bar where you can see the progress of the scan.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it and then please post that report into this topic. After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.

  • 0

#7
pandora13

pandora13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Well, here it is. And thank you by the way for responding so fast....that's awesome :whistling:

Logfile created on: 09/25/2006 08:49
WinPFind2 by OldTimer - Version 1.0.10 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< All Processes >
\systemroot\system32\smss.exe - (Microsoft Corporation )
\??\c:\windows\system32\csrss.exe - (Microsoft Corporation )
\??\c:\windows\system32\winlogon.exe - (Microsoft Corporation )
c:\windows\system32\services.exe - (Microsoft Corporation )
c:\windows\system32\lsass.exe - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] - (Microsoft Corporation )
(DcomLaunch) C:\WINDOWS\system32\rpcss.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
(SharedAccess) - (File not found))
(Wmi) - (File not found))
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] - (Microsoft Corporation )
(RpcSs) C:\WINDOWS\system32\rpcss.dll - (Microsoft Corporation )
(SharedAccess) - (File not found))
(Wmi) - (File not found))
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] - (Microsoft Corporation )
(AppMgmt) C:\WINDOWS\System32\appmgmts.dll - (File not found))
(AudioSrv) C:\WINDOWS\System32\audiosrv.dll - (Microsoft Corporation )
(BITS) C:\WINDOWS\System32\qmgr.dll - (Microsoft Corporation )
(Browser) C:\WINDOWS\System32\browser.dll - (Microsoft Corporation )
(CryptSvc) C:\WINDOWS\System32\cryptsvc.dll - (Microsoft Corporation )
(Dhcp) C:\WINDOWS\System32\dhcpcsvc.dll - (Microsoft Corporation )
(dmserver) C:\WINDOWS\System32\dmserver.dll - (Microsoft Corp. )
(ERSvc) C:\WINDOWS\System32\ersvc.dll - (Microsoft Corporation )
(EventSystem) C:\WINDOWS\System32\es.dll - (Microsoft Corporation )
(FastUserSwitchingCompatibility) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(helpsvc) %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (File not found))
(HidServ) C:\WINDOWS\System32\hidserv.dll - (Microsoft Corporation )
(lanmanserver) C:\WINDOWS\System32\srvsvc.dll - (Microsoft Corporation )
(lanmanworkstation) C:\WINDOWS\System32\wkssvc.dll - (Microsoft Corporation )
(Messenger) C:\WINDOWS\System32\msgsvc.dll - (Microsoft Corporation )
(Netman) C:\WINDOWS\System32\netman.dll - (Microsoft Corporation )
(Nla) C:\WINDOWS\System32\mswsock.dll - (Microsoft Corporation )
(NtmsSvc) C:\WINDOWS\system32\ntmssvc.dll - (Microsoft Corporation )
(RasAuto) C:\WINDOWS\System32\rasauto.dll - (Microsoft Corporation )
(RasMan) C:\WINDOWS\System32\rasmans.dll - (Microsoft Corporation )
(RemoteAccess) C:\WINDOWS\System32\mprdim.dll - (Microsoft Corporation )
(Schedule) C:\WINDOWS\system32\schedsvc.dll - (Microsoft Corporation )
(seclogon) C:\WINDOWS\System32\seclogon.dll - (Microsoft Corporation )
(SENS) C:\WINDOWS\system32\sens.dll - (Microsoft Corporation )
(ShellHWDetection) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(srservice) C:\WINDOWS\System32\srsvc.dll - (Microsoft Corporation )
(TapiSrv) C:\WINDOWS\System32\tapisrv.dll - (Microsoft Corporation )
(Themes) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(TrkWks) C:\WINDOWS\system32\trkwks.dll - (Microsoft Corporation )
(W32Time) C:\WINDOWS\System32\w32time.dll - (Microsoft Corporation )
(winmgmt) C:\WINDOWS\system32\wbem\WMIsvc.dll - (Microsoft Corporation )
(WmdmPmSN) C:\WINDOWS\system32\MsPMSNSv.dll - (Microsoft Corporation )
(wscsvc) C:\WINDOWS\system32\wscsvc.dll - (Microsoft Corporation )
(wuauserv) C:\WINDOWS\System32\wuauserv.dll - (Microsoft Corporation )
(WZCSVC) C:\WINDOWS\System32\wzcsvc.dll - (Microsoft Corporation )
(xmlprov) C:\WINDOWS\System32\xmlprov.dll - (Microsoft Corporation )
(SharedAccess) - (File not found))
(Wmi) - (File not found))
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] - (Microsoft Corporation )
(Dnscache) C:\WINDOWS\System32\dnsrslvr.dll - (Microsoft Corporation )
(SharedAccess) - (File not found))
(Wmi) - (File not found))
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] - (Microsoft Corporation )
(Alerter) C:\WINDOWS\system32\alrsvc.dll - (Microsoft Corporation )
(LmHosts) C:\WINDOWS\System32\lmhsvc.dll - (Microsoft Corporation )
(SSDPSRV) C:\WINDOWS\System32\ssdpsrv.dll - (Microsoft Corporation )
(upnphost) C:\WINDOWS\System32\upnphost.dll - (Microsoft Corporation )
(WebClient) C:\WINDOWS\System32\webclnt.dll - (Microsoft Corporation )
(SharedAccess) - (File not found))
(Wmi) - (File not found))
c:\windows\explorer.exe - (Microsoft Corporation )
c:\windows\system32\spoolsv.exe - (Microsoft Corporation )
c:\program files\ewido anti-spyware 4.0\guard.exe - (Anti-Malware Development a.s. )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] - (Microsoft Corporation )
(stisvc) C:\WINDOWS\system32\wiaservc.dll - (Microsoft Corporation )
(SharedAccess) - (File not found))
(Wmi) - (File not found))
c:\windows\system32\wdfmgr.exe - (Microsoft Corporation )
c:\windows\system32\wscntfy.exe - (Microsoft Corporation )
c:\program files\java\jre1.5.0_08\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\windows\system\hpsysdrv.exe - (Hewlett-Packard Company )
c:\windows\system32\hkcmd.exe - (Intel Corporation )
c:\hp\kbd\kbd.exe - (Hewlett-Packard Company )
c:\windows\agrsmmsg.exe - (Agere Systems )
c:\program files\hp\hp software update\hpwuschd.exe - (Hewlett-Packard )
c:\program files\hp\hpcoretech\hpcmpmgr.exe - (Hewlett-Packard Company )
c:\progra~1\teluse~1\smartb~1\motivesb.exe - (TELUS )
c:\windows\alcxmntr.exe - (Realtek Semiconductor Corp. )
c:\windows\system32\igfxtray.exe - (Intel Corporation )
c:\program files\quicktime\qttask.exe - (Apple Computer, Inc. )
c:\program files\ewido anti-spyware 4.0\ewido.exe - (Anti-Malware Development a.s. )
c:\program files\trojanhunter 4.6\thguard.exe - (Mischel Internet Security )
c:\program files\google\googletoolbarnotifier\1.0.720.3640\googletoolbarnotifier.exe - (Google Inc. )
c:\program files\compaq connections\1940576\program\backweb-1940576.exe - ( )
c:\windows\system32\hpzipm12.exe - (HP )
c:\documents and settings\owner\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://ie.redirect.h...a...&pf=desktop
HKLM->Main\\Search Bar - http://ie.redirect.h...a...&pf=desktop
HKLM->Main\\Search Page - http://ie.redirect.h...a...&pf=desktop
HKLM->Main\\Default_Page_URL - http://ie.redirect.h...a...&pf=desktop
HKLM->Main\\Default_Search_URL - http://ie.redirect.h...a...&pf=desktop
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page - http://www.yahoo.ca/
HKCU->Main\\Search Bar - http://www.google.com/ie
HKCU->Main\\Search Page - http://www.google.com
HKCU->Main\\Default_Page_URL - http://ie.redirect.h...a...&pf=desktop
HKCU->Main\\Default_Search_URL - http://ie.redirect.h...a...&pf=desktop
HKCU->Main\\Local Page - C:\WINDOWS\system32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm
HKLM->Search\\SearchAssistant - http://www.google.com/ie
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKCU->URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride - 127.0.0.1;localhost

[>> BHO's <<]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. )
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited )
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc. )
{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc. )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll (Yahoo! Inc. )
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{32683183-48a0-441b-a342-7c2a440a9478} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll (Yahoo! Inc. )

[HKLM-> Internet Explorer ToolBars]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc. )
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc. )
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc. )
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. )

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 - Sun Java Console
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - 8193 - Yahoo! Messenger
{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8194 - Reg Data missing or invalid
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8195 - Windows Messenger
NextId - 8196

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll (Sun Microsystems, Inc. )
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc. )
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - ButtonText: Messenger = Reg Data missing or invalid (File not found))
{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research = Reg Data missing or invalid (File not found))
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )

[HKCU-> Internet Explorer Menu Extensions]
E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found))
{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = Reg Data missing or invalid (File not found))
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found))
{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc. )
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found))
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found))
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} - SampleView = C:\WINDOWS\System32\ShellvRTF.dll (XSS )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found))
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc. )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} - TrojanHunter Menu Shell Extension = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealOne Player\rpshellext.dll (RealNetworks )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
* - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
* - Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc. )
Directory - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
Directory - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Directory\Background - igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation )
Folder - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\System32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\AGRSMMSG - AGRSMMSG.exe (Agere Systems )
HKLM->Run\\AlcxMonitor - ALCXMNTR.EXE (Realtek Semiconductor Corp. )
HKLM->Run\\HotKeysCmds - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation )
HKLM->Run\\HP Component Manager - "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company )
HKLM->Run\\HP Software Update - "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" (Hewlett-Packard )
HKLM->Run\\hpsysdrv - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company )
HKLM->Run\\IgfxTray - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation )
HKLM->Run\\KBD - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company )
HKLM->Run\\Motive SmartBridge - C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe (TELUS )
HKLM->Run\\PS2 - C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ( )
HKLM->Run\\REGSHAVE - C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD. )
HKLM->Run\\SunJavaUpdateSched - "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" (Sun Microsystems, Inc. )
HKLM->Run\\THGuard - "C:\Program Files\TrojanHunter 4.6\THGuard.exe" (Mischel Internet Security )
HKLM->Run\\TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot (RealNetworks, Inc. )
HKLM->Run\\VTTimer - VTTimer.exe (File not found))
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\MoneyAgent - "C:\Program Files\Microsoft Money\System\mnyexpr.exe" (File not found))
HKCU->Run\\MSMSGS - "C:\Program Files\Messenger\MSMSGS.EXE" /background (Microsoft Corporation )
HKCU->Run\\RealPlayer - "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot (RealNetworks, Inc. )
HKCU->Run\\swg - C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (Google Inc. )
HKCU->Run\\WMP Plugin - C:\Program Files\Windows Media Player Plugin\wmplugin.exe (Created by Yuri )
HKCU->Run\\Yahoo! Pager - "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc. )

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]
AppInit_DLL - (File not found))

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s. )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;

[PendingFileRenameOperations]

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]

[>> User Agent Post Platform <<]
SV1 -

[>> Winlogon <<]
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found))
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\igfxcui - igfxsrvc.dll (Intel Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{CAEDE487-F354-4B7B-811C-0BD8095913E8} - (Realtek RTL8139/810x Family Fast Ethernet NIC)
{ECDF52E4-7185-4052-BFB5-696DA0C5CE4E} - (1394 Net Adapter)

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
cetihpz - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company )
ipp - (File not found))
msdaipp - (File not found))

[>> Protocol Filters (Non-Microsoft only) <<]

< All Services >
Abiosdsk (Abiosdsk) - (File not found)) [Disabled - Stopped - Kernel driver]
abp480n5 (abp480n5) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft ACPI Driver (ACPI) - \SystemRoot\System32\DRIVERS\ACPI.sys (Microsoft Corporation ) [ - Running - Kernel driver]
ACPIEC (ACPIEC) - (File not found)) [Disabled - Stopped - Kernel driver]
adpu160m (adpu160m) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft Kernel Acoustic Echo Canceller (aec) - system32\drivers\aec.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
AFD Networking Support Environment (AFD) - \SystemRoot\System32\drivers\afd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
AFS2k (AFS2K) - (File not found)) [ - Running - Kernel driver]
Agere Systems Soft Modem (AgereSoftModem) - System32\DRIVERS\AGRSM.sys (Agere Systems ) [On Demand - Running - Kernel driver]
Aha154x (Aha154x) - (File not found)) [Disabled - Stopped - Kernel driver]
aic78u2 (aic78u2) - (File not found)) [Disabled - Stopped - Kernel driver]
aic78xx (aic78xx) - (File not found)) [Disabled - Stopped - Kernel driver]
Service for WDM 3D Audio Driver (ALCXSENS) - system32\drivers\ALCXSENS.SYS (Sensaura Ltd ) [On Demand - Stopped - Kernel driver]
Service for Realtek AC97 Audio (WDM) (ALCXWDM) - system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp. ) [On Demand - Running - Kernel driver]
Alerter (Alerter) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Application Layer Gateway Service (ALG) - C:\WINDOWS\System32\alg.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
AliIde (AliIde) - (File not found)) [Disabled - Stopped - Kernel driver]
amsint (amsint) - (File not found)) [Disabled - Stopped - Kernel driver]
Application Management (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
1394 ARP Client Protocol (Arp1394) - System32\DRIVERS\arp1394.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
asc (asc) - (File not found)) [Disabled - Stopped - Kernel driver]
asc3350p (asc3350p) - (File not found)) [Disabled - Stopped - Kernel driver]
asc3550 (asc3550) - (File not found)) [Disabled - Stopped - Kernel driver]
ASP.NET State Service (aspnet_state) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
RAS Asynchronous Media Driver (AsyncMac) - System32\DRIVERS\asyncmac.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Standard IDE/ESDI Hard Disk Controller (atapi) - \SystemRoot\System32\DRIVERS\atapi.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Atdisk (Atdisk) - (File not found)) [Disabled - Stopped - Kernel driver]
ATM ARP Client Protocol (Atmarpc) - System32\DRIVERS\atmarpc.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Audio Stub Driver (audstub) - System32\DRIVERS\audstub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Beep (Beep) - (File not found)) [ - Running - Kernel driver]
Background Intelligent Transfer Service (BITS) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Computer Browser (Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Stopped - Win32, running in a shared process]
cbidf2k (cbidf2k) - (File not found)) [Disabled - Stopped - Kernel driver]
cd20xrnt (cd20xrnt) - (File not found)) [Disabled - Stopped - Kernel driver]
Cdaudio (Cdaudio) - (File not found)) [ - Stopped - Kernel driver]
Cdfs (Cdfs) - (File not found)) [Disabled - Running - Filesystem driver]
CD-ROM Driver (Cdrom) - System32\DRIVERS\cdrom.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Changer (Changer) - (File not found)) [ - Stopped - Kernel driver]
Indexing Service (CiSvc) - C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in it's own process]
.NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
CmdIde (CmdIde) - (File not found)) [Disabled - Stopped - Kernel driver]
COM+ System Application (COMSysApp) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Cpqarray (Cpqarray) - (File not found)) [Disabled - Stopped - Kernel driver]
Cryptographic Services (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
dac960nt (dac960nt) - (File not found)) [Disabled - Stopped - Kernel driver]
DCOM Server Process Launcher (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
DHCP Client (Dhcp) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Disk Driver (Disk) - \SystemRoot\System32\DRIVERS\disk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Logical Disk Manager Administrative Service (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com (Microsoft Corp., Veritas Software ) [On Demand - Stopped - Win32, running in a shared process]
dmboot (dmboot) - System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software ) [Disabled - Stopped - Kernel driver]
dmio (dmio) - System32\drivers\dmio.sys (Microsoft Corp., Veritas Software ) [Disabled - Stopped - Kernel driver]
dmload (dmload) - System32\drivers\dmload.sys (Microsoft Corp., Veritas Software. ) [Disabled - Stopped - Kernel driver]
Logical Disk Manager (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Microsoft Kernel DLS Syntheiszer (DMusic) - system32\drivers\DMusic.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
DNS Client (Dnscache) - C:\WINDOWS\System32\svchost.exe -k NetworkService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
dpti2o (dpti2o) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft Kernel DRM Audio Descrambler (drmkaud) - system32\drivers\drmkaud.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Error Reporting Service (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Event Log (Eventlog) - C:\WINDOWS\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
COM+ Event System (EventSystem) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
ewido anti-spyware 4.0 driver (ewido anti-spyware 4.0 driver) - \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ( ) [ - Running - Kernel driver]
ewido anti-spyware 4.0 guard (ewido anti-spyware 4.0 guard) - C:\Program Files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
Fastfat (Fastfat) - (File not found)) [Disabled - Running - Filesystem driver]
fasttx2k (fasttx2k) - \SystemRoot\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc. ) [ - Running - Kernel driver]
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Fax (Fax) - C:\WINDOWS\system32\fxssvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Floppy Disk Controller Driver (Fdc) - System32\DRIVERS\fdc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Fips (Fips) - (File not found)) [ - Running - Kernel driver]
Floppy Disk Driver (Flpydisk) - System32\DRIVERS\flpydisk.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
FltMgr (FltMgr) - \SystemRoot\system32\drivers\fltmgr.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Volume Manager Driver (Ftdisk) - \SystemRoot\System32\DRIVERS\ftdisk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Generic Packet Classifier (Gpc) - System32\DRIVERS\msgpc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Help and Support (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
HID Input Service (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Microsoft HID Class Driver (HidUsb) - system32\DRIVERS\hidusb.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
hpn (hpn) - (File not found)) [Disabled - Stopped - Kernel driver]
IEEE-1284.4 Driver HPZid412 (HPZid412) - System32\DRIVERS\HPZid412.sys (HP ) [On Demand - Running - Kernel driver]
Print Class Driver for IEEE-1284.4 HPZipr12 (HPZipr12) - System32\DRIVERS\HPZipr12.sys (HP ) [On Demand - Running - Kernel driver]
USB to IEEE-1284.4 Translation Driver HPZius12 (HPZius12) - System32\DRIVERS\HPZius12.sys (HP ) [On Demand - Running - Kernel driver]
HTTP (HTTP) - System32\Drivers\HTTP.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
i2omgmt (i2omgmt) - (File not found)) [ - Stopped - Kernel driver]
i2omp (i2omp) - (File not found)) [Disabled - Stopped - Kernel driver]
i8042 Keyboard and PS/2 Mouse Port Driver (i8042prt) - System32\DRIVERS\i8042prt.sys (Microsoft Corporation ) [ - Running - Kernel driver]
ialm (ialm) - System32\DRIVERS\ialmnt5.sys (Intel Corporation ) [On Demand - Running - Kernel driver]
InstallDriver Table Manager (IDriverT) - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (Macrovision Corporation ) [On Demand - Stopped - Win32, running in it's own process]
CD-Burning Filter Driver (Imapi) - System32\DRIVERS\imapi.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IMAPI CD-Burning COM Service (ImapiService) - C:\WINDOWS\System32\imapi.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
ini910u (ini910u) - (File not found)) [Disabled - Stopped - Kernel driver]
IntelIde (IntelIde) - \SystemRoot\System32\DRIVERS\intelide.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Intel Processor Driver (intelppm) - System32\DRIVERS\intelppm.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IPv6 Windows Firewall Driver (ip6fw) - system32\drivers\ip6fw.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP Traffic Filter Driver (IpFilterDriver) - System32\DRIVERS\ipfltdrv.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP in IP Tunnel Driver (IpInIp) - System32\DRIVERS\ipinip.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP Network Address Translator (IpNat) - System32\DRIVERS\ipnat.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
IPSEC driver (IPSec) - System32\DRIVERS\ipsec.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IR Enumerator Service (IRENUM) - System32\DRIVERS\irenum.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
PnP ISA/EISA Bus Driver (isapnp) - \SystemRoot\System32\DRIVERS\isapnp.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Keyboard Class Driver (Kbdclass) - System32\DRIVERS\kbdclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Keyboard HID Driver (kbdhid) - system32\DRIVERS\kbdhid.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Microsoft Kernel Wave Audio Mixer (kmixer) - system32\drivers\kmixer.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
KSecDD (KSecDD) - (File not found)) [ - Running - Kernel driver]
Server (lanmanserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Workstation (lanmanworkstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
lbrtfdc (lbrtfdc) - (File not found)) [ - Stopped - Kernel driver]
TCP/IP NetBIOS Helper (LmHosts) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Messenger (Messenger) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
mnmdd (mnmdd) - (File not found)) [ - Running - Kernel driver]
NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\System32\mnmsrvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Modem (Modem) - (File not found)) [On Demand - Running - Kernel driver]
Mouse Class Driver (Mouclass) - System32\DRIVERS\mouclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Mount Point Manager (MountMgr) - (File not found)) [ - Running - Kernel driver]
mraid35x (mraid35x) - (File not found)) [Disabled - Stopped - Kernel driver]
WebDav Client Redirector (MRxDAV) - System32\DRIVERS\mrxdav.sys (Microsoft Corporation ) [On Demand - Running - Filesystem driver]
MRXSMB (MRxSmb) - System32\DRIVERS\mrxsmb.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\System32\msdtc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Msfs (Msfs) - (File not found)) [ - Running - Filesystem driver]
Windows Installer (MSIServer) - C:\WINDOWS\System32\msiexec.exe /V (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Microsoft Streaming Service Proxy (MSKSSRV) - system32\drivers\MSKSSRV.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Clock Proxy (MSPCLOCK) - system32\drivers\MSPCLOCK.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Quality Manager Proxy (MSPQM) - system32\drivers\MSPQM.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft System Management BIOS Driver (mssmbios) - System32\DRIVERS\mssmbios.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Mup (Mup) - (File not found)) [ - Running - Filesystem driver]
NDIS System Driver (NDIS) - (File not found)) [ - Running - Kernel driver]
Remote Access NDIS TAPI Driver (NdisTapi) - System32\DRIVERS\ndistapi.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
NDIS Usermode I/O Protocol (Ndisuio) - System32\DRIVERS\ndisuio.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Remote Access NDIS WAN Driver (NdisWan) - System32\DRIVERS\ndiswan.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
NDIS Proxy (NDProxy) - (File not found)) [On Demand - Running - Kernel driver]
NetBIOS Interface (NetBIOS) - System32\DRIVERS\netbios.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
NetBT (NetBT) - System32\DRIVERS\netbt.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Network DDE (NetDDE) - C:\WINDOWS\system32\netdde.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Network DDE DSDM (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Net Logon (Netlogon) - C:\WINDOWS\System32\lsass.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Network Connections (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
1394 Net Driver (NIC1394) - System32\DRIVERS\nic1394.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Network Location Awareness (NLA) (Nla) - \SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs (File not found)) [ - Running - Win32, running in a shared process]
Npfs (Npfs) - (File not found)) [ - Running - Filesystem driver]
Ntfs (Ntfs) - (File not found)) [Disabled - Running - Filesystem driver]
NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\System32\lsass.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Removable Storage (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Null (Null) - (File not found)) [ - Running - Kernel driver]
IPX Traffic Filter Driver (NwlnkFlt) - System32\DRIVERS\nwlnkflt.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IPX Traffic Forwarder Driver (NwlnkFwd) - System32\DRIVERS\nwlnkfwd.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
VIA OHCI Compliant IEEE 1394 Host Controller (ohci1394) - \SystemRoot\System32\DRIVERS\ohci1394.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Office Source Engine (ose) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Parallel port driver (Parport) - System32\DRIVERS\parport.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Partition Manager (PartMgr) - (File not found)) [ - Running - Kernel driver]
ParVdm (ParVdm) - (File not found)) [Automatic - Running - Kernel driver]
PCI Bus Driver (PCI) - \SystemRoot\System32\DRIVERS\pci.sys (Microsoft Corporation ) [ - Running - Kernel driver]
PCIDump (PCIDump) - (File not found)) [ - Stopped - Kernel driver]
PCIIde (PCIIde) - \SystemRoot\System32\DRIVERS\pciide.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Pcmcia (Pcmcia) - (File not found)) [Disabled - Stopped - Kernel driver]
Low level access layer for CD devices (Pcouffin) - System32\Drivers\Pcouffin.sys (VSO Software ) [On Demand - Running - Kernel driver]
PDCOMP (PDCOMP) - (File not found)) [On Demand - Stopped - Kernel driver]
PDFRAME (PDFRAME) - (File not found)) [On Demand - Stopped - Kernel driver]
PDRELI (PDRELI) - (File not found)) [On Demand - Stopped - Kernel driver]
PDRFRAME (PDRFRAME) - (File not found)) [On Demand - Stopped - Kernel driver]
perc2 (perc2) - (File not found)) [Disabled - Stopped - Kernel driver]
perc2hib (perc2hib) - (File not found)) [Disabled - Stopped - Kernel driver]
Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Pml Driver HPZ12 (Pml Driver HPZ12) - C:\WINDOWS\System32\HPZipm12.exe (HP ) [On Demand - Running - Win32, running in it's own process]
IPSEC Services (PolicyAgent) - C:\WINDOWS\System32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
WAN Miniport (PPTP) (PptpMiniport) - System32\DRIVERS\raspptp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Processor Driver (Processor) - System32\DRIVERS\processr.sys (Microsoft Corporation ) [ - Stopped - Kernel driver]
Protected Storage (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
PS2 (Ps2) - System32\DRIVERS\PS2.sys (Hewlett-Packard Company ) [On Demand - Stopped - Kernel driver]
QoS Packet Scheduler (PSched) - System32\DRIVERS\psched.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Direct Parallel Link Driver (Ptilink) - System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc. ) [On Demand - Running - Kernel driver]
PxHelp20 (PxHelp20) - \SystemRoot\System32\DRIVERS\PxHelp20.sys (Sonic Solutions ) [ - Running - Kernel driver]
ql1080 (ql1080) - (File not found)) [Disabled - Stopped - Kernel driver]
Ql10wnt (Ql10wnt) - (File not found)) [Disabled - Stopped - Kernel driver]
ql12160 (ql12160) - (File not found)) [Disabled - Stopped - Kernel driver]
ql1240 (ql1240) - (File not found)) [Disabled - Stopped - Kernel driver]
ql1280 (ql1280) - (File not found)) [Disabled - Stopped - Kernel driver]
Remote Access Auto Connection Driver (RasAcd) - System32\DRIVERS\rasacd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Remote Access Auto Connection Manager (RasAuto) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
WAN Miniport (L2TP) (Rasl2tp) - System32\DRIVERS\rasl2tp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Remote Access Connection Manager (RasMan) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Remote Access PPPOE Driver (RasPppoe) - System32\DRIVERS\raspppoe.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Direct Parallel (Raspti) - System32\DRIVERS\raspti.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Rdbss (Rdbss) - System32\DRIVERS\rdbss.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
RDPCDD (RDPCDD) - System32\DRIVERS\RDPCDD.sys (Microsoft Corporation ) [ - Running - Kernel driver]
RDPWD (RDPWD) - (File not found)) [On Demand - Stopped - Kernel driver]
Remote Desktop Help Session Manager (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Digital CD Audio Playback Filter Driver (redbook) - System32\DRIVERS\redbook.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Routing and Remote Access (RemoteAccess) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Remote Procedure Call (RPC) Locator (RpcLocator) - C:\WINDOWS\System32\locator.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Remote Procedure Call (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
QoS RSVP (RSVP) - C:\WINDOWS\System32\rsvp.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver (rtl8139) - System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation ) [On Demand - Running - Kernel driver]
Security Accounts Manager (SamSs) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Smart Card (SCardSvr) - C:\WINDOWS\System32\SCardSvr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Task Scheduler (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Secdrv (Secdrv) - System32\DRIVERS\secdrv.sys ( ) [On Demand - Stopped - Kernel driver]
Secondary Logon (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
System Event Notification (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Serenum Filter Driver (serenum) - System32\DRIVERS\serenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Serial port driver (Serial) - System32\DRIVERS\serial.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Sfloppy (Sfloppy) - (File not found)) [ - Stopped - Kernel driver]
Shell Hardware Detection (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Simbad (Simbad) - (File not found)) [Disabled - Stopped - Kernel driver]
SiS315 (SiS315) - System32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation ) [On Demand - Stopped - Kernel driver]
SiS AGP Filter (SISAGP) - \SystemRoot\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation ) [ - Running - Kernel driver]
SiSkp (SiSkp) - System32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation ) [ - Running - Kernel driver]
Sparrow (Sparrow) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft Kernel Audio Splitter (splitter) - system32\drivers\splitter.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
System Restore Filter Driver (sr) - \SystemRoot\System32\DRIVERS\sr.sys (Microsoft Corporation ) [Disabled - Stopped - Filesystem driver]
System Restore Service (srservice) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Stopped - Win32, running in a shared process]
Srv (Srv) - System32\DRIVERS\srv.sys (Microsoft Corporation ) [On Demand - Running - Filesystem driver]
SSDP Discovery Service (SSDPSRV) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\System32\svchost.exe -k imgsvc (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Software Bus Driver (swenum) - System32\DRIVERS\swenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft Kernel GS Wavetable Synthesizer (swmidi) - system32\drivers\swmidi.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\System32\dllhost.exe /Processid:{7D0947CE-D99C-4491-920A-D45CCE12CDA0} (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
symc810 (symc810) - (File not found)) [Disabled - Stopped - Kernel driver]
symc8xx (symc8xx) - (File not found)) [Disabled - Stopped - Kernel driver]
sym_hi (sym_hi) - (File not found)) [Disabled - Stopped - Kernel driver]
sym_u3 (sym_u3) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft Kernel System Audio Device (sysaudio) - system32\drivers\sysaudio.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Performance Logs and Alerts (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Telephony (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
TCP/IP Protocol Driver (Tcpip) - System32\DRIVERS\tcpip.sys (Microsoft Corporation ) [ - Running - Kernel driver]
TDPIPE (TDPIPE) - (File not found)) [On Demand - Stopped - Kernel driver]
TDTCP (TDTCP) - (File not found)) [On Demand - Stopped - Kernel driver]
Terminal Device Driver (TermDD) - System32\DRIVERS\termdd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Terminal Services (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Themes (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
TosIde (TosIde) - (File not found)) [Disabled - Stopped - Kernel driver]
Distributed Link Tracking Client (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Udfs (Udfs) - (File not found)) [Disabled - Stopped - Filesystem driver]
ultra (ultra) - (File not found)) [Disabled - Stopped - Kernel driver]
Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
Microcode Update Driver (Update) - System32\DRIVERS\update.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Universal Plug and Play Device Host (upnphost) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Uninterruptible Power Supply (UPS) - C:\WINDOWS\System32\ups.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Microsoft USB Generic Parent Driver (usbccgp) - System32\DRIVERS\usbccgp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver (usbehci) - System32\DRIVERS\usbehci.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
USB2 Enabled Hub (usbhub) - System32\DRIVERS\usbhub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft USB Open Host Controller Miniport Driver (usbohci) - System32\DRIVERS\usbohci.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft USB PRINTER Class (usbprint) - System32\DRIVERS\usbprint.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
USB Scanner Driver (usbscan) - System32\DRIVERS\usbscan.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
USB Mass Storage Driver (USBSTOR) - System32\DRIVERS\USBSTOR.SYS (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft USB Universal Host Controller Miniport Driver (usbuhci) - System32\DRIVERS\usbuhci.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
VGA Display Controller. (VgaSave) - \SystemRoot\System32\drivers\vga.sys (Microsoft Corporation ) [ - Running - Kernel driver]
VIA AGP Filter (viaagp1) - \SystemRoot\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc. ) [ - Running - Kernel driver]
viagfx (viagfx) - System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics, Inc. ) [On Demand - Stopped - Kernel driver]
ViaIde
  • 0

#8
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts

After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.


The above is from my previous instructions. The log did get cut off. Please post the rest, make as many posts as necessary, until you see <End of Report> at the end posted.
  • 0

#9
pandora13

pandora13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
ViaIde (ViaIde) - \SystemRoot\System32\DRIVERS\viaide.sys (Microsoft Corporation ) [ - Running - Kernel driver]
VolSnap (VolSnap) - (File not found)) [ - Running - Kernel driver]
Volume Shadow Copy (VSS) - C:\WINDOWS\System32\vssvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Windows Time (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Remote Access IP ARP Driver (Wanarp) - System32\DRIVERS\wanarp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
WDICA (WDICA) - (File not found)) [On Demand - Stopped - Kernel driver]
Microsoft WINMM WDM Audio Compatibility Driver (wdmaud) - system32\drivers\wdmaud.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
WebClient (WebClient) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Windows Management Instrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Portable Media Serial Number Service (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
WMI Performance Adapter (WmiApSrv) - C:\WINDOWS\System32\wbem\wmiapsrv.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Security Center (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Automatic Updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Wireless Zero Configuration (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Network Provisioning Service (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]

< Files >

%SystemDrive%

%ProgramFilesDir%

%WinDir%

%System%
C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL - WSUD (Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Date = 09/20/2004 15:20 | Attr = ])
C:\WINDOWS\SYSTEM32\dfrg.msc - PEC2 ( [Ver = | Size = 41397 bytes | Date = 02/12/2004 19:05 | Attr = ])
C:\WINDOWS\SYSTEM32\LegitCheckControl.dll - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 571184 bytes | Date = 06/19/2006 16:19 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - PECompact2 (Microsoft Corporation [Ver = 1.20.1625.0 | Size = 8960936 bytes | Date = 09/11/2006 10:37 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.20.1625.0 | Size = 8960936 bytes | Date = 09/11/2006 10:37 | Attr = ])
C:\WINDOWS\SYSTEM32\ntdll.dll - aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\rasdlg.dll - Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 02/11/2004 22:24 | Attr = ])
C:\WINDOWS\SYSTEM32\WgaTray.exe - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 06/19/2006 16:19 | Attr = ])

%System%\Drivers folder and sub-folders
C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys - PTech (Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Date = 08/03/2004 22:41 | Attr = ])

%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\bootstat.dat - ( [Ver = | Size = 2048 bytes | Date = 09/24/2006 09:51 | Attr = S])
C:\WINDOWS\assembly\PublisherPolicy.tme - ( [Ver = | Size = 0 bytes | Date = 09/18/2006 09:54 | Attr = RH ])
C:\WINDOWS\assembly\pubpol1.dat - ( [Ver = | Size = 0 bytes | Date = 09/18/2006 09:54 | Attr = RH ])
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat - ( [Ver = | Size = 0 bytes | Date = 09/18/2006 09:59 | Attr = RH ])
C:\WINDOWS\inf\oem24.inf - ( [Ver = | Size = 0 bytes | Date = 08/31/2006 16:39 | Attr = H ])
C:\WINDOWS\inf\oem25.inf - ( [Ver = | Size = 0 bytes | Date = 08/31/2006 16:41 | Attr = H ])
C:\WINDOWS\inf\oem30.inf - ( [Ver = | Size = 0 bytes | Date = 09/01/2006 13:03 | Attr = H ])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_10.cab - ( [Ver = | Size = 26173 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_11.cab - ( [Ver = | Size = 25959 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_12.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_13.cab - ( [Ver = | Size = 25566 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_14.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_15.cab - ( [Ver = | Size = 25530 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_16.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_17.cab - ( [Ver = | Size = 26317 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_18.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_19.cab - ( [Ver = | Size = 26387 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_20.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_21.cab - ( [Ver = | Size = 26657 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_22.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_23.cab - ( [Ver = | Size = 26652 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_24.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_25.cab - ( [Ver = | Size = 26255 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_26.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_27.cab - ( [Ver = | Size = 26108 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_28.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_29.cab - ( [Ver = | Size = 26449 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_30.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_31.cab - ( [Ver = | Size = 25853 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_32.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_33.cab - ( [Ver = | Size = 26290 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_34.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_35.cab - ( [Ver = | Size = 26383 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_36.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_37.cab - ( [Ver = | Size = 26291 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_38.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_39.cab - ( [Ver = | Size = 25896 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_40.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_41.cab - ( [Ver = | Size = 26494 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_42.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_43.cab - ( [Ver = | Size = 26229 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_44.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_45.cab - ( [Ver = | Size = 26467 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_46.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_47.cab - ( [Ver = | Size = 26283 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_48.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_49.cab - ( [Ver = | Size = 26320 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_50.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_51.cab - ( [Ver = | Size = 26284 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_52.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_53.cab - ( [Ver = | Size = 26290 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_54.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_55.cab - ( [Ver = | Size = 26126 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_56.cab - ( [Ver = | Size = 10470 bytes | Date = 09/01/2006 13:02 | Attr = RHS])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_57.cab - ( [Ver = | Size = 286777 bytes | Date = 09/03/2006 11:42 | Attr = RHS])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat - ( [Ver = | Size = 23751 bytes | Date = 07/28/2006 05:16 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat - ( [Ver = | Size = 11749 bytes | Date = 08/21/2006 06:00 | Attr = S])
C:\WINDOWS\system32\config\default.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/24/2006 22:35 | Attr = H ])
C:\WINDOWS\system32\config\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/24/2006 09:51 | Attr = H ])
C:\WINDOWS\system32\config\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/25/2006 03:53 | Attr = H ])
C:\WINDOWS\system32\config\software.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/25/2006 08:41 | Attr = H ])
C:\WINDOWS\system32\config\system.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/24/2006 22:35 | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/13/2006 19:45 | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 - ( [Ver = | Size = 558 bytes | Date = 09/03/2006 11:42 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 - ( [Ver = | Size = 144 bytes | Date = 09/03/2006 11:42 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - ( [Ver = | Size = 262144 bytes | Date = 08/31/2006 16:42 | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - ( [Ver = | Size = 1024 bytes | Date = 08/31/2006 16:42 | Attr = H ])
C:\WINDOWS\system32\drivers\HP_PC129A-ABA SR1110NX NA430_YC_Pres_QCNC424_E43NAheREG3_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.11_T040517_WXH1_L409_M248_J250_7Intel_8Celeron_92.53_111063044_N10EC8139_P_Z11C1048C_K.MRK - ( [Ver = | Size = 3724 bytes | Date = 08/31/2006 15:54 | Attr = RHS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\fd468cbe-bcfc-4d47-bd43-12528da863ef - ( [Ver = | Size = 388 bytes | Date = 09/01/2006 12:51 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred - ( [Ver = | Size = 24 bytes | Date = 09/01/2006 12:51 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\87764b21-cbbe-4541-82f0-2b66953d69ab - ( [Ver = | Size = 388 bytes | Date = 08/31/2006 16:44 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\92d2bc6e-2bf9-453a-bc1f-40cfa387f2bb - ( [Ver = | Size = 388 bytes | Date = 08/31/2006 15:55 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a34a51b5-11d4-4747-aede-752faf214209 - ( [Ver = | Size = 388 bytes | Date = 08/31/2006 16:44 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred - ( [Ver = | Size = 24 bytes | Date = 08/31/2006 15:55 | Attr = HS])
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfmom09.GID - ( [Ver = | Size = 8628 bytes | Date = 09/07/2006 21:07 | Attr = H ])
C:\WINDOWS\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 09/24/2006 09:51 | Attr = H ])
C:\WINDOWS\Temp\History\History.IE5\desktop.ini - ( [Ver = | Size = 113 bytes | Date = 08/31/2006 16:48 | Attr = HS])
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 08/31/2006 16:48 | Attr = HS])
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2N4KV7J1\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 08/31/2006 16:48 | Attr = HS])
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\HDYJZ5I2\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 08/31/2006 16:48 | Attr = HS])
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OL4ZUB2N\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 08/31/2006 16:48 | Attr = HS])
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\V5ZFCNP3\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 08/31/2006 16:48 | Attr = HS])
CPL files -
C:\WINDOWS\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL - (Realtek Semiconductor Corp. [Ver = 2.2.0.34 | Size = 16121856 bytes | Date = 09/20/2004 15:20 | Attr = ])
C:\WINDOWS\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\igfxcpl.cpl - (Intel Corporation [Ver = 3.0.0.3943 | Size = 94208 bytes | Date = 11/02/2004 09:01 | Attr = ])
C:\WINDOWS\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 49265 bytes | Date = 07/26/2006 03:03 | Attr = ])
C:\WINDOWS\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 02/11/2004 21:34 | Attr = ])
C:\WINDOWS\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 02/11/2004 21:52 | Attr = ])
C:\WINDOWS\SYSTEM32\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\QuickTime.cpl - (Apple Computer, Inc. [Ver = 6.5 | Size = 323072 bytes | Date = 12/14/2003 17:20 | Attr = ])
C:\WINDOWS\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 02/11/2004 21:58 | Attr = ])
C:\WINDOWS\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/04/2004 00:56 | Attr = ])
C:\WINDOWS\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 04:16 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 02/11/2004 21:34 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 02/11/2004 21:52 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 02/11/2004 21:58 | Attr = ])
C:\WINDOWS\SYSTEM32\ReinstallBackups\0010\DriverFiles\ALSNDMGR.CPL - (Realtek Semiconductor Corp. [Ver = 2.2.20 | Size = 14224384 bytes | Date = 02/10/2004 01:19 | Attr = ])
C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\igfxcpl.cpl - (Intel Corporation [Ver = 3.0.0.3889 | Size = 94208 bytes | Date = 08/20/2004 15:53 | Attr = ])

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe ( [Ver = | Size = 16384 bytes | Date = 04/02/2004 17:04 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 04/02/2004 01:03 | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Date = 09/16/2003 05:19 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe (Intuit Inc. [Ver = 008.000.000.000 | Size = 57344 bytes | Date = 08/15/2005 05:18 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TELUS eCare.lnk - C:\Program Files\TELUS eCare\bin\matcli.exe (Motive Communications, Inc. [Ver = 5.8.1.asst_classic.asst_matcli.20040316_162000 | Size = 217088 bytes | Date = 03/16/2004 17:49 | Attr = ])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Owner\Start Menu\Programs\Startup
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 04/02/2004 01:03 | Attr = HS])
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk - C:\Program Files\InterMute\IMStart.exe ( [Ver = | Size = 57344 bytes | Date = 04/02/2004 03:02 | Attr = ])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Config.nt: Line 1 - REM Windows MS-DOS Startup File
Config.nt: Line 2 - REM
Config.nt: Line 3 - REM CONFIG.SYS vs CONFIG.NT
Config.nt: Line 4 - REM CONFIG.SYS is not used to initialize the MS-DOS environment.
Config.nt: Line 5 - REM CONFIG.NT is used to initialize the MS-DOS environment unless a
Config.nt: Line 6 - REM different startup file is specified in an application's PIF.
Config.nt: Line 7 - REM
Config.nt: Line 8 - REM ECHOCONFIG
Config.nt: Line 9 - REM By default, no information is displayed when the MS-DOS environment
Config.nt: Line 10 - REM is initialized. To display CONFIG.NT/AUTOEXEC.NT information, add
Config.nt: Line 11 - REM the command echoconfig to CONFIG.NT or other startup file.
Config.nt: Line 12 - REM
Config.nt: Line 13 - REM NTCMDPROMPT
Config.nt: Line 14 - REM When you return to the command prompt from a TSR or while running an
Config.nt: Line 15 - REM MS-DOS-based application, Windows runs COMMAND.COM. This allows the
Config.nt: Line 16 - REM TSR to remain active. To run CMD.EXE, the Windows command prompt,
Config.nt: Line 17 - REM rather than COMMAND.COM, add the command ntcmdprompt to CONFIG.NT or
Config.nt: Line 18 - REM other startup file.
Config.nt: Line 19 - REM
Config.nt: Line 20 - REM DOSONLY
Config.nt: Line 21 - REM By default, you can start any type of application when running
Config.nt: Line 22 - REM COMMAND.COM. If you start an application other than an MS-DOS-based
Config.nt: Line 23 - REM application, any running TSR may be disrupted. To ensure that only
Config.nt: Line 24 - REM MS-DOS-based applications can be started, add the command dosonly to
Config.nt: Line 25 - REM CONFIG.NT or other startup file.
Config.nt: Line 26 - REM
Config.nt: Line 27 - REM EMM
Config.nt: Line 28 - REM You can use EMM command line to configure EMM(Expanded Memory Manager).
Config.nt: Line 29 - REM The syntax is:
Config.nt: Line 30 - REM
Config.nt: Line 31 - REM EMM = [A=AltRegSets] [B=BaseSegment] [RAM]
Config.nt: Line 32 - REM
Config.nt: Line 33 - REM AltRegSets
Config.nt: Line 34 - REM specifies the total Alternative Mapping Register Sets you
Config.nt: Line 35 - REM want the system to support. 1 <= AltRegSets <= 255. The
Config.nt: Line 36 - REM default value is 8.
Config.nt: Line 37 - REM BaseSegment
Config.nt: Line 38 - REM specifies the starting segment address in the Dos conventional
Config.nt: Line 39 - REM memory you want the system to allocate for EMM page frames.
Config.nt: Line 40 - REM The value must be given in Hexdecimal.
Config.nt: Line 41 - REM 0x1000 <= BaseSegment <= 0x4000. The value is rounded down to
Config.nt: Line 42 - REM 16KB boundary. The default value is 0x4000
Config.nt: Line 43 - REM RAM
Config.nt: Line 44 - REM specifies that the system should only allocate 64Kb address
Config.nt: Line 45 - REM space from the Upper Memory Block(UMB) area for EMM page frames
Config.nt: Line 46 - REM and leave the rests(if available) to be used by DOS to support
Config.nt: Line 47 - REM loadhigh and devicehigh commands. The system, by default, would
Config.nt: Line 48 - REM allocate all possible and available UMB for page frames.
Config.nt: Line 49 - REM
Config.nt: Line 50 - REM The EMM size is determined by pif file(either the one associated
Config.nt: Line 51 - REM with your application or _default.pif). If the size from PIF file
Config.nt: Line 52 - REM is zero, EMM will be disabled and the EMM line will be ignored.
Config.nt: Line 53 - REM
Config.nt: Line 54 - dos=high, umb
Config.nt: Line 55 - device=%SystemRoot%\system32\himem.sys
Config.nt: Line 56 - files=40
AutoExec.nt: Line 1 - @echo off
AutoExec.nt: Line 3 - REM AUTOEXEC.BAT is not used to initialize the MS-DOS environment.
AutoExec.nt: Line 4 - REM AUTOEXEC.NT is used to initialize the MS-DOS environment unless a
AutoExec.nt: Line 5 - REM different startup file is specified in an application's PIF.
AutoExec.nt: Line 7 - REM Install CD ROM extensions
AutoExec.nt: Line 8 - lh %SystemRoot%\system32\mscdexnt.exe
AutoExec.nt: Line 10 - REM Install network redirector (load before dosx.exe)
AutoExec.nt: Line 11 - lh %SystemRoot%\system32\redir
AutoExec.nt: Line 13 - REM Install DPMI support
AutoExec.nt: Line 14 - lh %SystemRoot%\system32\dosx
AutoExec.nt: Line 16 - REM The following line enables Sound Blaster 2.0 support on NTVDM.
AutoExec.nt: Line 17 - REM The command for setting the BLASTER environment is as follows:
AutoExec.nt: Line 18 - REM SET BLASTER=A220 I5 D1 P330
AutoExec.nt: Line 19 - REM where:
AutoExec.nt: Line 20 - REM A specifies the sound blaster's base I/O port
AutoExec.nt: Line 21 - REM I specifies the interrupt request line
AutoExec.nt: Line 22 - REM D specifies the 8-bit DMA channel
AutoExec.nt: Line 23 - REM P specifies the MPU-401 base I/O port
AutoExec.nt: Line 24 - REM T specifies the type of sound blaster card
AutoExec.nt: Line 25 - REM 1 - Sound Blaster 1.5
AutoExec.nt: Line 26 - REM 2 - Sound Blaster Pro I
AutoExec.nt: Line 27 - REM 3 - Sound Blaster 2.0
AutoExec.nt: Line 28 - REM 4 - Sound Blaster Pro II
AutoExec.nt: Line 29 - REM 6 - SOund Blaster 16/AWE 32/32/64
AutoExec.nt: Line 30 - REM
AutoExec.nt: Line 31 - REM The default value is A220 I5 D1 T3 and P330. If any of the switches is
AutoExec.nt: Line 32 - REM left unspecified, the default value will be used. (NOTE, since all the
AutoExec.nt: Line 33 - REM ports are virtualized, the information provided here does not have to
AutoExec.nt: Line 34 - REM match the real hardware setting.) NTVDM supports Sound Blaster 2.0 only.
AutoExec.nt: Line 35 - REM The T switch must be set to 3, if specified.
AutoExec.nt: Line 36 - SET BLASTER=A220 I5 D1 P330 T3
AutoExec.nt: Line 38 - REM To disable the sound blaster 2.0 support on NTVDM, specify an invalid
AutoExec.nt: Line 39 - REM SB base I/O port address. For example:
AutoExec.nt: Line 40 - REM SET BLASTER=A0

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 04/01/2004 16:56 | Attr = HS])
C:\Documents and Settings\All Users\Application Data\hpzinstall.log - ( [Ver = | Size = 786 bytes | Date = 08/31/2006 16:12 | Attr = ])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Owner\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 04/01/2004 16:56 | Attr = HS])

Program Files Folder

Common Files Folder

DPF files
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/...indows-i586.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

Hosts file = 686 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright © 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a "#" symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
# -
127.0.0.1 localhost -

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 1
Desktop\Components\0 -
Desktop\Components\0\\Source - About:Home
Desktop\Components\0\\SubscribedURL - About:Home
Desktop\Components\0\\FriendlyName - My Current Home Page
Desktop\Components\0\\Flags - 2
Desktop\Components\0\\Position - 2C 00 00 00 A0 00 00 00 00 00 00 00 80 02 00 00 3A 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 04 00 00 40
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00
Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 6A 02 00 00 23 00 00 00 A4 00 00 00 9A 00 00 00 01 00 00 00
Desktop\General -
Desktop\General\\BackupWallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\General\\WallpaperFileTime - 0A 46 30 25 67 D5 C6 01
Desktop\General\\WallpaperLocalFileTime - 0A 6E D1 78 2C D5 C6 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 2
Desktop\General\\Wallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\General\\ComponentsPositioned - 1
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 20 03 00 00 3A 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Explorer -
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1
policies\WinOldApp -
policies\WinOldApp\\Disabled - 0

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\System -
policies\System\\DisableTaskMgr - 0
policies\System\\DisableRegistryTools - 0

>>>>Output for AddOn file Security.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Security Center -
Security Center\\AntiVirusDisableNotify - 0
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 0
Security Center\\FirewallOverride - 0
Security Center\Monitoring -
Security Center\Monitoring\AhnlabAntiVirus -
Security Center\Monitoring\ComputerAssociatesAntiVirus -
Security Center\Monitoring\KasperskyAntiVirus -
Security Center\Monitoring\McAfeeAntiVirus -
Security Center\Monitoring\McAfeeFirewall -
Security Center\Monitoring\PandaAntiVirus -
Security Center\Monitoring\PandaFirewall -
Security Center\Monitoring\SophosAntiVirus -
Security Center\Monitoring\SymantecAntiVirus -
Security Center\Monitoring\SymantecFirewall -
Security Center\Monitoring\TinyFirewall -
Security Center\Monitoring\TrendAntiVirus -
Security Center\Monitoring\TrendFirewall -
Security Center\Monitoring\ZoneLabsFirewall -

KEY - HKLM\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\BITS -
BITS\\Type - 32
BITS\\Start - 3
BITS\\ErrorControl - 1
BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
BITS\\DisplayName - Background Intelligent Transfer Service
BITS\\DependOnService - Rpcss;
BITS\\DependOnGroup -
BITS\\ObjectName - LocalSystem
BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
BITS\Parameters -
BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
BITS\Security -
BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
BITS\Enum -
BITS\Enum\\0 - Root\LEGACY_BITS\0000
BITS\Enum\\Count - 1
BITS\Enum\\NextInstance - 1

KEY - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess -
SharedAccess\\Start - 2
SharedAccess\Epoch -
SharedAccess\Parameters -
SharedAccess\Parameters\FirewallPolicy -
SharedAccess\Parameters\FirewallPolicy\DomainProfile -
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications -
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -
SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
SharedAccess\Parameters\FirewallPolicy\StandardProfile -
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications -
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -
SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

KEY - HKLM\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv -
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
wuauserv\Parameters -
wuauserv\Parameters\\ServiceDll - C:\WINDOWS\System32\wuauserv.dll
wuauserv\Security -
wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
wuauserv\Enum -
wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
wuauserv\Enum\\Count - 1
wuauserv\Enum\\NextInstance - 1

>>>>Output for AddOn file SID_Run_Policies.def<<<<

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run -

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145

>>>>Output for AddOn file SystemRestore.def<<<<

KEY - HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore - Include SUBKEYS
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore -
SystemRestore\\DisableConfig - 1
SystemRestore\\DisableSR - 1

KEY - HKLM\SYSTEM\CurrentControlSet\Services\sr - Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\sr -
sr\\Type - 2
sr\\Start - 4
sr\\ErrorControl - 1
sr\\Tag - 4
sr\\ImagePath - \SystemRoot\System32\DRIVERS\sr.sys
sr\\DisplayName - System Restore Filter Driver
sr\\Group - FSFilter System Recovery
sr\Parameters -
sr\Parameters\\FirstRun - 1
sr\Parameters\\DontBackup - 0
sr\Parameters\\MachineGuid - {ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}
sr\Security -
sr\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
sr\Enum -
sr\Enum\\0 - Root\LEGACY_SR\0000
sr\Enum\\Count - 1
sr\Enum\\NextInstance - 1

KEY - HKLM\SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_SR - Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\Enum\Root\LEGACY_SR not found. -

KEY - HKLM\SYSTEM\ControlSet001\Services\sr - Include SUBKEYS
HKLM\SYSTEM\ControlSet001\Services\sr -
sr\\Type - 2
sr\\Start - 4
sr\\ErrorControl - 1
sr\\Tag - 4
sr\\ImagePath - \SystemRoot\System32\DRIVERS\sr.sys
sr\\DisplayName - System Restore Filter Driver
sr\\Group - FSFilter System Recovery
sr\Parameters -
sr\Parameters\\FirstRun - 1
sr\Parameters\\DontBackup - 0
sr\Parameters\\MachineGuid - {ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}
sr\Security -
sr\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
sr\Enum -
sr\Enum\\0 - Root\LEGACY_SR\0000
sr\Enum\\Count - 1
sr\Enum\\NextInstance - 1

KEY - HKLM\SYSTEM\ControlSet001\Services\Enum\Root\LEGACY_SR - Include SUBKEYS
HKLM\SYSTEM\ControlSet001\Services\Enum\Root\LEGACY_SR not found. -

< End of report >
  • 0

#10
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Please download firewall.zip from HERE

Unzip it to your desktop. Double-click firewall.reg When asked if you want to merge with the registry click YES.

After the merged successfully prompt, reboot your computer.

Go to Start > Run and type:
firewall.cpl
Make sure your firewall is on and nothing is greyed out.

For System Restore,

Check your settings here: For Pro: Start/Run/gpedit.msc. Computer Configuration, Administrative Templates, System, System Restore.
  • 0

#11
pandora13

pandora13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Got the firewall on, but the gpedit.msc doesn't work.....Is it different if I am using Home Edition? Thank-you kindly
  • 0

#12
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Yes, if you have XP Home, we will try a regfix for that as well.

Now please copy the following text in the code box to Notepad. Make sure there is no empty line above REGEDIT4. In Notepad go to File > Save As. Name it Fixit.reg, in the drop down box at the bottom choose "All Files", and save it on your desktop. Then double click on Fixit.reg and let it merge with the registry..

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"=-
"DisableSR"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
"Start"=dword:00000002

Reboot and see if you have the tab back.
  • 0

#13
pandora13

pandora13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thank you soooo much.....its all good. :whistling:
  • 0

#14
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Your log looks clean now.

Now let's reset your restore points.

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Press OK. Choose 'Create a Restore Point' then Next. Name it and press 'Create' then when the confirmation screen shows the restore point has been created click 'Close'

Next goto Start Menu > Run > type

cleanmgr

click OK, when Disk Cleanup opens goto the 'More Options' tab and press 'Cleanup' on the system restore area which will remove all the restore points except the one we just created. To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Please take the following into consideration to maintain a clean computer.

Now you should go get a firewall. Don't rely on the Windows firewall as it monitors only incoming traffic. Pick one of these, they are all free.
Kerio
Zonealarm
Outpost
Sygate

I'll also recommend you to install a monitoring software which will monitor certain areas on your computer and will place alerts when those are being modified. One such software I'll recommend is Prevx, but it's for advanced users as the messages it displays can be hard to decipher. One other similar but more user friendly software is Winpatrol. Both are free programs.
Winpatrol
Prevx

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0

#15
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP