Logfile created on: 10/11/2006 00:25
WinPFind2 by OldTimer - Version 1.0.11 Folder = C:\Documents and Settings\Gene\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
< Processes (Non-Microsoft Only) >
d:\program files\adobe\acrobat 7.0\distillr\acrotray.exe - (Adobe Systems Inc. )
c:\program files\common files\aol\1151790574\ee\aim6.exe - (America Online, Inc. )
c:\program files\symantec\liveupdate\aluschedulersvc.exe - (Symantec Corporation )
c:\program files\common files\aol\1151790574\ee\aolsoftware.exe - (America Online, Inc. )
c:\windows\system32\ati2evxx.exe - (ATI Technologies Inc. )
c:\windows\system32\ati2evxx.exe - (ATI Technologies Inc. )
c:\program files\ati technologies\ati control panel\atiptaxx.exe - (ATI Technologies, Inc. )
c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe - (Anti-Malware Development a.s. )
c:\program files\common files\symantec shared\ccapp.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\ccevtmgr.exe - (Symantec Corporation )
c:\program files\norton internet security\ccpxysvc.exe - (Symantec Corporation )
c:\program files\creative\media source\detector\ctdetect.exe - (Creative Technology Ltd )
c:\windows\system32\ctsvccda.exe - (Creative Technology Ltd )
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe - (Anti-Malware Development a.s. )
c:\windows\system32\hpzipm12.exe - (HP )
c:\program files\java\jre1.5.0_06\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\program files\norton antivirus\navapsvc.exe - (Symantec Corporation )
c:\program files\norton internet security\nisum.exe - (Symantec Corporation )
c:\program files\common files\real\update_ob\realsched.exe - (RealNetworks, Inc. )
c:\program files\common files\symantec shared\security center\symwsc.exe - (Symantec Corporation )
c:\program files\trojanhunter 4.6\thguard.exe - (Mischel Internet Security )
c:\documents and settings\gene\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )
< Registry Entries >
[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page -
http://www.microsoft...p...ER}&ar=home HKLM->Main\\Search Page -
http://www.microsoft...amp;ar=iesearch HKLM->Main\\Default_Page_URL -
http://www.microsoft...p...&ar=msnhome HKLM->Main\\Default_Search_URL -
http://www.microsoft...amp;ar=iesearch HKLM->Main\\Local Page - C:\windows\system32\blank.htm
HKCU->Main\\Start Page -
http://www.yahoo.com/ HKCU->Main\\Search Page -
http://www.microsoft...amp;ar=iesearch HKCU->Main\\Default_Search_URL -
http://www.microsoft...amp;ar=iesearch HKCU->Main\\Local Page - C:\windows\system32\blank.htm
HKLM->Search\\CustomizeSearch -
http://ie.search.msn...st/srchcust.htm HKLM->Search\\SearchAssistant -
http://ie.search.msn...st/srchasst.htm HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride - localhost
[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. )
{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation )
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} - ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation )
{AE7CD045-E861-484f-8273-0445EE161910} - AcroIEToolbarHelper Class = D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated )
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation )
{BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
[>> Internet Explorer Bars, Toolbars and Extensions <<]
[HKLM-> Internet Explorer Bars]
{182EC0BE-5110-49C8-A062-BEB1D02A220B} - Adobe PDF = D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated )
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
[HKCU-> Internet Explorer Bars]
{32683183-48a0-441b-a342-7c2a440a9478} - Reg Data missing or invalid = Reg Data missing or invalid (File not found)
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
[HKLM-> Internet Explorer ToolBars]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated )
[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated )
WebBrowser\\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} - Reg Data missing or invalid = Reg Data missing or invalid (File not found)
[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8194 - Sun Java Console
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8197 - Reg Data missing or invalid
{A75C6120-9B36-11d4-A3F0-009027427750} - 8195 - Reg Data missing or invalid
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8199 - Reg Data missing or invalid
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - 8198 - PartyPoker.com
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8196 - Reg Data missing or invalid
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 - Windows Messenger
NextId - 8200
[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc. )
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. )
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - ButtonText: PartyPoker.com = C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (File not found)
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )
[HKCU-> Internet Explorer Menu Extensions]
Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated )
Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated )
Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated )
Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated )
Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated )
Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated )
Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated )
Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated )
E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation )
[HKLM-> Internet Explorer Plugins]
.spop - Reg Data missing or invalid = C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc. )
[>> Approved Shell Extensions (Non-Microsoft only) <<]
[HKLM-> Approved Shell Extensions]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found)
{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = Reg Data missing or invalid (File not found)
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} - My Logitech Pictures = D:\Program Files\Logitech\Video\Namespc2.dll (Logitech Inc. )
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found)
{4AFB2C12-9D16-4478-AEF4-C3FC539961E4} - Zen MicroPhoto Media Explorer = D:\Program Files\Creative Zen\SHCTMTP.dll (Creative Technology Ltd )
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found)
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc. )
{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.5 Context Menu Shell Extension = D:\Program Files\WinAce\arcext.dll (e-merge GmbH )
{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.5 Property Sheet Shell Extension = D:\Program Files\WinAce\arcext.dll (e-merge GmbH )
{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.5 DragDrop Shell Extension = D:\Program Files\WinAce\arcext.dll (e-merge GmbH )
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.5 Context Menu Shell Extension = D:\Program Files\WinAce\arcext.dll (e-merge GmbH )
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} - PowerISO = Reg Data missing or invalid (File not found)
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} - Adobe.Acrobat.ContextMenu = D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc. )
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} - TrojanHunter Menu Shell Extension = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. )
[>> ContextMenuHandlers (Non-Microsoft only) <<]
[HKLM-> ContextMenuHandlers]
* - Adobe.Acrobat.ContextMenu - {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc. )
* - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
* - Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
* - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
* - ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = D:\Program Files\WinAce\arcext.dll (e-merge GmbH )
Directory - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
Directory - PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = Reg Data missing or invalid (File not found)
Directory - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
Directory - ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = D:\Program Files\WinAce\arcext.dll (e-merge GmbH )
Folder - PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = Reg Data missing or invalid (File not found)
Folder - Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
Folder - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
[>> ColumnHandlers (Non-Microsoft only) <<]
[HKLM-> ColumnHandlers]
Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )
[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\System32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1
[>> Registry Run Keys <<]
HKLM->Run\\ - (File not found)
HKLM->Run\\!AVG Anti-Spyware - "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized (Anti-Malware Development a.s. )
HKLM->Run\\Acrobat Assistant 7.0 - "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc. )
HKLM->Run\\ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc. )
HKLM->Run\\ccApp - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation )
HKLM->Run\\ccRegVfy - "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" (Symantec Corporation )
HKLM->Run\\HostManager - C:\Program Files\Common Files\AOL\1151790574\ee\AOLSoftware.exe (America Online, Inc. )
HKLM->Run\\IPHSend - C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc. )
HKLM->Run\\SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc. )
HKLM->Run\\Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation )
HKLM->Run\\THGuard - "C:\Program Files\TrojanHunter 4.6\THGuard.exe" (Mischel Internet Security )
HKLM->Run\\TkBellExe - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc. )
HKLM->Run\\Windows Defender - "D:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\Aim6 - "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp (America Online, Inc. )
HKCU->Run\\Creative Detector - "C:\Program Files\Creative\Media Source\Detector\CTDetect.exe" /R (Creative Technology Ltd )
HKCU->Run\\Yahoo! Pager - "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet (File not found)
[>> Miscellaneous Startup Keys <<]
[AppInit DLLs]
AppInit_DLL - (File not found)
[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d
[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )
[Shell Execute Hooks]
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - Microsoft AntiMalware ShellExecuteHook = D:\PROGRA~1\WINDOW~1\MpShHook.dll (Microsoft Corporation )
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s. )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )
[Shared Task Scheduler]
[SafeBoot Option]
[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -
[HKCU Command Processor AutoRun]
[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;
[PendingFileRenameOperations]
Session Manager\\PendingFileRenameOperations - \??\C:\WINDOWS\system32\_000006_.tmp.dll;
[FileRenameOperations]
[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -
[>> Disabled MSConfig Items <<]
[>> User Agent Post Platform <<]
SV1 -
[>> Winlogon <<]
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\AtiExtEvent - Ati2evxx.dll (ATI Technologies Inc. )
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )
[>> DNS Name Servers <<]
{6EF08612-22C7-49FC-98C1-8E166B544143} - (Winbond W89C940-Based Ethernet Adapter (Generic))
{D4256743-A821-4708-99B0-E8ABAB018905} - (USB Cable Modem 351000)
{F3757E1B-924F-48C3-83A1-8F9BAEC23B0F} - ()
[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
[>> Protocol Handlers (Non-Microsoft only) <<]
cetihpz - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company )
ipp - (File not found)
msdaipp - (File not found)
[>> Protocol Filters (Non-Microsoft only) <<]
< Services (Non-Microsoft Only) >
Ati HotKey Poller (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc. ) [Automatic - Running - Win32, running in it's own process]
Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
Symantec Event Manager (ccEvtMgr) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Proxy Service (ccPxySvc) - "C:\Program Files\Norton Internet Security\ccPxySvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Creative Service for CDROM Access (Creative Service for CDROM Access) - C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Technology Ltd ) [Automatic - Running - Win32, running in it's own process]
Norton AntiVirus Auto Protect Service (navapsvc) - "C:\Program Files\Norton AntiVirus\navapsvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Norton Internet Security Accounts Manager (NISUM) - "C:\Program Files\Norton Internet Security\NISUM.EXE" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Pml Driver HPZ12 (Pml Driver HPZ12) - C:\WINDOWS\System32\HPZipm12.exe (HP ) [On Demand - Running - Win32, running in it's own process]
SymWMI Service (SymWSC) - "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
< Files >
Auto-Start Folders
HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ( [Ver = | Size = 25214 bytes | Date = 10/10/2006 12:27 | Attr = R ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 06/22/2005 13:16 | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation [Ver = 10.0.2609 | Size = 83360 bytes | Date = 02/12/2001 18:01 | Attr = ])
HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup
HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Gene\Start Menu\Programs\Startup
HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup
Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Miscellaneous Folders
AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 06/20/2005 12:45 | Attr = HS])
C:\Documents and Settings\All Users\Application Data\hpzinstall.log - ( [Ver = | Size = 360 bytes | Date = 06/22/2005 13:39 | Attr = ])
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache - ( [Ver = | Size = 2589 bytes | Date = 07/10/2006 21:58 | Attr = ])
CurrentUser ApplicationData Folder
C:\Documents and Settings\Gene\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 06/20/2005 12:45 | Attr = HS])
Program Files Folder
Common Files Folder
DPF files
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase =
http://www.apple.com...ex/qtplugin.cab{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase =
http://download.macr...director/sw.cab{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase =
http://go.microsoft....k/?linkid=39204{193C772A-87BE-4B19-A7BB-445B226FE9A1} - ewidoOnlineScan Control - CodeBase =
http://download.ewid...oOnlineScan.cab{2B323CD9-50E3-11D3-9466-00A0C9700498} - - CodeBase =
http://us.chat1.yimg...v45/yacscom.cab{2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - CPlayFirstTriJinxControl Object - CodeBase =
http://download.game...nx.1.0.0.55.cab{32505657-9980-0010-8000-00AA00389B71} - - CodeBase =
http://download.micr...01F/wmvadvd.cab{406B5949-7190-4245-91A9-30A17DE16AD0} - Snapfish Activia - CodeBase =
http://www1.snapfish...fishActivia.cab{556DDE35-E955-11D0-A707-000000521957} - - CodeBase =
http://www.xblock.co...clean_micro.exe{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase =
http://update.micros...b?1119466969750{644E432F-49D3-41A1-8DD5-E099162EEEC5} - Symantec RuFSI Utility Class - CodeBase =
http://security.syma...n/bin/cabsa.cab{7D1E9C49-BD6A-11D3-87A8-009027A35D73} - - CodeBase =
http://chat.yahoo.com/cab/yacsui.cab{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/...indows-i586.cab{9D190AE6-C81E-4039-8061-978EBAD10073} - F-Secure Online Scanner 3.0 - CodeBase =
http://support.f-sec.../ols3/fscax.cab{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - Aurigma Image Uploader 3.5 Control - CodeBase =
http://www.filelodge...geUploader3.cab{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - Java Plug-in 1.4.2_06 - CodeBase =
http://java.sun.com/...indows-i586.cab{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase =
http://java.sun.com/...indows-i586.cab{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/...indows-i586.cab{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/...indows-i586.cab{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase =
http://fpdownload.ma...ent/swflash.cab{D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - SproutLauncherCtrl Class - CodeBase =
http://download.game...outLauncher.cab{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - TikGames Online Control - CodeBase =
http://download.game...e/gpcontrol.cab{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - - CodeBase =
http://download.game...aploader_v6.cab{E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - AxRUploadControl Object - CodeBase =
http://www.imagestat....cab?v=1,0,0,34Hosts file = 734 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright © 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -
< Add On's >
>>>>Output for AddOn file HKCU_IEDesktop.def<<<<
KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 0
Desktop\General -
Desktop\General\\BackupWallpaper - %APPDATA%\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
Desktop\General\\WallpaperFileTime - 08 0C 40 7F 24 E5 C6 01
Desktop\General\\WallpaperLocalFileTime - 08 04 6A 96 FA E4 C6 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 0
Desktop\General\\Wallpaper - %APPDATA%\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
Desktop\General\\ComponentsPositioned - 1
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 00 04 00 00 E2 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -
>>>>Output for AddOn file Jobs.def<<<<
DIR - C:\WINDOWS\tasks\*.* - Parameters = Include SubFolders
C:\WINDOWS\tasks\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 03/31/2003 07:00 | Attr = RH ])
C:\WINDOWS\tasks\HP Usg Daily.job - ( [Ver = | Size = 340 bytes | Date = 10/10/2006 20:38 | Attr = ])
C:\WINDOWS\tasks\MP Scheduled Scan.job - ( [Ver = | Size = 330 bytes | Date = 10/10/2006 01:52 | Attr = H ])
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job - ( [Ver = | Size = 462 bytes | Date = 10/06/2006 20:00 | Attr = ])
C:\WINDOWS\tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 10/09/2006 16:44 | Attr = H ])
C:\WINDOWS\tasks\Symantec NetDetect.job - ( [Ver = | Size = 366 bytes | Date = 10/11/2006 00:24 | Attr = ])
C:\WINDOWS\tasks\XoftSpySE.job - ( [Ver = | Size = 360 bytes | Date = 10/10/2006 03:00 | Attr = ])
>>>>Output for AddOn file Policies.def<<<<
KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Attachments -
policies\Attachments\\ScanWithAntiVirus - 2
policies\explorer -
policies\explorer\run -
policies\Ext -
policies\Ext\CLSID -
policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} - 1
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1
KEY - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -
KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\ActiveDesktop -
policies\Associations -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 91 00 00 00
policies\Explorer\Run -
policies\System -
policies\System\\DisableRegistryTools - 0
KEY - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -
>>>>Output for AddOn file SID_Run_Policies.def<<<<
KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -
KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run -
KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145
Policies\Explorer\\CDRAutoRun - 0
KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145
Policies\Explorer\\CDRAutoRun - 0
< End of report >