Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Attack! Attack! Computer keeps rebooting!


  • Please log in to reply

#16
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That means it didn't get saved as a reg file. Try this... when you save the file use quotation marks around fixme.reg

"fixme.reg"

Then it should save the file as a reg file and not a text file.
  • 0

Advertisements


#17
lnijjar

lnijjar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
:blink: Don't know what's wrong with this whacky thing... I did it like 4 times...ensuring it saves under "all files" not .txt it saves correctly with building block icon...but does the same exact thing when I click on it...it just opens. If I right click on it ...it says MERGE... I do that..but nothing happens..... Bigger hammer u think?

So I opened up wordpad vs notepad..just for grins :whistling: and saved it as fixme2.reg saved it to my desktop... Althought it wont ask me to merge on a double-click either..when I DO hit merge I get this...is this what it's suppose to look like? If yes..then my next question is....am I suppose to RESAVE it?

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1507;}\viewkind4\uc1\pard\f0\fs20 REGEDIT4\par
\par
[HKEY_USERS\\.default\\software\\microsoft\\windows\\currentversion\\run]\par
"_mzu_stonedrv2"=-\par
\par
[HKEY_USERS\\s-1-5-18\\software\\microsoft\\windows\\currentversion\\run]\par
"_mzu_stonedrv2"=-\par
\par
[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\explorer\\sharedtaskscheduler]\par
"\{2C1CD3D7-86AC-4068-93BC-A02304BB2238\}"=-\par

Edited by lnijjar, 25 October 2006 - 10:17 AM.

  • 0

#18
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's check something. Click Start -> Run -> regedit
Does you registry editor open up?


Go ahead with the scan with WinPFind and post that log.
  • 0

#19
lnijjar

lnijjar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Ok...

I can get the regedit to open in "normal" mode - however in safe mode..."run" isn't even an option on the start menu...

The WinPfind2 has been downloaded and I followed the instructions...but everytime..it locks up :whistling:
  • 0

#20
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Download the attached file and extract it your desktop.
Double click fix.reg and approve it to merge with your registry.

Let me know if you have any problems with this one.


When you run WinPFind, where does it lock up?
You should be able to see what it's scanning at the bottom. Is it on registry or file scanning when it locks up?
  • 0

#21
lnijjar

lnijjar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Ok..lol... I did the save..went to normal mode..unzipped..etc..all it did was essentially open the text file..I wasn't sure what to do after that point..so i hit save...

Ran the other win2..locks up during the registration.
  • 0

#22
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hmmm....

Open WinPFind and select the Configuration tab.
Under Registry Options click Remove All
The select only these items.

File Associations
Registry Run Keys
Miscellaneous Auto-Run Keys
Winlogon


Under File Options click Select All


Then click Run All Scans.

When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.

Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it and then please post that report into this topic. After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.


Let me know if you have any problems.
  • 0

#23
lnijjar

lnijjar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Seems to have locked up again... was anything suppose to be checked in the Add-ons? I did notice the "Run Ad ons" was check..but none of the boxes. When I first hit scan it said something to the effect of "Out of grid"...? Now it is stuck on "Scanning services"
  • 0

#24
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Can you try it in Safe mode?
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
  • If you have trouble getting into Safe mode go here for more info.

  • 0

#25
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Nothing needs to be selected in Add-ons.
  • 0

Advertisements


#26
lnijjar

lnijjar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
That is in safe mode...normal mode is acting all funky/slow again... I'll try it in normal mode just for grins.
  • 0

#27
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Ok, let me know if you have the same issues in normal mode.
  • 0

#28
lnijjar

lnijjar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Just ran it in Normal Mode...it's locking up on hpwebhelper.log and stopping ....i'm in safe mode currently (I can't get networking to work in normal)
  • 0

#29
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's try a previous version of that same program.

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
  • 0

#30
lnijjar

lnijjar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
::::::::::You'll notice there are many duplicate files in the log...grrrrrrrrrr::::::::::::::::::;



WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/30/2006 2:23:27 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop\WinPFind\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
PECompact2 9/19/2006 8:50:46 PM 14405024 C:\Program Files\GoogleEarthWin(2).exe (Macrovision Corporation)
PECompact2 9/19/2006 8:50:46 PM 14405024 C:\Program Files\GoogleEarthWin.exe (Macrovision Corporation)
UPX! 10/25/2006 9:49:12 PM 1920432 C:\Program Files\sfld.exe (Selteco)

Checking %WinDir% folder...
WSUD 10/22/2006 7:47:40 AM 6979584 C:\WINDOWS\outlook.pst ()

Checking %System% folder...
WSUD 8/17/2005 9:25:20 AM 18771968 C:\WINDOWS\SYSTEM32\ALSNDMGR(2).CPL (Realtek Semiconductor Corp.)
WSUD 8/17/2005 9:25:20 AM 18771968 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
PEC2 8/9/2004 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg(2).msc ()
PEC2 8/9/2004 12:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
aspack 9/5/2006 9:01:14 AM 1212928 C:\WINDOWS\SYSTEM32\Incinerator(2).dll ()
aspack 9/5/2006 9:01:14 AM 1212928 C:\WINDOWS\SYSTEM32\Incinerator.dll ()
PTech 8/7/2006 8:50:22 AM 1484592 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation)
PECompact2 10/4/2006 11:03:46 AM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 10/4/2006 11:03:46 AM 9639336 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/9/2004 12:00:00 PM 1200128 C:\WINDOWS\SYSTEM32\ntbackup(2).exe (Microsoft Corporation)
WSUD 8/9/2004 12:00:00 PM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/9/2004 7:00:00 PM 708096 C:\WINDOWS\SYSTEM32\ntdll(2).dll (Microsoft Corporation)
aspack 8/9/2004 7:00:00 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/9/2004 12:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr(2).cpl (Microsoft Corporation)
WSUD 8/9/2004 12:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
PEC2 7/10/1997 11:00:00 PM 163384 C:\WINDOWS\SYSTEM32\ODBCJET(2).HLP ()
PEC2 7/10/1997 11:00:00 PM 163384 C:\WINDOWS\SYSTEM32\ODBCJET.HLP ()
Umonitor 8/9/2004 12:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg(2).dll (Microsoft Corporation)
Umonitor 8/9/2004 12:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/9/2004 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 3:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/29/2006 3:04:36 PM S 2048 C:\WINDOWS\bootstat.dat ()
10/29/2006 1:47:00 PM H 54156 C:\WINDOWS\QTFont.qfn ()
10/29/2006 3:04:50 PM S 64 C:\WINDOWS\CSC\00000001 ()
10/19/2006 6:36:52 PM S 64 C:\WINDOWS\CSC\00000002 ()
10/6/2006 6:37:56 AM H 0 C:\WINDOWS\inf\oem43.inf ()
10/22/2006 7:12:10 AM H 540 C:\WINDOWS\network diagnostic\Sqm\NetDiag00.sqm ()
10/10/2006 7:26:54 PM HS 54 C:\WINDOWS\SMINST\DVD ()
10/10/2006 7:26:52 PM HS 22 C:\WINDOWS\SMINST\HPCD(2).sys ()
10/10/2006 7:26:52 PM HS 22 C:\WINDOWS\SMINST\HPCD.sys ()
9/12/2006 8:23:54 PM S 9435 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924191.cat ()
9/3/2006 9:38:52 PM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924496.cat ()
9/18/2006 5:40:26 AM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486(2).cat ()
9/18/2006 5:40:26 AM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat ()
10/29/2006 3:04:40 PM H 16384 C:\WINDOWS\system32\config\default.LOG ()
10/29/2006 3:04:58 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
10/30/2006 2:04:58 PM H 20480 C:\WINDOWS\system32\config\SECURITY.LOG ()
10/30/2006 10:46:02 AM H 1208320 C:\WINDOWS\system32\config\software.LOG ()
10/29/2006 8:37:16 PM H 1150976 C:\WINDOWS\system32\config\system.LOG ()
10/20/2006 6:24:18 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
10/17/2006 2:40:18 PM H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG ()
10/23/2006 2:33:58 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini ()
10/23/2006 2:33:58 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini ()
10/17/2006 3:55:24 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\d11bd94f-4bf5-47c9-b3c5-50d3ca8d87d9 ()
10/17/2006 3:55:24 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
10/29/2006 3:24:48 PM H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job ()
10/29/2006 3:03:34 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/9/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\access(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/17/2005 9:25:20 AM 18771968 C:\WINDOWS\SYSTEM32\ALSNDMGR(2).CPL (Realtek Semiconductor Corp.)
8/17/2005 9:25:20 AM 18771968 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/9/2004 12:00:00 PM 549888 C:\WINDOWS\SYSTEM32\appwiz(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
7/10/1997 11:00:00 PM 22528 C:\WINDOWS\SYSTEM32\FINDFAST(2).CPL ()
7/10/1997 11:00:00 PM 22528 C:\WINDOWS\SYSTEM32\FINDFAST.CPL ()
8/9/2004 12:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 129536 C:\WINDOWS\SYSTEM32\intl(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
7/27/2004 2:50:48 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM(2).cpl (InstallShield Software Corporation)
7/27/2004 2:50:48 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
8/9/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\joy(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
8/26/2005 4:14:42 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32(2).cpl (Sun Microsystems, Inc.)
8/26/2005 4:14:42 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/9/2004 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
7/10/1997 11:00:00 PM 53520 C:\WINDOWS\SYSTEM32\MLCFG32(2).CPL (Microsoft Corporation)
7/10/1997 11:00:00 PM 53520 C:\WINDOWS\SYSTEM32\MLCFG32.CPL (Microsoft Corporation)
8/9/2004 12:00:00 PM 618496 C:\WINDOWS\SYSTEM32\mmsys(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 114688 C:\WINDOWS\SYSTEM32\powercfg(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 298496 C:\WINDOWS\SYSTEM32\sysdm(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 2:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 162304 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl(2).cpl (Microsoft Corporation)
8/9/2004 12:00:00 PM 162304 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{02BCC737-B171-4746-94C9-0D8A0B2C0089} - Microsoft Office Template and Media Control - CodeBase = http://office.micros...tes/ieawsdc.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab
{0645D7F3-C20E-4E0B-A545-557527497C0B} - NMInstall Control - CodeBase = http://a14.g.akamai....GAPANEL_USA.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://active.macrom...tor/cabs/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?LinkID=39204
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} - - CodeBase = http://www.symantec....rl/LSSupCtl.cab
{2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} - Microsoft Data Collection Control - CodeBase = https://support.micr...ActiveX/odc.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.micros...b?1160093392515
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/...indows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.ma...ash/swflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
5/18/2006 1:20:46 PM 1918 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk ()
8/30/2005 12:02:10 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2).ini ()
8/30/2005 12:02:10 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
10/12/2006 9:08:38 AM 1850 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kaspersky Anti-Hacker.lnk ()
10/23/2006 9:36:18 PM 2004 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/30/2005 4:52:20 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop(2).ini ()
8/30/2005 4:52:20 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
5/11/2006 1:13:56 PM 368 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()

Checking files in %USERPROFILE%\Startup folder...
8/30/2005 12:02:10 PM HS 84 C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
8/30/2005 4:52:20 AM HS 62 C:\Documents and Settings\Compaq_Administrator\Application Data\desktop.ini ()
5/28/2006 2:48:42 PM 910 C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer]
\\SearchURL - http://www.microsoft...amp;ar=iesearch

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://ie.redirect.h...a...&pf=desktop
\\Search Bar - http://us.rd.yahoo.c...rch/search.html
\\Search Page - http://www.microsoft...amp;ar=iesearch
\\Default_Page_URL - http://ie.redirect.h...a...&pf=desktop
\\Default_Search_URL - http://us.rd.yahoo.c...//www.yahoo.com
\\Local Page - C:\WINDOWS\SYSTEM32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Search Bar - http://www.microsoft...amp;ar=iesearch
\\Search Page - http://www.microsoft...amp;ar=iesearch
\\Default_Search_URL -
\\Local Page - C:\WINDOWS\SYSTEM32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm
\\SearchAssistant - http://www.microsoft...amp;ar=iesearch

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
\\SearchAssistant - http://www.microsoft...amp;ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc.)
\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - hpWebHelper Class = C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{21569614-B795-46B1-85F4-E737A8DC09AD} - Shell Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\\{C004DEC2-2623-438e-9CA2-C9043AB28508} - = ()
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)
\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - = ()
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
\WebBrowser\\{C004DEC2-2623-438E-9CA2-C9043AB28508} - = ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
\\NEXTID - 8199
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8193 =
\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - 8194 =
\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} - 8195 = Internet Connection Help
\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8196 = Yahoo! Messenger
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8197 = Windows Messenger
\\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8198 = @xpsp3res.dll,-20001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (Sun Microsystems, Inc.)
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services =
\{E2D4D26B-0180-43a4-B05F-462D6D54C789} - ButtonText: Internet Connection Help = C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - ButtonText: Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{DBFB267C-334F-4F19-A304-63B7130C20C7} - MediaCenter Property Page = arpower.dll (Microsoft)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{7F67036B-66F1-411A-AD85-759FB9C5B0DB} - ShellViewRTF = C:\WINDOWS\system32\ShellvRTF.dll (XSS)
\\{D0FAC080-AE1A-11ce-8016-CE90976DC901} - Picture Publisher File Viewer = ppiv20.dll ()
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{65756541-C65C-11CD-0000-4B656E696100} - Panda Antivirus = C:\Program Files\Panda Software\Panda Antivirus 2007\ShellTit.DLL (Panda Software International)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\Panda Antivirus - {65756541-C65C-11CD-0000-4B656E696100} = C:\Program Files\Panda Software\Panda Antivirus 2007\ShellTit.DLL (Panda Software International)
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Panda Antivirus - {65756541-C65C-11CD-0000-4B656E696100} = C:\Program Files\Panda Software\Panda Antivirus 2007\ShellTit.DLL (Panda Software International)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
AlwaysReady Power Message APP - C:\WINDOWS\ARPWRMSG.EXE (Microsoft)
DiscUpdateManager - C:\Program Files\DISC\DiscUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
DMAScheduler - c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ()
- Reg Data missing or invalid ()
PCDrProfiler - Reg Data missing or invalid ()
HPBootOp - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
HostManager - C:\Program Files\Common Files\AOL\1148023627\ee\AOLSoftware.exe (America Online, Inc.)
Samsung LBP SM - C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe (Samsung Electronics.)
type32 - C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
IPHSend - C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
Windows Defender - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
SystemGuardAlerter - SystemGuardAlerter.exe ()
APVXDWIN - C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE (Panda Software International)
!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
- Reg Data missing or invalid ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
Aim6 - Reg Data missing or invalid ()
PlaxoUpdate - C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe (Plaxo, Inc.)
updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
tunebite.exe - C:\Program Files\tunebite\tunebite.exe ()
SMSystemAnalyzer - C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe ()
System Mechanic Popup Blocker - C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe ()
OfotoNow USB Detection - C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2).ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kaspersky Anti-Hacker.lnk - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe (Kaspersky Lab)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -
\\FunWebProducts -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - Microsoft AntiMalware ShellExecuteHook = C:\PROGRA~1\WIFD1F~1\MpShHook.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{2C1CD3D7-86AC-4068-93BC-A02304BB2238} - = ()

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
\\Shell = explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\AtiExtEvent - Ati2evxx.dll = (ATI Technologies Inc.)
\avldr - avldr.dll = (Panda Software)
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{1B4F030A-B5CC-45AF-A08C-130452EA6284} - (Realtek RTL8139/810x Family Fast Ethernet NIC)
{340BD257-9DB2-429E-945D-C59DCF1B445A} - (1394 Net Adapter)
{892900FC-9814-4488-99C0-81491C1EE93D} - (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter)
{DB4DCF9A-6737-46FD-A7A3-12BFCA14D6D9} - ()

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - CC:\Program Files\Panda Software\Panda Antivirus 2007\pavlsp.dll ()
\000000000002\\PackedCatalogItem - CC:\Program Files\Panda Software\Panda Antivirus 2007\pavlsp.dll ()
\000000000003\\PackedCatalogItem - CC:\Program Files\Panda Software\Panda Antivirus 2007\pavlsp.dll ()
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - CC:\Program Files\Panda Software\Panda Antivirus 2007\pavlsp.dll ()

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Edited by lnijjar, 30 October 2006 - 05:36 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP