Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan help/ Hijack This Log


  • This topic is locked This topic is locked

#1
Paulyboy

Paulyboy

    New Member

  • Member
  • Pip
  • 9 posts
I got a couple of trojans and some viruses included with this topic is my Log. I used AVG and scanned my computer and I got these viruses:


Trojan Horse Downloader.Zlob.R - Object name is mediacodec-v4.403.exe
Trojan Horse Downloader.Zlob.CS - Object name is 9nnvaj7.exe
Trojan Horse Downloader.Zlob.CP - Object name is 001CBB52d01
Trojan Horse Downloader.Zlob.CP - Object name is vidcodec280.exe
Trojan Horse Downloader.Agent.SK -Object name is Cabal.exe
Virus Identified Java/Byte Verify -Obecjt name is count.jar-7aaa38de-37b4f093.zip
Maybe infected by unknown virus Exploit.wmf -object name is 5putg861.wmf
Maybe infected by unknown virus Exploit.wmf -object name is ws2zyrlb.wmf

Thats basically it. I need help taking these viruses off, so help would be appreciated
____________________________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 1:51:48 PM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Paul Diamond\Desktop\Paul's Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gotwoot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 81.91.144.60:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINDOWS\Temp\RECOVE~1.EXE
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158936539065
O16 - DPF: {76CB493D-11F7-4236-BDE4-7A5851B03FA9} (Launcher Class) - http://cabalonline.n...WebLauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame...utComponent.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
  • 0

Advertisements


#2
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Hi Paulyboy and welcome to Geeks to Go :whistling:

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#3
Paulyboy

Paulyboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks man I finally got a reply last time I replied here it took forever but thanks, I know you guys are busy I did what you said heres my report.

Edit: Donnie Darko is a kick [bleep] movie plus that last song in the movie, "Mad World" by Gary Jules is sweet.

SmitFraudFix v2.123

Scan done at 23:16:34.57, Mon 11/20/2006
Run from C:\Documents and Settings\Paul Diamond\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Paul Diamond


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Paul Diamond\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PAULDI~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Edited by Paulyboy, 20 November 2006 - 11:23 PM.

  • 0

#4
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan, along with a new HijackThis log.

  • 0

#5
Paulyboy

Paulyboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Heres my avg scan

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:02:28 PM 11/22/2006

+ Scan result:



C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP314\A0201902.exe -> Adware.HotBar : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP314\A0201904.dll -> Adware.HotBar : Cleaned.
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\Documents and Settings\Paul Diamond\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-275eaf6f-36c7f9ea.class -> Downloader.OpenStream.y : Cleaned.
C:\Documents and Settings\Paul Diamond\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-5a8a5bd2-3622b15d.class -> Downloader.OpenStream.y : Cleaned.
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned.
C:\Documents and Settings\Paul Diamond\Local Settings\Temp\Cookies\paul [email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.151:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.152:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.100:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.101:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.103:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.154:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.183:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.97:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.98:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.36:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.37:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Paul Diamond\Local Settings\Temp\Cookies\paul [email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Paul Diamond\Local Settings\Temp\Cookies\paul [email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.124:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.125:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.126:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.127:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.128:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.129:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.130:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.172:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.35:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Paul Diamond\Local Settings\Temp\Cookies\paul [email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.156:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.157:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.158:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.159:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.160:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Paul Diamond\Local Settings\Temp\Cookies\paul [email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.87:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.88:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.89:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.90:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.91:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.92:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Paul Diamond\Local Settings\Temp\Cookies\paul [email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Paul Diamond\Local Settings\Temp\Cookies\paul [email protected][1].txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.142:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.187:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.102:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.99:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.176:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.177:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.178:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.179:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.180:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Paul Diamond\Local Settings\Temp\Cookies\paul [email protected][1].txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.182:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.133:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.134:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.135:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.136:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.137:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.138:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.139:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.140:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.120:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.123:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Paul Diamond\Local Settings\Temp\Cookies\paul [email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Paul Diamond\Local Settings\Temp\Cookies\paul [email protected][2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.27:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Paul Diamond\Application Data\Mozilla\Firefox\Profiles\lgr2npy8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end
_________________________________________________
Heres my Hijack

Logfile of HijackThis v1.99.1
Scan saved at 4:09:58 PM, on 11/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Paul Diamond\Desktop\Paul's Stuff\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gotwoot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 81.91.144.60:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RecoverFromReboo] C:\WINDOWS\Temp\RECOVE~1.EXE
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158936539065
O16 - DPF: {76CB493D-11F7-4236-BDE4-7A5851B03FA9} (Launcher Class) - http://cabalonline.n...WebLauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame...utComponent.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
  • 0

#6
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
hmmm, I'm not seeing much to be concerned about in your logs....lets look a little deeper.

Download WinPFind2.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind2 on your desktop.
  • Open the folder and double-click on winpfind2.exe to start the program.
  • Click on the Services tab.
  • From the two drop down boxes next to Filter list:, on the left one choose List all type of services and on the right one choose List all services.
  • Click on the Configuration tab.
  • Keep the standard settings and then in the AddOn-Options box click the checkboxes for
    • HKCU_IEDesktop.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Under File Options click Select All
  • Under Other Options put a check to both Show All boxes
  • Please maximize the window in order to be able to view the Status Bar where you can see the progress of the scan.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it and then please post that report into this topic. After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.

  • 0

#7
Paulyboy

Paulyboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Logfile created on: 11/24/2006 12:41:58 AM
WinPFind2 by OldTimer - Version 1.0.15 Folder = C:\Documents and Settings\Paul Diamond\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< All Processes >
\systemroot\system32\smss.exe - (Microsoft Corporation )
\??\c:\windows\system32\csrss.exe - (Microsoft Corporation )
\??\c:\windows\system32\winlogon.exe - (Microsoft Corporation )
c:\windows\system32\services.exe - (Microsoft Corporation )
c:\windows\system32\lsass.exe - (Microsoft Corporation )
c:\windows\system32\ati2evxx.exe - (ATI Technologies Inc. )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] - (Microsoft Corporation )
(DcomLaunch) C:\WINDOWS\system32\rpcss.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] - (Microsoft Corporation )
(RpcSs) C:\WINDOWS\system32\rpcss.dll - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] - (Microsoft Corporation )
(AppMgmt) C:\WINDOWS\System32\appmgmts.dll - (Microsoft Corporation )
(AudioSrv) C:\WINDOWS\System32\audiosrv.dll - (Microsoft Corporation )
(BITS) C:\WINDOWS\system32\qmgr.dll - (Microsoft Corporation )
(Browser) C:\WINDOWS\System32\browser.dll - (Microsoft Corporation )
(CryptSvc) C:\WINDOWS\System32\cryptsvc.dll - (Microsoft Corporation )
(Dhcp) C:\WINDOWS\System32\dhcpcsvc.dll - (Microsoft Corporation )
(dmserver) C:\WINDOWS\System32\dmserver.dll - (Microsoft Corp. )
(ERSvc) C:\WINDOWS\System32\ersvc.dll - (Microsoft Corporation )
(EventSystem) C:\WINDOWS\system32\es.dll - (Microsoft Corporation )
(FastUserSwitchingCompatibility) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(helpsvc) %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (File not found))
(HidServ) C:\WINDOWS\System32\hidserv.dll - (File not found))
(LanmanServer) C:\WINDOWS\System32\srvsvc.dll - (Microsoft Corporation )
(LanmanWorkstation) C:\WINDOWS\System32\wkssvc.dll - (Microsoft Corporation )
(Messenger) C:\WINDOWS\System32\msgsvc.dll - (Microsoft Corporation )
(MHN) C:\WINDOWS\System32\mhn.dll - (Microsoft Corporation )
(Netman) C:\WINDOWS\System32\netman.dll - (Microsoft Corporation )
(Nla) C:\WINDOWS\System32\mswsock.dll - (Microsoft Corporation )
(NtmsSvc) C:\WINDOWS\system32\ntmssvc.dll - (Microsoft Corporation )
(RasAuto) C:\WINDOWS\System32\rasauto.dll - (Microsoft Corporation )
(RasMan) C:\WINDOWS\System32\rasmans.dll - (Microsoft Corporation )
(RemoteAccess) C:\WINDOWS\System32\mprdim.dll - (Microsoft Corporation )
(Schedule) C:\WINDOWS\system32\schedsvc.dll - (Microsoft Corporation )
(seclogon) C:\WINDOWS\System32\seclogon.dll - (Microsoft Corporation )
(SENS) C:\WINDOWS\system32\sens.dll - (Microsoft Corporation )
(SharedAccess) C:\WINDOWS\System32\ipnathlp.dll - (Microsoft Corporation )
(ShellHWDetection) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(srservice) C:\WINDOWS\system32\srsvc.dll - (Microsoft Corporation )
(TapiSrv) C:\WINDOWS\System32\tapisrv.dll - (Microsoft Corporation )
(Themes) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(TrkWks) C:\WINDOWS\system32\trkwks.dll - (Microsoft Corporation )
(w32time) C:\WINDOWS\system32\w32time.dll - (Microsoft Corporation )
(winmgmt) C:\WINDOWS\system32\wbem\WMIsvc.dll - (Microsoft Corporation )
(WmdmPmSN) C:\WINDOWS\system32\MsPMSNSv.dll - (Microsoft Corporation )
(Wmi) C:\WINDOWS\System32\advapi32.dll - (Microsoft Corporation )
(wscsvc) C:\WINDOWS\system32\wscsvc.dll - (Microsoft Corporation )
(wuauserv) C:\WINDOWS\system32\wuauserv.dll - (Microsoft Corporation )
(WZCSVC) C:\WINDOWS\System32\wzcsvc.dll - (Microsoft Corporation )
(xmlprov) C:\WINDOWS\System32\xmlprov.dll - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] - (Microsoft Corporation )
(Dnscache) C:\WINDOWS\System32\dnsrslvr.dll - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] - (Microsoft Corporation )
(Alerter) C:\WINDOWS\system32\alrsvc.dll - (Microsoft Corporation )
(LmHosts) C:\WINDOWS\System32\lmhsvc.dll - (Microsoft Corporation )
(RemoteRegistry) C:\WINDOWS\system32\regsvc.dll - (Microsoft Corporation )
(SSDPSRV) C:\WINDOWS\System32\ssdpsrv.dll - (Microsoft Corporation )
(upnphost) C:\WINDOWS\System32\upnphost.dll - (Microsoft Corporation )
(WebClient) C:\WINDOWS\System32\webclnt.dll - (Microsoft Corporation )
c:\windows\system32\lexbces.exe - (Lexmark International, Inc. )
c:\windows\system32\spoolsv.exe - (Microsoft Corporation )
c:\windows\system32\lexpps.exe - (Lexmark International, Inc. )
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe - (Anti-Malware Development a.s. )
c:\progra~1\grisoft\avg7\avgamsvr.exe - (GRISOFT, s.r.o. )
c:\progra~1\grisoft\avg7\avgupsvc.exe - (GRISOFT, s.r.o. )
c:\windows\ehome\ehrecvr.exe - (Microsoft Corporation )
c:\windows\ehome\ehsched.exe - (Microsoft Corporation )
c:\progra~1\effici~1\entern~1\app\pppoeservice.exe - ( )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] - (Microsoft Corporation )
(Alerter) C:\WINDOWS\system32\alrsvc.dll - (Microsoft Corporation )
(LmHosts) C:\WINDOWS\System32\lmhsvc.dll - (Microsoft Corporation )
(RemoteRegistry) C:\WINDOWS\system32\regsvc.dll - (Microsoft Corporation )
(SSDPSRV) C:\WINDOWS\System32\ssdpsrv.dll - (Microsoft Corporation )
(upnphost) C:\WINDOWS\System32\upnphost.dll - (Microsoft Corporation )
(WebClient) C:\WINDOWS\System32\webclnt.dll - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] - (Microsoft Corporation )
(stisvc) C:\WINDOWS\system32\wiaservc.dll - (Microsoft Corporation )
c:\windows\ehome\mcrdsvc.exe - (Microsoft Corporation )
c:\windows\system32\dllhost.exe - (Microsoft Corporation )
c:\windows\system32\alg.exe - (Microsoft Corporation )
c:\windows\explorer.exe - (Microsoft Corporation )
c:\windows\ehome\ehtray.exe - (Microsoft Corporation )
c:\program files\java\jre1.5.0_08\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\windows\stsystra.exe - (SigmaTel, Inc. )
c:\program files\intel\modem event monitor\intelmem.exe - (Intel Corporation )
c:\program files\cyberlink\powerdvd\dvdlauncher.exe - (CyberLink Corp. )
c:\windows\ehome\ehmsas.exe - (Microsoft Corporation )
c:\windows\system32\dla\tfswctrl.exe - (Sonic Solutions )
c:\program files\common files\installshield\updateservice\issch.exe - (InstallShield Software Corporation )
c:\program files\2wire\2portalmon.exe - (2Wire, Inc. )
c:\program files\messenger\msmsgs.exe - (Microsoft Corporation )
c:\program files\mozilla firefox\firefox.exe - (Mozilla Corporation )
c:\documents and settings\paul diamond\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.yahoo.com/
HKLM->Main\\Search Bar - http://us.rd.yahoo.c...rch/search.html
HKLM->Main\\Search Page -
HKLM->Main\\Default_Page_URL - http://www.microsoft...p...&ar=msnhome
HKLM->Main\\Default_Search_URL - http://www.microsoft...amp;ar=iesearch
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page - http://www.gotwoot.com/
HKCU->Main\\Search Bar - http://www.google.com/ie
HKCU->Main\\Search Page - http://www.google.com
HKCU->Main\\Default_Page_URL - http://www.google.com/ig/dell?hl=en
HKCU->Main\\Local Page - C:\WINDOWS\system32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm
HKLM->Search\\SearchAssistant - http://www.google.com/ie
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0

[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited )
{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions )
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc. )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Data - Key not found = Reg Data - Key not found (File not found)
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Data - Key not found = Reg Data - Key not found (File not found)
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
ShellBrowser\\{5CBE2611-C31B-401F-89BC-4CBB25E853D7} - Reg Data - Key not found = Reg Data - Key not found (File not found)
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = Reg Data - Key not found (File not found)

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 - Sun Java Console
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8194 - Reg Data - Value does not exist
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 - Windows Messenger
NextId - 8195

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = Reg Data - Key not found (File not found)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc. )
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - MenuText: Reg Data - Value does not exist = Reg Data - Key not found (File not found)
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )

[HKCU-> Internet Explorer Menu Extensions]
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 (Microsoft Corporation )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data - Key not found (File not found)
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data - Key not found (File not found)
{32020A01-506E-484D-A2A8-BE3CF17601C3} - AlcoholShellEx = Reg Data - Key not found (File not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found)
{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions )
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data - Key not found (File not found)
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data - Key not found (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data - Key not found (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc. )
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{B8323370-FF27-11D2-97B6-204C4F4F5020} - SmartFTP Shell Extension DLL = C:\Program Files\SmartFTP Client 2.0\smarthook.dll (File not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
* - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. )
* - HexWorkshopContextMenu - {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} = C:\Program Files\BreakPoint Software\Hex Workshop 4.2\hwext.dll (BreakPoint Software, Inc. )
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Directory - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. )
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\system32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\!AVG Anti-Spyware - "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized (Anti-Malware Development a.s. )
HKLM->Run\\2wSysTray - C:\Program Files\2Wire\2PortalMon.exe (2Wire, Inc. )
HKLM->Run\\ATIPTA - "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc. )
HKLM->Run\\AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o. )
HKLM->Run\\DAEMON Tools - "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd. )
HKLM->Run\\dla - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions )
HKLM->Run\\DVDLauncher - "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp. )
HKLM->Run\\ehTray - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation )
HKLM->Run\\IntelMeM - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation )
HKLM->Run\\IPInSightMonitor 01 - "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" (File not found)
HKLM->Run\\ISUSPM Startup - "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation )
HKLM->Run\\ISUSScheduler - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation )
HKLM->Run\\Lexmark X6100 Series - "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" (Lexmark International, Inc. )
HKLM->Run\\NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\RecoverFromReboo - C:\WINDOWS\Temp\RECOVE~1.EXE ( )
HKLM->Run\\SigmatelSysTrayApp - stsystra.exe (SigmaTel, Inc. )
HKLM->Run\\SunJavaUpdateSched - "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" (Sun Microsystems, Inc. )
HKLM->Run\\TkBellExe - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc. )
HKLM->RunOnce\\SpybotSnD - "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck (Safer Networking Limited )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\DellSupport - "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd. )
HKCU->Run\\MSMSGS - "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation )
HKCU->Run\\MsnMsgr - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation )
HKCU->Run\\Steam - "c:\program files\steam\steam.exe" -silent (Valve Corporation )
HKCU->Run\\Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet ( )

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]
AppInit_DLL - (File not found)

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s. )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;

[PendingFileRenameOperations]

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]

[>> User Agent Post Platform <<]
SV1 -

[>> Winlogon <<]
HMLM->AltDefaultDomainName - FAMILY
HMLM->AltDefaultUserName - Paul Diamond
HMLM->AutoAdminLogon - Reg Data - Value does not exist
HMLM->DefaultDomainName - FAMILY
HMLM->DefaultUserName - Paul Diamond
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{51C14A4F-E66E-473F-B141-3D230184857E} - ()
{6BB8E22C-C625-42E0-A8B8-E7F5A7E02692} - (Intel® PRO/100 VE Network Connection)
{883CAD64-6C8F-49F1-BFDC-8D2A0639CA67} - ()

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 (Tcpip) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 (NTDS) - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 (Network Location Awareness (NLA) Namespace) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\00000000001 - 225,5temRoot%\system32\mswsock.dll (File not found)
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found)
msdaipp - (File not found)

[>> Protocol Filters (Non-Microsoft only) <<]

< All Services >
Abiosdsk (Abiosdsk) - (File not found)) [Disabled - Stopped - Kernel driver]
abp480n5 (abp480n5) - \SystemRoot\system32\DRIVERS\ABP480N5.SYS (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Microsoft ACPI Driver (ACPI) - \SystemRoot\system32\DRIVERS\ACPI.sys (Microsoft Corporation ) [ - Running - Kernel driver]
ACPIEC (ACPIEC) - (File not found)) [Disabled - Stopped - Kernel driver]
adpu160m (adpu160m) - \SystemRoot\system32\DRIVERS\adpu160m.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Microsoft Kernel Acoustic Echo Canceller (aec) - system32\drivers\aec.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
AFD (AFD) - \SystemRoot\System32\drivers\afd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Intel AGP Bus Filter (agp440) - \SystemRoot\system32\DRIVERS\agp440.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Compaq AGP Bus Filter (agpCPQ) - \SystemRoot\system32\DRIVERS\agpCPQ.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Aha154x (Aha154x) - \SystemRoot\system32\DRIVERS\aha154x.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
aic78u2 (aic78u2) - \SystemRoot\system32\DRIVERS\aic78u2.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
aic78xx (aic78xx) - \SystemRoot\system32\DRIVERS\aic78xx.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Alerter (Alerter) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Application Layer Gateway Service (ALG) - C:\WINDOWS\System32\alg.exe (Microsoft Corporation ) [On Demand - Running - Win32, running in it's own process]
AliIde (AliIde) - \SystemRoot\system32\DRIVERS\aliide.sys (Acer Laboratories Inc. ) [Disabled - Stopped - Kernel driver]
ALI AGP Bus Filter (alim1541) - \SystemRoot\system32\DRIVERS\alim1541.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
AMD AGP Bus Filter Driver (amdagp) - \SystemRoot\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc. ) [Disabled - Stopped - Kernel driver]
amsint (amsint) - \SystemRoot\system32\DRIVERS\amsint.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Application Management (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
asc (asc) - \SystemRoot\system32\DRIVERS\asc.sys (Advanced System Products, Inc. ) [Disabled - Stopped - Kernel driver]
asc3350p (asc3350p) - \SystemRoot\system32\DRIVERS\asc3350p.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
asc3550 (asc3550) - \SystemRoot\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc. ) [Disabled - Stopped - Kernel driver]
ASP.NET State Service (aspnet_state) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
RAS Asynchronous Media Driver (AsyncMac) - system32\DRIVERS\asyncmac.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Standard IDE/ESDI Hard Disk Controller (atapi) - \SystemRoot\system32\DRIVERS\atapi.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Atdisk (Atdisk) - (File not found)) [Disabled - Stopped - Kernel driver]
Ati HotKey Poller (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc. ) [Automatic - Running - Win32, running in it's own process]
ati2mtag (ati2mtag) - system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc. ) [On Demand - Running - Kernel driver]
ATM ARP Client Protocol (Atmarpc) - system32\DRIVERS\atmarpc.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Audio Stub Driver (audstub) - system32\DRIVERS\audstub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ( ) [ - Running - Kernel driver]
AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
AVG7 Alert Manager Server (Avg7Alrt) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
AVG7 Kernel (Avg7Core) - \SystemRoot\System32\Drivers\avg7core.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver]
AVG7 Wrap Driver (Avg7RsW) - \SystemRoot\System32\Drivers\avg7rsw.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver]
AVG7 Resident Driver XP (Avg7RsXP) - \SystemRoot\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver]
AVG7 Update Service (Avg7UpdSvc) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
AVG Anti-Spyware Clean Driver (AvgAsCln) - System32\DRIVERS\AvgAsCln.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver]
AVG7 Clean Driver (AvgClean) - \SystemRoot\system32\drivers\avgclnit.sys (File not found)) [ - Stopped - Kernel driver]
Beep (Beep) - (File not found)) [ - Running - Kernel driver]
Background Intelligent Transfer Service (BITS) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Computer Browser (Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
bvrp_pci (bvrp_pci) - (File not found)) [On Demand - Stopped - Kernel driver]
cbidf (cbidf) - \SystemRoot\system32\DRIVERS\cbidf2k.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
cbidf2k (cbidf2k) - (File not found)) [Disabled - Stopped - Kernel driver]
Closed Caption Decoder (CCDECODE) - system32\DRIVERS\CCDECODE.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
cd20xrnt (cd20xrnt) - \SystemRoot\system32\DRIVERS\cd20xrnt.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Cdaudio (Cdaudio) - (File not found)) [ - Stopped - Kernel driver]
Cdfs (Cdfs) - (File not found)) [Disabled - Running - Filesystem driver]
CD-ROM Driver (Cdrom) - system32\DRIVERS\cdrom.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Changer (Changer) - (File not found)) [ - Stopped - Kernel driver]
Indexing Service (CiSvc) - C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in it's own process]
CmdIde (CmdIde) - \SystemRoot\system32\DRIVERS\cmdide.sys (CMD Technology, Inc. ) [Disabled - Stopped - Kernel driver]
COM+ System Application (COMSysApp) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (Microsoft Corporation ) [On Demand - Running - Win32, running in it's own process]
Cpqarray (Cpqarray) - \SystemRoot\system32\DRIVERS\cpqarray.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Cryptographic Services (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
dac2w2k (dac2w2k) - \SystemRoot\system32\DRIVERS\dac2w2k.sys (Mylex Corporation ) [Disabled - Stopped - Kernel driver]
dac960nt (dac960nt) - \SystemRoot\system32\DRIVERS\dac960nt.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Veo Stingray/Connect Web Camera (DCamUSBVeo532) - System32\Drivers\ubVeo532.sys (IC Media Corporation ) [On Demand - Stopped - Kernel driver]
DCOM Server Process Launcher (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
DHCP Client (Dhcp) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Disk Driver (Disk) - \SystemRoot\system32\DRIVERS\disk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Logical Disk Manager Administrative Service (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com (Microsoft Corp., Veritas Software ) [On Demand - Stopped - Win32, running in a shared process]
dmboot (dmboot) - System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software ) [Disabled - Stopped - Kernel driver]
Logical Disk Manager Driver (dmio) - \SystemRoot\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software ) [ - Running - Kernel driver]
dmload (dmload) - \SystemRoot\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software. ) [ - Running - Kernel driver]
Logical Disk Manager (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Microsoft Kernel DLS Syntheiszer (DMusic) - system32\drivers\DMusic.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
DNS Client (Dnscache) - C:\WINDOWS\system32\svchost.exe -k NetworkService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
dpti2o (dpti2o) - \SystemRoot\system32\DRIVERS\dpti2o.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Microsoft Kernel DRM Audio Descrambler (drmkaud) - system32\drivers\drmkaud.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
drvmcdb (drvmcdb) - \SystemRoot\system32\drivers\drvmcdb.sys (Sonic Solutions ) [ - Running - Kernel driver]
drvnddm (drvnddm) - system32\drivers\drvnddm.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
dtscsi (dtscsi) - \SystemRoot\System32\Drivers\dtscsi.sys ( ) [On Demand - Running - Kernel driver]
Intel® PRO Network Connection Driver (E100B) - system32\DRIVERS\e100b325.sys (Intel Corporation ) [On Demand - Running - Kernel driver]
EagleNT (EagleNT) - \??\C:\WINDOWS\system32\drivers\EagleNT.sys (File not found)) [On Demand - Stopped - Kernel driver]
Media Center Receiver Service (ehRecvr) - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
Media Center Scheduler Service (ehSched) - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
Error Reporting Service (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Event Log (Eventlog) - C:\WINDOWS\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
COM+ Event System (EventSystem) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Fastfat (Fastfat) - (File not found)) [Disabled - Stopped - Filesystem driver]
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Fax (Fax) - C:\WINDOWS\system32\fxssvc.exe (Microsoft Corporation ) [Automatic - Stopped - Win32, running in it's own process]
Floppy Disk Controller Driver (Fdc) - system32\DRIVERS\fdc.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Fips (Fips) - (File not found)) [ - Running - Kernel driver]
Floppy Disk Driver (Flpydisk) - system32\DRIVERS\flpydisk.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
FltMgr (FltMgr) - \SystemRoot\system32\DRIVERS\fltMgr.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Volume Manager Driver (Ftdisk) - \SystemRoot\system32\DRIVERS\ftdisk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Generic Packet Classifier (Gpc) - system32\DRIVERS\msgpc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft UAA Bus Driver for High Definition Audio (HDAudBus) - system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider ) [On Demand - Running - Kernel driver]
Help and Support (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Human Interface Device Access (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Microsoft HID Class Driver (HidUsb) - system32\DRIVERS\hidusb.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
hpn (hpn) - \SystemRoot\system32\DRIVERS\hpn.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
HTTP (HTTP) - System32\Drivers\HTTP.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
i2omgmt (i2omgmt) - (File not found)) [ - Running - Kernel driver]
i2omp (i2omp) - \SystemRoot\system32\DRIVERS\i2omp.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
i8042 Keyboard and PS/2 Mouse Port Driver (i8042prt) - system32\DRIVERS\i8042prt.sys (Microsoft Corporation ) [ - Stopped - Kernel driver]
InstallDriver Table Manager (IDriverT) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (Macrovision Corporation ) [On Demand - Stopped - Win32, running in it's own process]
CD-Burning Filter Driver (Imapi) - system32\DRIVERS\imapi.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IMAPI CD-Burning COM Service (ImapiService) - C:\WINDOWS\system32\imapi.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
ini910u (ini910u) - \SystemRoot\system32\DRIVERS\ini910u.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
IntelC51 (IntelC51) - system32\DRIVERS\IntelC51.sys (Intel Corporation ) [On Demand - Running - Kernel driver]
IntelC52 (IntelC52) - system32\DRIVERS\IntelC52.sys (Intel Corporation ) [On Demand - Running - Kernel driver]
IntelC53 (IntelC53) - system32\DRIVERS\IntelC53.sys (Intel Corporation ) [On Demand - Running - Kernel driver]
IntelIde (IntelIde) - \SystemRoot\system32\DRIVERS\intelide.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Intel Processor Driver (intelppm) - system32\DRIVERS\intelppm.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IPv6 Windows Firewall Driver (Ip6Fw) - system32\DRIVERS\Ip6Fw.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP Traffic Filter Driver (IpFilterDriver) - system32\DRIVERS\ipfltdrv.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP in IP Tunnel Driver (IpInIp) - system32\DRIVERS\ipinip.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP Network Address Translator (IpNat) - system32\DRIVERS\ipnat.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
IPSEC driver (IPSec) - system32\DRIVERS\ipsec.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IR Enumerator Service (IRENUM) - system32\DRIVERS\irenum.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
PnP ISA/EISA Bus Driver (isapnp) - \SystemRoot\system32\DRIVERS\isapnp.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Keyboard Class Driver (Kbdclass) - system32\DRIVERS\kbdclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Keyboard HID Driver (kbdhid) - system32\DRIVERS\kbdhid.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Microsoft Kernel Wave Audio Mixer (kmixer) - system32\drivers\kmixer.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
KSecDD (KSecDD) - (File not found)) [ - Running - Kernel driver]
Server (LanmanServer) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Workstation (LanmanWorkstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
lbrtfdc (lbrtfdc) - (File not found)) [ - Stopped - Kernel driver]
LexBce Server (LexBceS) - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc. ) [Automatic - Running - Win32, running in it's own process]
TCP/IP NetBIOS Helper (LmHosts) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Media Center Extender Service (McrdSvc) - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
AEGIS Protocol (IEEE 802.1x) v2.3.1.9 (MDC8021X) - system32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications ) [Automatic - Running - Kernel driver]
Messenger (Messenger) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
MHN (MHN) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
MHN driver (MHNDRV) - system32\DRIVERS\mhndrv.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
mnmdd (mnmdd) - (File not found)) [ - Running - Kernel driver]
NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Modem (Modem) - (File not found)) [On Demand - Running - Kernel driver]
Unimodem Streaming Filter Device (MODEMCSA) - system32\drivers\MODEMCSA.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
mohfilt (mohfilt) - system32\DRIVERS\mohfilt.sys (Intel Corporation ) [On Demand - Running - Kernel driver]
Mouse Class Driver (Mouclass) - system32\DRIVERS\mouclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Mouse HID Driver (mouhid) - system32\DRIVERS\mouhid.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
MountMgr (MountMgr) - (File not found)) [ - Running - Kernel driver]
mraid35x (mraid35x) - \SystemRoot\system32\DRIVERS\mraid35x.sys (American Megatrends Inc. ) [Disabled - Stopped - Kernel driver]
WebDav Client Redirector (MRxDAV) - system32\DRIVERS\mrxdav.sys (Microsoft Corporation ) [On Demand - Running - Filesystem driver]
MRXSMB (MRxSmb) - system32\DRIVERS\mrxsmb.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Msfs (Msfs) - (File not found)) [ - Running - Filesystem driver]
Windows Installer (MSIServer) - C:\WINDOWS\system32\msiexec.exe /V (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Microsoft Streaming Service Proxy (MSKSSRV) - system32\drivers\MSKSSRV.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Clock Proxy (MSPCLOCK) - system32\drivers\MSPCLOCK.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Quality Manager Proxy (MSPQM) - system32\drivers\MSPQM.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft System Management BIOS Driver (mssmbios) - system32\DRIVERS\mssmbios.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft Streaming Tee/Sink-to-Sink Converter (MSTEE) - system32\drivers\MSTEE.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Mup (Mup) - (File not found)) [ - Running - Filesystem driver]
NABTS/FEC VBI Codec (NABTSFEC) - system32\DRIVERS\NABTSFEC.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
NDIS System Driver (NDIS) - (File not found)) [ - Running - Kernel driver]
Microsoft TV/Video Connection (NdisIP) - system32\DRIVERS\NdisIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Remote Access NDIS TAPI Driver (NdisTapi) - system32\DRIVERS\ndistapi.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
NDIS Usermode I/O Protocol (Ndisuio) - system32\DRIVERS\ndisuio.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Remote Access NDIS WAN Driver (NdisWan) - system32\DRIVERS\ndiswan.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
NDIS Proxy (NDProxy) - (File not found)) [On Demand - Running - Kernel driver]
NetBIOS Interface (NetBIOS) - system32\DRIVERS\netbios.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
NetBios over Tcpip (NetBT) - system32\DRIVERS\netbt.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Network DDE (NetDDE) - C:\WINDOWS\system32\netdde.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Network DDE DSDM (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Net Logon (Netlogon) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Network Connections (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Intel NCS NetService (NetSvc) - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Network Location Awareness (NLA) (Nla) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Npfs (Npfs) - (File not found)) [ - Running - Filesystem driver]
npkcrypt (npkcrypt) - \??\C:\Program Files\Gravity\RO\npkcrypt.sys (File not found)) [On Demand - Stopped - Kernel driver]
NPPTNT2 (NPPTNT2) - \??\C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd. ) [ - Running - Kernel driver]
Ntfs (Ntfs) - (File not found)) [Disabled - Running - Filesystem driver]
NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Removable Storage (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver (NTSPPPOE) - system32\DRIVERS\ntspppoe.sys (Efficient Networks, Inc. ) [On Demand - Stopped - Kernel driver]
NTSTPL1 (NTSTPL1) - \??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\NTSTPL1.SYS (Network TeleSystems, Inc. ) [On Demand - Stopped - Kernel driver]
NTSTPL2 (NTSTPL2) - \??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\NTSTPL2.SYS (Network TeleSystems, Inc. ) [On Demand - Stopped - Kernel driver]
Null (Null) - (File not found)) [ - Running - Kernel driver]
nv (nv) - system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation ) [On Demand - Stopped - Kernel driver]
IPX Traffic Filter Driver (NwlnkFlt) - system32\DRIVERS\nwlnkflt.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IPX Traffic Forwarder Driver (NwlnkFwd) - system32\DRIVERS\nwlnkfwd.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Parallel port driver (Parport) - system32\DRIVERS\parport.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
PartMgr (PartMgr) - (File not found)) [ - Running - Kernel driver]
ParVdm (ParVdm) - (File not found)) [Disabled - Stopped - Kernel driver]
PCI Bus Driver (PCI) - \SystemRoot\system32\DRIVERS\pci.sys (Microsoft Corporation ) [ - Running - Kernel driver]
PCIDump (PCIDump) - (File not found)) [ - Stopped - Kernel driver]
PCIIde (PCIIde) - \SystemRoot\system32\DRIVERS\pciide.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Pcmcia (Pcmcia) - (File not found)) [Disabled - Stopped - Kernel driver]
PDCOMP (PDCOMP) - (File not found)) [On Demand - Stopped - Kernel driver]
PDFRAME (PDFRAME) - (File not found)) [On Demand - Stopped - Kernel driver]
PDRELI (PDRELI) - (File not found)) [On Demand - Stopped - Kernel driver]
PDRFRAME (PDRFRAME) - (File not found)) [On Demand - Stopped - Kernel driver]
perc2 (perc2) - \SystemRoot\system32\DRIVERS\perc2.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
perc2hib (perc2hib) - \SystemRoot\system32\DRIVERS\perc2hib.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
IPSEC Services (PolicyAgent) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
PPPoE Service (PPPoEService) - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe ( ) [Automatic - Running - Win32, running in it's own process]
WAN Miniport (PPTP) (PptpMiniport) - system32\DRIVERS\raspptp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Protected Storage (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Direct Parallel Link Driver (Ptilink) - system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc. ) [On Demand - Running - Kernel driver]
PxHelp20 (PxHelp20) - \SystemRoot\System32\Drivers\PxHelp20.sys (Sonic Solutions ) [ - Running - Kernel driver]
ql1080 (ql1080) - \SystemRoot\system32\DRIVERS\ql1080.sys (QLogic Corporation ) [Disabled - Stopped - Kernel driver]
Ql10wnt (Ql10wnt) - \SystemRoot\system32\DRIVERS\ql10wnt.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
ql12160 (ql12160) - \SystemRoot\system32\DRIVERS\ql12160.sys (QLogic Corporation ) [Disabled - Stopped - Kernel driver]
ql1240 (ql1240) - \SystemRoot\system32\DRIVERS\ql1240.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
ql1280 (ql1280) - \SystemRoot\system32\DRIVERS\ql1280.sys (QLogic Corporation ) [Disabled - Stopped - Kernel driver]
Remote Access Auto Connection Driver (RasAcd) - system32\DRIVERS\rasacd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Remote Access Auto Connection Manager (RasAuto) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
WAN Miniport (L2TP) (Rasl2tp) - system32\DRIVERS\rasl2tp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Remote Access Connection Manager (RasMan) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Remote Access PPPOE Driver (RasPppoe) - system32\DRIVERS\raspppoe.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Direct Parallel (Raspti) - system32\DRIVERS\raspti.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
RAWESR (RAWESR) - \??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS (Microsoft Corporation (Sample) ) [On Demand - Stopped - Kernel driver]
Rdbss (Rdbss) - system32\DRIVERS\rdbss.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
RDPCDD (RDPCDD) - System32\DRIVERS\RDPCDD.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Terminal Server Device Redirector Driver (rdpdr) - system32\DRIVERS\rdpdr.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
RDPWD (RDPWD) - (File not found)) [On Demand - Stopped - Kernel driver]
Remote Desktop Help Session Manager (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Digital CD Audio Playback Filter Driver (redbook) - system32\DRIVERS\redbook.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Routing and Remote Access (RemoteAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Remote Registry (RemoteRegistry) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Remote Procedure Call (RPC) Locator (RpcLocator) - C:\WINDOWS\system32\locator.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Remote Procedure Call (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
QoS RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Security Accounts Manager (SamSs) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Smart Card (SCardSvr) - C:\WINDOWS\System32\SCardSvr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Task Scheduler (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Secdrv (Secdrv) - system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. ) [Automatic - Running - Kernel driver]
Secondary Logon (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
System Event Notification (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Serenum Filter Driver (serenum) - system32\DRIVERS\serenum.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Serial port driver (Serial) - system32\DRIVERS\serial.sys (Microsoft Corporation ) [ - Stopped - Kernel driver]
StarForce Protection Environment Driver (version 1.x) (sfdrv01) - \SystemRoot\System32\drivers\sfdrv01.sys (Protection Technology ) [ - Running - Kern
  • 0

#8
Paulyboy

Paulyboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
el driver]
StarForce Protection Environment Driver (version 1.x) (sfdrv01) - \SystemRoot\System32\drivers\sfdrv01.sys (Protection Technology ) [ - Running - Kernel driver]
StarForce Protection Helper Driver (version 2.x) (sfhlp02) - \SystemRoot\System32\drivers\sfhlp02.sys (Protection Technology ) [ - Running - Kernel driver]
Sfloppy (Sfloppy) - (File not found)) [ - Stopped - Kernel driver]
StarForce Protection VFS Driver (version 2.x) (sfvfs02) - \SystemRoot\System32\drivers\sfvfs02.sys (Protection Technology ) [ - Running - Kernel driver]
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Shell Hardware Detection (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Simbad (Simbad) - (File not found)) [Disabled - Stopped - Kernel driver]
SIS AGP Bus Filter (sisagp) - \SystemRoot\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation ) [Disabled - Stopped - Kernel driver]
BDA Slip De-Framer (SLIP) - system32\DRIVERS\SLIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Sparrow (Sparrow) - \SystemRoot\system32\DRIVERS\sparrow.sys (Adaptec, Inc. ) [Disabled - Stopped - Kernel driver]
Microsoft Kernel Audio Splitter (splitter) - system32\drivers\splitter.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
sptd (sptd) - \SystemRoot\System32\Drivers\sptd.sys ( ) [ - Running - Kernel driver]
System Restore Filter Driver (sr) - \SystemRoot\system32\DRIVERS\sr.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
System Restore Service (srservice) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Srv (Srv) - system32\DRIVERS\srv.sys (Microsoft Corporation ) [On Demand - Running - Filesystem driver]
sscdbhk5 (sscdbhk5) - system32\drivers\sscdbhk5.sys (Sonic Solutions ) [ - Running - Filesystem driver]
SSDP Discovery Service (SSDPSRV) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
ssrtln (ssrtln) - system32\drivers\ssrtln.sys (Sonic Solutions ) [ - Running - Filesystem driver]
High Definition Audio Driver (WDM) - SigmaTel CODEC (STHDA) - system32\drivers\sthda.sys (SigmaTel, Inc. ) [On Demand - Running - Kernel driver]
Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\system32\svchost.exe -k imgsvc (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
BDA IPSink (streamip) - system32\DRIVERS\StreamIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Software Bus Driver (swenum) - system32\DRIVERS\swenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft Kernel GS Wavetable Synthesizer (swmidi) - system32\drivers\swmidi.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\system32\dllhost.exe /Processid:{6F6160A9-C71A-4D34-91A0-5B9E71074979} (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
symc810 (symc810) - \SystemRoot\system32\DRIVERS\symc810.sys (Symbios Logic Inc. ) [Disabled - Stopped - Kernel driver]
symc8xx (symc8xx) - \SystemRoot\system32\DRIVERS\symc8xx.sys (LSI Logic ) [Disabled - Stopped - Kernel driver]
sym_hi (sym_hi) - \SystemRoot\system32\DRIVERS\sym_hi.sys (LSI Logic ) [Disabled - Stopped - Kernel driver]
sym_u3 (sym_u3) - \SystemRoot\system32\DRIVERS\sym_u3.sys (LSI Logic ) [Disabled - Stopped - Kernel driver]
Microsoft Kernel System Audio Device (sysaudio) - system32\drivers\sysaudio.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Performance Logs and Alerts (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
TAPBIND (TAPBIND) - \??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\TAPBIND1.SYS (Network TeleSystems, Inc. ) [On Demand - Stopped - Kernel driver]
Telephony (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
TCP/IP Protocol Driver (Tcpip) - system32\DRIVERS\tcpip.sys (Microsoft Corporation ) [ - Running - Kernel driver]
TDPIPE (TDPIPE) - (File not found)) [On Demand - Stopped - Kernel driver]
TDTCP (TDTCP) - (File not found)) [On Demand - Stopped - Kernel driver]
Terminal Device Driver (TermDD) - system32\DRIVERS\termdd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Terminal Services (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
tfsnboio (tfsnboio) - system32\dla\tfsnboio.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsncofs (tfsncofs) - system32\dla\tfsncofs.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsndrct (tfsndrct) - system32\dla\tfsndrct.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsndres (tfsndres) - system32\dla\tfsndres.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsnifs (tfsnifs) - system32\dla\tfsnifs.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsnopio (tfsnopio) - system32\dla\tfsnopio.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsnpool (tfsnpool) - system32\dla\tfsnpool.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsnudf (tfsnudf) - system32\dla\tfsnudf.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsnudfa (tfsnudfa) - system32\dla\tfsnudfa.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
Themes (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Telnet (TlntSvr) - C:\WINDOWS\system32\tlntsvr.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in it's own process]
TosIde (TosIde) - \SystemRoot\system32\DRIVERS\toside.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Distributed Link Tracking Client (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Udfs (Udfs) - (File not found)) [Disabled - Stopped - Filesystem driver]
ultra (ultra) - \SystemRoot\system32\DRIVERS\ultra.sys (Promise Technology, Inc. ) [Disabled - Stopped - Kernel driver]
Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Microcode Update Driver (Update) - system32\DRIVERS\update.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Universal Plug and Play Device Host (upnphost) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Uninterruptible Power Supply (UPS) - C:\WINDOWS\System32\ups.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Microsoft USB Generic Parent Driver (usbccgp) - system32\DRIVERS\usbccgp.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver (usbehci) - system32\DRIVERS\usbehci.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
USB2 Enabled Hub (usbhub) - system32\DRIVERS\usbhub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft USB PRINTER Class (usbprint) - system32\DRIVERS\usbprint.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
USB Scanner Driver (usbscan) - system32\DRIVERS\usbscan.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
USB Mass Storage Driver (USBSTOR) - system32\DRIVERS\USBSTOR.SYS (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft USB Universal Host Controller Miniport Driver (usbuhci) - system32\DRIVERS\usbuhci.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
User Privilege Service (usprserv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
VgaSave (VgaSave) - \SystemRoot\System32\drivers\vga.sys (Microsoft Corporation ) [ - Running - Kernel driver]
VIA AGP Bus Filter (viaagp) - \SystemRoot\system32\DRIVERS\viaagp.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
ViaIde (ViaIde) - \SystemRoot\system32\DRIVERS\viaide.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
VolSnap (VolSnap) - (File not found)) [ - Running - Kernel driver]
Volume Shadow Copy (VSS) - C:\WINDOWS\System32\vssvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Windows Time (w32time) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Remote Access IP ARP Driver (Wanarp) - system32\DRIVERS\wanarp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
WAN Miniport (ATW) (wanatw) - system32\DRIVERS\wanatw4.sys (File not found)) [On Demand - Stopped - Kernel driver]
WDICA (WDICA) - (File not found)) [On Demand - Stopped - Kernel driver]
Microsoft WINMM WDM Audio Compatibility Driver (wdmaud) - system32\drivers\wdmaud.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
WebClient (WebClient) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Windows Management Instrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Windows Media Connect Service (WMConnectCDS) - C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Portable Media Serial Number Service (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Windows Management Instrumentation Driver Extensions (Wmi) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
WMI Performance Adapter (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Security Center (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
World Standard Teletext Codec (WSTCODEC) - system32\DRIVERS\WSTCODEC.SYS (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Automatic Updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Wireless Zero Configuration (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Network Provisioning Service (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
XTrapD12 (XTrapD12) - \??\C:\WINDOWS\system32\XTrapD12.sys (File not found)) [On Demand - Stopped - Kernel driver]

< Files >

%SystemDrive%

%ProgramFilesDir%

%WinDir%
C:\WINDOWS\IFinst27.exe - UPX! ( [Ver = | Size = 65536 bytes | Date = 3/11/2006 9:32:52 PM | Attr = ])

%System%
C:\WINDOWS\SYSTEM32\d3dx9_25.dll - aspack (Microsoft Corporation [Ver = 9.06.168.0000 | Size = 2337488 bytes | Date = 3/18/2005 4:19:58 PM | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_26.dll - aspack (Microsoft Corporation [Ver = 9.07.239.0000 | Size = 2297552 bytes | Date = 5/26/2005 2:34:52 PM | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_27.dll - aspack (Microsoft Corporation [Ver = 9.08.299.0000 | Size = 2319568 bytes | Date = 7/22/2005 6:59:04 PM | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_28.dll - aspack (Microsoft Corporation [Ver = 9.10.455.0000 | Size = 2323664 bytes | Date = 12/5/2005 5:09:18 PM | Attr = ])
C:\WINDOWS\SYSTEM32\dfrg.msc - PEC2 ( [Ver = | Size = 41397 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\LegitCheckControl.dll - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 571184 bytes | Date = 6/19/2006 3:19:42 PM | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - PECompact2 (Microsoft Corporation [Ver = 1.22.1632.0 | Size = 10474920 bytes | Date = 11/15/2006 11:20:40 PM | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.22.1632.0 | Size = 10474920 bytes | Date = 11/15/2006 11:20:40 PM | Attr = ])
C:\WINDOWS\SYSTEM32\ntbackup.exe - WSUD (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\ntdll.dll - aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\qtalt.ax - UPX! (Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Date = 4/30/2004 8:46:24 PM | Attr = ])
C:\WINDOWS\SYSTEM32\rasdlg.dll - Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\rmalt.ax - UPX! (Gabest [Ver = 1, 0, 0, 4 | Size = 116224 bytes | Date = 3/26/2004 3:32:36 PM | Attr = ])
C:\WINDOWS\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\WgaTray.exe - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 6/19/2006 3:19:26 PM | Attr = ])

%System%\Drivers folder and sub-folders
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - UPX! (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 11/2/2006 4:05:58 PM | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - FSG! (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 11/2/2006 4:05:58 PM | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - PEC2 (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 11/2/2006 4:05:58 PM | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - aspack (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 11/2/2006 4:05:58 PM | Attr = ])

%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\bootstat.dat - ( [Ver = | Size = 2048 bytes | Date = 11/23/2006 3:44:36 PM | Attr = S])
C:\WINDOWS\QTFont.qfn - ( [Ver = | Size = 54156 bytes | Date = 11/23/2006 11:57:02 AM | Attr = H ])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920213.cat - ( [Ver = | Size = 10965 bytes | Date = 10/16/2006 9:35:46 AM | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923980.cat - ( [Ver = | Size = 10965 bytes | Date = 10/13/2006 6:55:52 AM | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924270.cat - ( [Ver = | Size = 10259 bytes | Date = 10/13/2006 7:33:10 AM | Attr = S])
C:\WINDOWS\system32\config\default.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/23/2006 3:46:24 PM | Attr = H ])
C:\WINDOWS\system32\config\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/23/2006 3:45:44 PM | Attr = H ])
C:\WINDOWS\system32\config\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/24/2006 12:10:18 AM | Attr = H ])
C:\WINDOWS\system32\config\software.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/24/2006 12:32:30 AM | Attr = H ])
C:\WINDOWS\system32\config\system.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/23/2006 11:48:32 PM | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/20/2006 11:02:38 PM | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD - ( [Ver = | Size = 558 bytes | Date = 10/11/2006 2:00:34 AM | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD - ( [Ver = | Size = 146 bytes | Date = 10/11/2006 2:00:34 AM | Attr = S])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\5bde12fa-b001-4edc-8a46-6e4fb0dfce24 - ( [Ver = | Size = 388 bytes | Date = 11/5/2006 11:40:36 AM | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred - ( [Ver = | Size = 24 bytes | Date = 11/5/2006 11:40:36 AM | Attr = HS])
C:\WINDOWS\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 11/23/2006 3:44:36 PM | Attr = H ])

CPL files
C:\WINDOWS\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\cpl_moh.cpl - ( [Ver = | Size = 24576 bytes | Date = 9/18/2003 3:18:00 AM | Attr = R ])
C:\WINDOWS\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\ISUSPM.cpl - (InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 73728 bytes | Date = 6/10/2005 10:43:18 AM | Attr = ])
C:\WINDOWS\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 49265 bytes | Date = 7/26/2006 2:03:14 AM | Attr = ])
C:\WINDOWS\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\nwc.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\PPPoEService.cpl - ( [Ver = 1, 0, 0, 1 | Size = 155648 bytes | Date = 11/19/1999 1:54:12 PM | Attr = ])
C:\WINDOWS\SYSTEM32\PRApplet.cpl - (Intel® Corporation [Ver = 7.2.3.2 | Size = 77824 bytes | Date = 11/18/2004 10:02:36 AM | Attr = ])
C:\WINDOWS\SYSTEM32\stac97.cpl - (Sigmatel, Inc. [Ver = 1.0.4447.0 nd82 cp1 | Size = 143441 bytes | Date = 3/22/2005 5:22:44 AM | Attr = ])
C:\WINDOWS\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 5/26/2005 4:16:30 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 5/26/2005 4:16:30 AM | Attr = ])

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 8/16/2005 4:43:08 AM | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation [Ver = 10.0.2609 | Size = 83360 bytes | Date = 2/13/2001 1:01:04 AM | Attr = ])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Paul Diamond\Start Menu\Programs\Startup
C:\Documents and Settings\Paul Diamond\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 8/16/2005 4:43:08 AM | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Wininit.ini: Line 2 - [Rename]
Wininit.ini: Line 3 - NUL=
Wininit.ini: Line 4 - NUL=
Wininit.ini: Line 5 - NUL=
Wininit.ini: Line 6 - NUL=
Wininit.ini: Line 7 - NUL=
Wininit.ini: Line 8 - NUL=
Wininit.ini: Line 9 - NUL=
Wininit.ini: Line 10 - NUL=
Wininit.ini: Line 11 - NUL=
Wininit.ini: Line 12 - NUL=
Wininit.ini: Line 13 - NUL=
Wininit.ini: Line 14 - NUL=
Wininit.ini: Line 15 - NUL=
Wininit.ini: Line 16 - NUL=
Wininit.ini: Line 17 - NUL=
Wininit.ini: Line 18 - NUL=
Wininit.ini: Line 19 - NUL=
Wininit.ini: Line 20 - NUL=
Wininit.ini: Line 21 - NUL=
Wininit.ini: Line 22 - NUL=
Wininit.ini: Line 23 - NUL=
Config.nt: Line 54 - dos=high, umb
Config.nt: Line 55 - device=%SystemRoot%\system32\himem.sys
Config.nt: Line 56 - files=40
AutoExec.nt: Line 1 - @echo off
AutoExec.nt: Line 8 - lh %SystemRoot%\system32\mscdexnt.exe
AutoExec.nt: Line 11 - lh %SystemRoot%\system32\redir
AutoExec.nt: Line 14 - lh %SystemRoot%\system32\dosx
AutoExec.nt: Line 36 - SET BLASTER=A220 I5 D1 P330 T3

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 8/16/2005 4:33:26 AM | Attr = HS])
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache - ( [Ver = | Size = 1749 bytes | Date = 9/5/2006 11:24:58 PM | Attr = ])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Paul Diamond\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 8/16/2005 4:33:26 AM | Attr = HS])
C:\Documents and Settings\Paul Diamond\Application Data\PFP120JCM.{PB - ( [Ver = | Size = 12358 bytes | Date = 1/1/2006 6:11:22 PM | Attr = ])
C:\Documents and Settings\Paul Diamond\Application Data\PFP120JPR.{PB - ( [Ver = | Size = 61678 bytes | Date = 1/1/2006 6:11:22 PM | Attr = ])

Program Files Folder

Common Files Folder

DPF files
{00B71CFB-6864-4346-A978-C0A14556272C} - Checkers Class - CodeBase = http://messenger.zon...kr.cab31267.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\common\yinsthelper.dll
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://by108fd.bay10...es/MsnPUpld.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.micros...b?1158936539065
{76CB493D-11F7-4236-BDE4-7A5851B03FA9} - Launcher Class - CodeBase = http://cabalonline.n...WebLauncher.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/...indows-i586.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zon...nt.cab31267.cab
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/...indows-i586.cab
{CD995117-98E5-4169-9920-6C12D4C0B548} - HGPlugin9USA Class - CodeBase = http://gamedownload....GPlugin9USA.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.ma...ash/swflash.cab
{D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - Logout Class - CodeBase = http://www.gamengame...utComponent.cab

Hosts file = 734 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright © 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 1
Desktop\Components\0 -
Desktop\Components\0\\Source - About:Home
Desktop\Components\0\\SubscribedURL - About:Home
Desktop\Components\0\\FriendlyName - My Current Home Page
Desktop\Components\0\\Flags - 2
Desktop\Components\0\\Position - 2C 00 00 00 CC 00 00 00 00 00 00 00 34 03 00 00 E2 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 04 00 00 40
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00
Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 6A 02 00 00 23 00 00 00 A4 00 00 00 9A 00 00 00 01 00 00 00
Desktop\General -
Desktop\General\\BackupWallpaper - %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
Desktop\General\\WallpaperFileTime - 9A EC EE 69 07 AF C6 01
Desktop\General\\WallpaperLocalFileTime - 9A E4 18 81 DD AE C6 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 0
Desktop\General\\Wallpaper - %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
Desktop\General\\ComponentsPositioned - 1
Desktop\General\Settings -
Desktop\General\Settings\\Text Color 01 - 4
Desktop\General\Settings\\Text Color 02 - 2
Desktop\General\Settings\\Text Color 03 - 8
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 00 04 00 00 E2 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Ext -
policies\Ext\CLSID -
policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} - 1
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1
policies\system\\InstallVisualStyle - C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
policies\system\\InstallTheme - C:\WINDOWS\Resources\Themes\Royale.theme

KEY - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\System -
policies\System\\DisableRegistryTools - 0

KEY - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -

>>>>Output for AddOn file SID_Run_Policies.def<<<<

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -
Run\\AVG7_Run - C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run -
Run\\AVG7_Run - C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145

< End of report >

Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
sptd (sptd) - \SystemRoot\System32\Drivers\sptd.sys ( ) [ - Running - Kernel driver]
System Restore Filter Driver (sr) - \SystemRoot\system32\DRIVERS\sr.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
System Restore Service (srservice) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Srv (Srv) - system32\DRIVERS\srv.sys (Microsoft Corporation ) [On Demand - Running - Filesystem driver]
sscdbhk5 (sscdbhk5) - system32\drivers\sscdbhk5.sys (Sonic Solutions ) [ - Running - Filesystem driver]
SSDP Discovery Service (SSDPSRV) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
ssrtln (ssrtln) - system32\drivers\ssrtln.sys (Sonic Solutions ) [ - Running - Filesystem driver]
High Definition Audio Driver (WDM) - SigmaTel CODEC (STHDA) - system32\drivers\sthda.sys (SigmaTel, Inc. ) [On Demand - Running - Kernel driver]
Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\system32\svchost.exe -k imgsvc (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
BDA IPSink (streamip) - system32\DRIVERS\StreamIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Software Bus Driver (swenum) - system32\DRIVERS\swenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft Kernel GS Wavetable Synthesizer (swmidi) - system32\drivers\swmidi.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\system32\dllhost.exe /Processid:{6F6160A9-C71A-4D34-91A0-5B9E71074979} (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
symc810 (symc810) - \SystemRoot\system32\DRIVERS\symc810.sys (Symbios Logic Inc. ) [Disabled - Stopped - Kernel driver]
symc8xx (symc8xx) - \SystemRoot\system32\DRIVERS\symc8xx.sys (LSI Logic ) [Disabled - Stopped - Kernel driver]
sym_hi (sym_hi) - \SystemRoot\system32\DRIVERS\sym_hi.sys (LSI Logic ) [Disabled - Stopped - Kernel driver]
sym_u3 (sym_u3) - \SystemRoot\system32\DRIVERS\sym_u3.sys (LSI Logic ) [Disabled - Stopped - Kernel driver]
Microsoft Kernel System Audio Device (sysaudio) - system32\drivers\sysaudio.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Performance Logs and Alerts (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
TAPBIND (TAPBIND) - \??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\TAPBIND1.SYS (Network TeleSystems, Inc. ) [On Demand - Stopped - Kernel driver]
Telephony (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
TCP/IP Protocol Driver (Tcpip) - system32\DRIVERS\tcpip.sys (Microsoft Corporation ) [ - Running - Kernel driver]
TDPIPE (TDPIPE) - (File not found)) [On Demand - Stopped - Kernel driver]
TDTCP (TDTCP) - (File not found)) [On Demand - Stopped - Kernel driver]
Terminal Device Driver (TermDD) - system32\DRIVERS\termdd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Terminal Services (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
tfsnboio (tfsnboio) - system32\dla\tfsnboio.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsncofs (tfsncofs) - system32\dla\tfsncofs.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsndrct (tfsndrct) - system32\dla\tfsndrct.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsndres (tfsndres) - system32\dla\tfsndres.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsnifs (tfsnifs) - system32\dla\tfsnifs.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsnopio (tfsnopio) - system32\dla\tfsnopio.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsnpool (tfsnpool) - system32\dla\tfsnpool.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsnudf (tfsnudf) - system32\dla\tfsnudf.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
tfsnudfa (tfsnudfa) - system32\dla\tfsnudfa.sys (Sonic Solutions ) [Automatic - Running - Filesystem driver]
Themes (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Telnet (TlntSvr) - C:\WINDOWS\system32\tlntsvr.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in it's own process]
TosIde (TosIde) - \SystemRoot\system32\DRIVERS\toside.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Distributed Link Tracking Client (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Udfs (Udfs) - (File not found)) [Disabled - Stopped - Filesystem driver]
ultra (ultra) - \SystemRoot\system32\DRIVERS\ultra.sys (Promise Technology, Inc. ) [Disabled - Stopped - Kernel driver]
Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Microcode Update Driver (Update) - system32\DRIVERS\update.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Universal Plug and Play Device Host (upnphost) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Uninterruptible Power Supply (UPS) - C:\WINDOWS\System32\ups.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Microsoft USB Generic Parent Driver (usbccgp) - system32\DRIVERS\usbccgp.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver (usbehci) - system32\DRIVERS\usbehci.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
USB2 Enabled Hub (usbhub) - system32\DRIVERS\usbhub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft USB PRINTER Class (usbprint) - system32\DRIVERS\usbprint.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
USB Scanner Driver (usbscan) - system32\DRIVERS\usbscan.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
USB Mass Storage Driver (USBSTOR) - system32\DRIVERS\USBSTOR.SYS (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft USB Universal Host Controller Miniport Driver (usbuhci) - system32\DRIVERS\usbuhci.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
User Privilege Service (usprserv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
VgaSave (VgaSave) - \SystemRoot\System32\drivers\vga.sys (Microsoft Corporation ) [ - Running - Kernel driver]
VIA AGP Bus Filter (viaagp) - \SystemRoot\system32\DRIVERS\viaagp.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
ViaIde (ViaIde) - \SystemRoot\system32\DRIVERS\viaide.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
VolSnap (VolSnap) - (File not found)) [ - Running - Kernel driver]
Volume Shadow Copy (VSS) - C:\WINDOWS\System32\vssvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Windows Time (w32time) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Remote Access IP ARP Driver (Wanarp) - system32\DRIVERS\wanarp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
WAN Miniport (ATW) (wanatw) - system32\DRIVERS\wanatw4.sys (File not found)) [On Demand - Stopped - Kernel driver]
WDICA (WDICA) - (File not found)) [On Demand - Stopped - Kernel driver]
Microsoft WINMM WDM Audio Compatibility Driver (wdmaud) - system32\drivers\wdmaud.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
WebClient (WebClient) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Windows Management Instrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Windows Media Connect Service (WMConnectCDS) - C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Portable Media Serial Number Service (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Windows Management Instrumentation Driver Extensions (Wmi) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
WMI Performance Adapter (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Security Center (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
World Standard Teletext Codec (WSTCODEC) - system32\DRIVERS\WSTCODEC.SYS (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Automatic Updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Wireless Zero Configuration (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Network Provisioning Service (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
XTrapD12 (XTrapD12) - \??\C:\WINDOWS\system32\XTrapD12.sys (File not found)) [On Demand - Stopped - Kernel driver]

< Files >

%SystemDrive%

%ProgramFilesDir%

%WinDir%
C:\WINDOWS\IFinst27.exe - UPX! ( [Ver = | Size = 65536 bytes | Date = 3/11/2006 9:32:52 PM | Attr = ])

%System%
C:\WINDOWS\SYSTEM32\d3dx9_25.dll - aspack (Microsoft Corporation [Ver = 9.06.168.0000 | Size = 2337488 bytes | Date = 3/18/2005 4:19:58 PM | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_26.dll - aspack (Microsoft Corporation [Ver = 9.07.239.0000 | Size = 2297552 bytes | Date = 5/26/2005 2:34:52 PM | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_27.dll - aspack (Microsoft Corporation [Ver = 9.08.299.0000 | Size = 2319568 bytes | Date = 7/22/2005 6:59:04 PM | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_28.dll - aspack (Microsoft Corporation [Ver = 9.10.455.0000 | Size = 2323664 bytes | Date = 12/5/2005 5:09:18 PM | Attr = ])
C:\WINDOWS\SYSTEM32\dfrg.msc - PEC2 ( [Ver = | Size = 41397 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\LegitCheckControl.dll - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 571184 bytes | Date = 6/19/2006 3:19:42 PM | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - PECompact2 (Microsoft Corporation [Ver = 1.22.1632.0 | Size = 10474920 bytes | Date = 11/15/2006 11:20:40 PM | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.22.1632.0 | Size = 10474920 bytes | Date = 11/15/2006 11:20:40 PM | Attr = ])
C:\WINDOWS\SYSTEM32\ntbackup.exe - WSUD (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\ntdll.dll - aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\qtalt.ax - UPX! (Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Date = 4/30/2004 8:46:24 PM | Attr = ])
C:\WINDOWS\SYSTEM32\rasdlg.dll - Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\rmalt.ax - UPX! (Gabest [Ver = 1, 0, 0, 4 | Size = 116224 bytes | Date = 3/26/2004 3:32:36 PM | Attr = ])
C:\WINDOWS\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\WgaTray.exe - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 6/19/2006 3:19:26 PM | Attr = ])

%System%\Drivers folder and sub-folders
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - UPX! (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 11/2/2006 4:05:58 PM | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - FSG! (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 11/2/2006 4:05:58 PM | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - PEC2 (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 11/2/2006 4:05:58 PM | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\avg7core.sys - aspack (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 11/2/2006 4:05:58 PM | Attr = ])

%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\bootstat.dat - ( [Ver = | Size = 2048 bytes | Date = 11/23/2006 3:44:36 PM | Attr = S])
C:\WINDOWS\QTFont.qfn - ( [Ver = | Size = 54156 bytes | Date = 11/23/2006 11:57:02 AM | Attr = H ])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920213.cat - ( [Ver = | Size = 10965 bytes | Date = 10/16/2006 9:35:46 AM | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923980.cat - ( [Ver = | Size = 10965 bytes | Date = 10/13/2006 6:55:52 AM | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924270.cat - ( [Ver = | Size = 10259 bytes | Date = 10/13/2006 7:33:10 AM | Attr = S])
C:\WINDOWS\system32\config\default.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/23/2006 3:46:24 PM | Attr = H ])
C:\WINDOWS\system32\config\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/23/2006 3:45:44 PM | Attr = H ])
C:\WINDOWS\system32\config\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/24/2006 12:10:18 AM | Attr = H ])
C:\WINDOWS\system32\config\software.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/24/2006 12:32:30 AM | Attr = H ])
C:\WINDOWS\system32\config\system.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/23/2006 11:48:32 PM | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/20/2006 11:02:38 PM | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD - ( [Ver = | Size = 558 bytes | Date = 10/11/2006 2:00:34 AM | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD - ( [Ver = | Size = 146 bytes | Date = 10/11/2006 2:00:34 AM | Attr = S])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\5bde12fa-b001-4edc-8a46-6e4fb0dfce24 - ( [Ver = | Size = 388 bytes | Date = 11/5/2006 11:40:36 AM | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred - ( [Ver = | Size = 24 bytes | Date = 11/5/2006 11:40:36 AM | Attr = HS])
C:\WINDOWS\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 11/23/2006 3:44:36 PM | Attr = H ])

CPL files
C:\WINDOWS\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\cpl_moh.cpl - ( [Ver = | Size = 24576 bytes | Date = 9/18/2003 3:18:00 AM | Attr = R ])
C:\WINDOWS\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\ISUSPM.cpl - (InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 73728 bytes | Date = 6/10/2005 10:43:18 AM | Attr = ])
C:\WINDOWS\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.80.3 | Size = 49265 bytes | Date = 7/26/2006 2:03:14 AM | Attr = ])
C:\WINDOWS\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\nwc.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\PPPoEService.cpl - ( [Ver = 1, 0, 0, 1 | Size = 155648 bytes | Date = 11/19/1999 1:54:12 PM | Attr = ])
C:\WINDOWS\SYSTEM32\PRApplet.cpl - (Intel® Corporation [Ver = 7.2.3.2 | Size = 77824 bytes | Date = 11/18/2004 10:02:36 AM | Attr = ])
C:\WINDOWS\SYSTEM32\stac97.cpl - (Sigmatel, Inc. [Ver = 1.0.4447.0 nd82 cp1 | Size = 143441 bytes | Date = 3/22/2005 5:22:44 AM | Attr = ])
C:\WINDOWS\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\telephon.cpl -
  • 0

#9
Paulyboy

Paulyboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 5/26/2005 4:16:30 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 8/10/2004 5:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 5/26/2005 4:16:30 AM | Attr = ])

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 8/16/2005 4:43:08 AM | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation [Ver = 10.0.2609 | Size = 83360 bytes | Date = 2/13/2001 1:01:04 AM | Attr = ])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Paul Diamond\Start Menu\Programs\Startup
C:\Documents and Settings\Paul Diamond\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 8/16/2005 4:43:08 AM | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Wininit.ini: Line 2 - [Rename]
Wininit.ini: Line 3 - NUL=
Wininit.ini: Line 4 - NUL=
Wininit.ini: Line 5 - NUL=
Wininit.ini: Line 6 - NUL=
Wininit.ini: Line 7 - NUL=
Wininit.ini: Line 8 - NUL=
Wininit.ini: Line 9 - NUL=
Wininit.ini: Line 10 - NUL=
Wininit.ini: Line 11 - NUL=
Wininit.ini: Line 12 - NUL=
Wininit.ini: Line 13 - NUL=
Wininit.ini: Line 14 - NUL=
Wininit.ini: Line 15 - NUL=
Wininit.ini: Line 16 - NUL=
Wininit.ini: Line 17 - NUL=
Wininit.ini: Line 18 - NUL=
Wininit.ini: Line 19 - NUL=
Wininit.ini: Line 20 - NUL=
Wininit.ini: Line 21 - NUL=
Wininit.ini: Line 22 - NUL=
Wininit.ini: Line 23 - NUL=
Config.nt: Line 54 - dos=high, umb
Config.nt: Line 55 - device=%SystemRoot%\system32\himem.sys
Config.nt: Line 56 - files=40
AutoExec.nt: Line 1 - @echo off
AutoExec.nt: Line 8 - lh %SystemRoot%\system32\mscdexnt.exe
AutoExec.nt: Line 11 - lh %SystemRoot%\system32\redir
AutoExec.nt: Line 14 - lh %SystemRoot%\system32\dosx
AutoExec.nt: Line 36 - SET BLASTER=A220 I5 D1 P330 T3

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 8/16/2005 4:33:26 AM | Attr = HS])
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache - ( [Ver = | Size = 1749 bytes | Date = 9/5/2006 11:24:58 PM | Attr = ])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Paul Diamond\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 8/16/2005 4:33:26 AM | Attr = HS])
C:\Documents and Settings\Paul Diamond\Application Data\PFP120JCM.{PB - ( [Ver = | Size = 12358 bytes | Date = 1/1/2006 6:11:22 PM | Attr = ])
C:\Documents and Settings\Paul Diamond\Application Data\PFP120JPR.{PB - ( [Ver = | Size = 61678 bytes | Date = 1/1/2006 6:11:22 PM | Attr = ])

Program Files Folder

Common Files Folder

DPF files
{00B71CFB-6864-4346-A978-C0A14556272C} - Checkers Class - CodeBase = http://messenger.zon...kr.cab31267.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\common\yinsthelper.dll
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://by108fd.bay10...es/MsnPUpld.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.micros...b?1158936539065
{76CB493D-11F7-4236-BDE4-7A5851B03FA9} - Launcher Class - CodeBase = http://cabalonline.n...WebLauncher.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/...indows-i586.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zon...nt.cab31267.cab
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/...indows-i586.cab
{CD995117-98E5-4169-9920-6C12D4C0B548} - HGPlugin9USA Class - CodeBase = http://gamedownload....GPlugin9USA.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.ma...ash/swflash.cab
{D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - Logout Class - CodeBase = http://www.gamengame...utComponent.cab

Hosts file = 734 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright © 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 1
Desktop\Components\0 -
Desktop\Components\0\\Source - About:Home
Desktop\Components\0\\SubscribedURL - About:Home
Desktop\Components\0\\FriendlyName - My Current Home Page
Desktop\Components\0\\Flags - 2
Desktop\Components\0\\Position - 2C 00 00 00 CC 00 00 00 00 00 00 00 34 03 00 00 E2 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 04 00 00 40
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00
Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 6A 02 00 00 23 00 00 00 A4 00 00 00 9A 00 00 00 01 00 00 00
Desktop\General -
Desktop\General\\BackupWallpaper - %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
Desktop\General\\WallpaperFileTime - 9A EC EE 69 07 AF C6 01
Desktop\General\\WallpaperLocalFileTime - 9A E4 18 81 DD AE C6 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 0
Desktop\General\\Wallpaper - %APPDATA%\Mozilla\Firefox\Desktop Background.bmp
Desktop\General\\ComponentsPositioned - 1
Desktop\General\Settings -
Desktop\General\Settings\\Text Color 01 - 4
Desktop\General\Settings\\Text Color 02 - 2
Desktop\General\Settings\\Text Color 03 - 8
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 00 04 00 00 E2 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Ext -
policies\Ext\CLSID -
policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} - 1
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1
policies\system\\InstallVisualStyle - C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
policies\system\\InstallTheme - C:\WINDOWS\Resources\Themes\Royale.theme

KEY - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\System -
policies\System\\DisableRegistryTools - 0

KEY - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -

>>>>Output for AddOn file SID_Run_Policies.def<<<<

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -
Run\\AVG7_Run - C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run -
Run\\AVG7_Run - C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145

< End of report >

Edit: It was a big report lol

Edited by Paulyboy, 24 November 2006 - 12:50 AM.

  • 0

#10
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Nothing to worry about there...Could you scan again with your Anti-Virus again, and post the results back here. I'm not convinced the infections it flagged are still active on your PC.

Thanks.
  • 0

#11
Paulyboy

Paulyboy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks man, looks like my computers clean thanks for your help and patience. If I have anything else, ill post again. THANK YOU VERY MUCH! AGAIN!
  • 0

#12
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Your welcome :whistling: Looks like AVG did a good job.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Detect and Removal
  • Spybot Search & Destroy- Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
Prevention
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#13
Jayzeee

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP