Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

administrator priviledges revoked


  • Please log in to reply

#1
Pugnacious

Pugnacious

    Member

  • Member
  • PipPip
  • 25 posts
I have corrected this problem with run command "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f" however I am not sure if there is some kind of trojan or infection. The one thing i was installing just before this incident was Google Gadgets and Google toolbar, along with some third party plugins. Here is my Hijack This Log:


Logfile of HijackThis v1.99.1
Scan saved at 1:47:35 PM, on 02/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\FAX\WFXMOD32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Omnipage\opware32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\drivers\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Antispyware\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Stanford Folding Project\winFAH.exe
C:\Program Files\Stanford Folding Project\FahCore_78.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\HiJack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O1 - Hosts: 108.112.42.206 ad.doubleclick.net
O1 - Hosts: 184.169.44.29 upgrade.bitdefender.com
O1 - Hosts: 106.62.59.13 report.bitdefender.com
O1 - Hosts: 178.95.95.213 ad.fastclick.net
O1 - Hosts: 107.116.117.138 ads.fastclick.net
O1 - Hosts: 174.15.27.94 ar.atwola.com
O1 - Hosts: 115.27.183.221 atdmt.com
O1 - Hosts: 183.97.110.57 avp.ch
O1 - Hosts: 114.153.7.176 avp.com
O1 - Hosts: 179.51.181.210 avp.ru
O1 - Hosts: 108.15.197.227 awaps.net
O1 - Hosts: 180.66.164.240 banner.fastclick.net
O1 - Hosts: 112.56.109.230 banners.fastclick.net
O1 - Hosts: 177.137.61.67 ca.com
O1 - Hosts: 111.18.29.102 www.ca.com
O1 - Hosts: 180.140.140.115 click.atdmt.com
O1 - Hosts: 104.148.31.185 clicks.atdmt.com
O1 - Hosts: 186.213.124.100 customer.symantec.com
O1 - Hosts: 100.96.64.129 dispatch.mcafee.com
O1 - Hosts: 183.2.101.136 download.mcafee.com
O1 - Hosts: 104.210.98.148 download.microsoft.com
O1 - Hosts: 181.159.189.68 downloads.microsoft.com
O1 - Hosts: 112.218.150.78 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 181.65.170.225 downloads-eu2.kaspersky-labs.com
O1 - Hosts: 115.202.138.212 downloads-eu3.kaspersky-labs.com
O1 - Hosts: 185.37.50.218 downloads-us1.kaspersky-labs.com
O1 - Hosts: 109.114.81.80 downloads-us2.kaspersky-labs.com
O1 - Hosts: 180.183.191.200 downloads-us3.kaspersky-labs.com
O1 - Hosts: 111.63.81.72 downloads1.kaspersky-labs.com
O1 - Hosts: 187.45.123.197 downloads2.kaspersky-labs.com
O1 - Hosts: 102.48.18.192 downloads3.kaspersky-labs.com
O1 - Hosts: 180.188.144.114 downloads4.kaspersky-labs.com
O1 - Hosts: 111.57.62.146 engine.awaps.net
O1 - Hosts: 179.113.96.3 f-secure.com
O1 - Hosts: 100.178.73.135 fastclick.net
O1 - Hosts: 182.38.71.88 ftp.avp.ch
O1 - Hosts: 107.152.141.111 ftp.downloads2.kaspersky-labs.com
O1 - Hosts: 186.39.46.12 ftp.f-secure.com
O1 - Hosts: 106.65.181.226 ftp.kasperskylab.ru
O1 - Hosts: 174.100.75.218 ftp.sophos.com
O1 - Hosts: 111.138.97.30 go.microsoft.com
O1 - Hosts: 174.194.28.31 ids.kaspersky-labs.com
O1 - Hosts: 110.101.147.64 kaspersky-labs.com
O1 - Hosts: 182.218.134.18 kaspersky.com
O1 - Hosts: 110.50.113.133 liveupdate.symantec.com
O1 - Hosts: 178.160.128.199 liveupdate.symantecliveupdate.com
O1 - Hosts: 115.84.151.31 mast.mcafee.com
O1 - Hosts: 185.0.220.131 mcafee.com
O1 - Hosts: 109.92.142.185 media.fastclick.net
O1 - Hosts: 176.171.191.233 msdn.microsoft.com
O1 - Hosts: 103.113.37.211 my-etrust.com
O1 - Hosts: 180.172.202.29 nai.com
O1 - Hosts: 115.89.143.98 networkassociates.com
O1 - Hosts: 174.46.37.27 office.microsoft.com
O1 - Hosts: 109.188.51.100 phx.corporate-ir.net
O1 - Hosts: 185.45.204.116 rads.mcafee.com
O1 - Hosts: 109.120.41.223 secure.nai.com
O1 - Hosts: 177.7.179.127 securityresponse.symantec.com
O1 - Hosts: 108.217.74.1 service1.symantec.com
O1 - Hosts: 183.50.26.181 sophos.com
O1 - Hosts: 109.170.21.186 spd.atdmt.com
O1 - Hosts: 187.58.188.136 support.microsoft.com
O1 - Hosts: 101.13.209.239 symantec.com
O1 - Hosts: 176.188.88.223 trendmicro.com
O1 - Hosts: 105.130.169.168 update.symantec.com
O1 - Hosts: 182.123.36.37 updates.symantec.com
O1 - Hosts: 108.110.33.59 updates1.kaspersky-labs.com
O1 - Hosts: 183.59.213.85 updates2.kaspersky-labs.com
O1 - Hosts: 100.8.14.248 updates3.kaspersky-labs.com
O1 - Hosts: 177.203.115.101 updates4.kaspersky-labs.com
O1 - Hosts: 115.99.75.57 updates5.kaspersky-labs.com
O1 - Hosts: 177.164.21.164 us.mcafee.com
O1 - Hosts: 104.191.68.232 vil.nai.com
O1 - Hosts: 178.104.12.229 viruslist.com
O1 - Hosts: 115.45.29.170 viruslist.ru
O1 - Hosts: 180.17.225.124 windowsupdate.microsoft.com
O1 - Hosts: 101.14.104.106 www.avp.ch
O1 - Hosts: 187.220.183.234 www.avp.com
O1 - Hosts: 106.32.32.175 www.avp.ru
O1 - Hosts: 186.54.74.45 www.awaps.net
O1 - Hosts: 101.143.19.123 www.ca.com
O1 - Hosts: 174.32.86.13 www.f-secure.com
O1 - Hosts: 105.116.161.207 www.fastclick.net
O1 - Hosts: 181.161.67.179 www.grisoft.com
O1 - Hosts: 112.172.26.189 www.kaspersky-labs.com
O1 - Hosts: 184.209.149.39 www.kaspersky.com
O1 - Hosts: 101.182.189.240 www.kaspersky.ru
O1 - Hosts: 173.37.26.35 www.mcafee.com
O1 - Hosts: 112.46.139.229 www.my-etrust.com
O1 - Hosts: 178.225.214.176 www.nai.com
O1 - Hosts: 108.150.114.26 www.networkassociates.com
O1 - Hosts: 178.182.181.42 www.sophos.com
O1 - Hosts: 109.208.204.78 www.symantec.com
O1 - Hosts: 185.128.102.236 www.trendmicro.com
O1 - Hosts: 106.65.196.108 www.viruslist.com
O1 - Hosts: 179.223.125.67 www.viruslist.ru
O1 - Hosts: 103.38.35.138 www3.ca.com
O1 - Hosts: 175.24.52.173 avp.ch
O1 - Hosts: 112.167.176.41 avp.com
O1 - Hosts: 181.132.72.29 avp.ru
O1 - Hosts: 108.51.94.92 awaps.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTISP~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\Omnipage\opware32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\Torrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Antispyware\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: MiniReminder.lnk = C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip Pro\WZQKPICK.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154490054000
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre...s/emcconfig.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontec...2ie06101001.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SlimServerMySQL - Unknown owner - C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:


Download the HostsXpert 3.7 - Hosts File Manager Here
Please do not use program yet

Unzip HostsXpert 3.7 - Hosts File Manager to your desktop

Open up the HostsXpert 3.7 - Hosts File Manager program.
  • Make sure that the "make hosts writable?" button in the upper right corner is enabled.
  • Click back up Host files
  • then click Restore orginal host files
  • close program
Please run a scan with HijackThis and check the following lines for removal:

O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
<< You may get an error when trying to fix this, just continue

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

Reboot

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#3
Pugnacious

Pugnacious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Tried to use Host with "make hosts writable?" enabled but was unable to use the back up keys in this mode so I tried in "read" mode.
When I tried to run Combo it brought up the black command screen but no prompts, this showed up for a moment and then disappeared. I am afraid either I am not folowing your instructions carefully enough or I am not able to.
Here is my Hijack Log, which by the way is being identified by AVG as a host with virus.


Logfile of HijackThis v1.99.1
Scan saved at 5:32:27 PM, on 02/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Omnipage\opware32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Antispyware\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\drivers\svchost.exe
C:\Program Files\SlimServer\SlimTray.exe
C:\Program Files\WinZip Pro\WZQKPICK.EXE
C:\Program Files\Stanford Folding Project\winFAH.exe
C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Stanford Folding Project\FahCore_78.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\FAX\WFXMOD32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTISP~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\Omnipage\opware32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\Torrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Antispyware\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: MiniReminder.lnk = C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip Pro\WZQKPICK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154490054000
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre...s/emcconfig.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontec...2ie06101001.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SlimServerMySQL - Unknown owner - C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
  • 0

#4
Pugnacious

Pugnacious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I should also say that the regedit and Task Manager are again disabled by administartor (this is the administrator account though)
  • 0

#5
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:



Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

  • 0

#6
Pugnacious

Pugnacious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
The SDFix did not run again when the computer was restarted but went straight to login. Was I supposed to be in safe mode on reboot from safe mode?

Report.Txt


SDFix: Version 1.63

02/02/2007 - 20:17:29.39

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:



[b]HiJackThis Log:
[size=6]



Logfile of HijackThis v1.99.1
Scan saved at 8:25:05 PM, on 02/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\FAX\WFXMOD32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Omnipage\opware32.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Antispyware\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\drivers\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SlimServer\SlimTray.exe
C:\Program Files\WinZip Pro\WZQKPICK.EXE
C:\Program Files\Stanford Folding Project\winFAH.exe
C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Stanford Folding Project\FahCore_78.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTISP~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\Omnipage\opware32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\Torrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Antispyware\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: MiniReminder.lnk = C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip Pro\WZQKPICK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154490054000
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre...s/emcconfig.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontec...2ie06101001.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SlimServerMySQL - Unknown owner - C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
  • 0

#7
Pugnacious

Pugnacious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Ran Adaware and Spybot. They both found spyware which was removed. The problem with Task Manager and regedit corrected itself until I rebooted and was back to square one.
  • 0

#8
Pugnacious

Pugnacious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Ran Ewido. Found Trojan and Downloader. Deleted both.Still problem is not fixed. Here is latest Hijack This Log:


Logfile of HijackThis v1.99.1
Scan saved at 11:51:49 PM, on 02/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Antispyware\Ewido\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\FAX\WFXMOD32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Omnipage\opware32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\drivers\svchost.exe
C:\Program Files\Antispyware\Ewido\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Antispyware\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Antispyware\SuperAntispyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\SlimServer\SlimTray.exe
C:\Program Files\Stanford Folding Project\winFAH.exe
C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
C:\Program Files\Stanford Folding Project\FahCore_78.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTISP~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\Omnipage\opware32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Antispyware\Ewido\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\Torrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Antispyware\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\Antispyware\SuperAntispyware\SUPERAntiSpyware.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: MiniReminder.lnk = C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154490054000
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre...s/emcconfig.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontec...2ie06101001.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\Antispyware\SuperAntispyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Antispyware\Ewido\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SlimServerMySQL - Unknown owner - C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
  • 0

#9
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Not sure why sdfix didnt run. I really need to see a combo log. Also just to make sure, allow the registry changes when spybot prompts you to, or just disable it for the time being

Please run a scan with HijackThis and check the following lines for removal:

O4 - HKLM\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\WINDOWS\System32\drivers\svchost.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

Reboot to safemode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Browse for and delete this file C:\WINDOWS\System32\drivers\svchost.exe << Make sure you dont delete the svchost.exe out of the C:\WINDOWS\System32\ folder

Now please run combofix again from safemode. It should run. The log will be saved At C:\combofix. Please post that for me

Thanks
  • 0

#10
Pugnacious

Pugnacious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
My apology, I have gotten a little muddled.Before I read your last post I bought access to Panda ActiveScan Pro and ran a scan. It disinfected one virus and found 4 root kits 3 of which appear to be SDFix. Here is the log.
Incident Status Location

Adware:adware/cws Disinfected C:\Documents and Settings\David & Renee\Favorites\Health
Spyware:Cookie/Go Disinfected C:\Documents and Settings\David & Renee\Cookies\david & renee@go[1].txt
Spyware:Cookie/NewMedia Disinfected C:\Documents and Settings\David & Renee\Cookies\david_&[email protected][1].txt
Spyware:Cookie/Cd Freaks Disinfected C:\Documents and Settings\David & Renee\Cookies\david_&_renee@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Disinfected C:\Documents and Settings\David & Renee\Cookies\david_&[email protected][2].txt
Spyware:Cookie/Com.com Disinfected C:\Documents and Settings\David & Renee\Cookies\david_&_renee@com[1].txt
Spyware:Cookie/360i Disinfected C:\Documents and Settings\David & Renee\Cookies\david_&[email protected][1].txt
Spyware:Cookie/QuestionMarket Disinfected C:\Documents and Settings\David & Renee\Cookies\david_&_renee@questionmarket[2].txt
Potentially unwanted tool:Application/Processor No disinfected C:\Documents and Settings\David & Renee\Desktop\SDFix.exe[Process.exe]
Potentially unwanted tool:Application/MyWebSearch No disinfected C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\GJQHKEYF\MyFunCardsSetup2.1.60.1[1].exe
Potentially unwanted tool:Application/Processor No disinfected C:\Program Files\Malware removal\SDFix.exe[Process.exe]
Potentially unwanted tool:Application/Processor No disinfected C:\SDFix\apps\Process.exe
I tried your suggestions afterwards but was not able to find the Firewall entries in HijackThis and Combofix again comes up with that very fast black screen and disappears-no log produced.

Here again is my Hijack This Log:



Logfile of HijackThis v1.99.1
Scan saved at 4:00:43 PM, on 03/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Antispyware\Ewido\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\SlimServer\server\slim.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\FAX\WFXMOD32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Omnipage\opware32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Antispyware\Ewido\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Antispyware\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Antispyware\SuperAntispyware\SUPERAntiSpyware.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\SlimServer\SlimTray.exe
C:\Program Files\Stanford Folding Project\winFAH.exe
C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
C:\Program Files\Stanford Folding Project\FahCore_78.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HiJack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTISP~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\Omnipage\opware32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Antispyware\Ewido\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\Torrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Antispyware\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\Antispyware\SuperAntispyware\SUPERAntiSpyware.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: MiniReminder.lnk = C:\Program Files\Scheduler\MiniReminder\MiniReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154490054000
O16 - DPF: {850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} (Sympatico E-mail Configuration Tool) - http://upgradecentre...s/emcconfig.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontec...2ie06101001.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\Antispyware\SuperAntispyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Antispyware\Ewido\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SlimServerMySQL - Unknown owner - C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

I am unable to find the Coolweb exe files that Panda found in my directories or in a add/remove software (control panel).

I am quite concerned and have cancelled my credit card.

  • 0

Advertisements


#11
Pugnacious

Pugnacious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Settings\Temporary Internet Files\Content.IE5\GJQHKEYF\MyFunCardsSetup2.1.60.1[1].exe
Is the file I can't find, it is somehow connected to Coolweb. I did allow someone to access my guest account could this be the source of some of my difficulties?
  • 0

#12
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Actually the Panda scan looks good. Were you able to delete the C:\WINDOWS\System32\drivers\svchost.exe file?

C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\GJQHKEYF\MyFunCardsSetup2.1.60.1[1].exe This is just some minor adware we can clean the temp files to clear it

Clean out your Temporary Internet files. Proceed as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
I'm not convinced your clean, even though your hijack log says your fine, lets try this

Download Winpfind3 to your desktop
  • Doubleclick the Winpfind icon on your desktop
  • It will create a folder called WinPFind3u on your desktop
  • Open the folder and double click WinPFind3.exe
  • Click the run scan button, it will take a few minutes
  • Post the results back into the thread (use 2 post if you have to)

  • 0

#13
Pugnacious

Pugnacious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I do not believe I am free of infection as I am still unable to access Task Manager although I do seem to have access to regedit right now. I was never able to find C:\WINDOWS\System32\drivers\svchost.exe although it is in system32 file above driver folder(You told me not to delete it in system32 folder I believe.) By the way I greatly appreciate your help.

Here is WinPFind3.exe Report:



WinPFind3 logfile created on: 03/02/2007 11:42:53 PM
WinPFind3U by OldTimer - Version 1.0.14 Folder = C:\Documents and Settings\David & Renee\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1046956 Kb Total Physical Memory | 418348 Kb Available Physical Memory | 39.96% Memory free
2520056 Kb Paging File | 1960648 Kb Available in Paging File | 77.80% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61440560 Kb Total Space | 46140892 Kb Free Space | 75.10% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 251120012 Kb Total Space | 129927672 Kb Free Space | 51.74% Space Free


[Processes - Non-Microsoft Only]
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 13/04/2006 4:14:26 PM | Attr = ]
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 13/04/2006 4:14:26 PM | Attr = ]
apcsystray.exe -> %ProgramFiles%\APC\APC PowerChute Personal Edition\apcsystray.exe -> American Power Conversion Corporation [Ver = 2, 0, 0, 0 | Size = 417855 bytes | Modified Date = 12/12/2005 2:03:54 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Antispyware\Ewido\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07/10/2006 7:20:00 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.432 | Size = 323072 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
dkservice.exe -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 606316 bytes | Modified Date = 26/07/2005 4:51:22 PM | Attr = ]
drgtodsc.exe -> %ProgramFiles%\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe -> Roxio [Ver = 7.1.0.183 | Size = 1691648 bytes | Modified Date = 25/09/2004 1:37:42 AM | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.019 | Size = 37888 bytes | Modified Date = 14/11/2003 9:50:00 AM | Attr = ]
fahcore_78.exe -> %ProgramFiles%\Stanford Folding Project\FahCore_78.exe -> [Ver = | Size = 2338816 bytes | Modified Date = 07/08/2006 10:27:20 AM | Attr = ]
gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/2005 4:48:34 PM | Attr = ]
guard.exe -> %ProgramFiles%\Antispyware\Ewido\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 9:13:20 AM | Attr = ]
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 23, 0 | Size = 878592 bytes | Modified Date = 16/01/2006 4:46:12 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 49263 bytes | Modified Date = 07/09/2006 2:51:22 PM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 20/06/2006 8:08:48 PM | Attr = ]
mainserv.exe -> %ProgramFiles%\APC\APC PowerChute Personal Edition\mainserv.exe -> American Power Conversion Corporation [Ver = 2, 0, 0, 0 | Size = 176193 bytes | Modified Date = 12/12/2005 2:02:24 PM | Attr = ]
mysqld.exe -> %ProgramFiles%\SlimServer\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -> [Ver = | Size = 4149248 bytes | Modified Date = 15/01/2007 1:28:38 PM | Attr = ]
nmapp.exe -> %ProgramFiles%\Pure Networks\Network Magic\nmapp.exe -> Pure Networks, Inc. [Ver = 4.0.6277.0 | Size = 321088 bytes | Modified Date = 01/11/2006 12:04:02 AM | Attr = ]
nmsrvc.exe -> %ProgramFiles%\Pure Networks\Network Magic\nmsrvc.exe -> Pure Networks, Inc. [Ver = 4.0.6277.0 | Size = 321088 bytes | Modified Date = 01/11/2006 12:04:02 AM | Attr = ]
nsvcappflt.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -> [Ver = 1, 0, 1, 0 | Size = 172032 bytes | Modified Date = 11/09/2006 7:59:28 PM | Attr = ]
nsvcip.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 135227 bytes | Modified Date = 11/09/2006 7:56:02 PM | Attr = ]
nsvclog.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 65599 bytes | Modified Date = 11/09/2006 7:55:42 PM | Attr = ]
nvraidservice.exe -> %System32%\nvraidservice.exe -> NVIDIA Corporation [Ver = 5.10.2600.0663 | Size = 135168 bytes | Modified Date = 07/04/2006 9:37:14 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 143426 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
opware32.exe -> %ProgramFiles%\Omnipage\opware32.exe -> ScanSoft, Inc [Ver = 11.0 | Size = 49152 bytes | Modified Date = 25/05/2001 10:56:20 PM | Attr = ]
slim.exe -> %ProgramFiles%\SlimServer\server\slim.exe -> [Ver = 0.0.0.0 | Size = 6611011 bytes | Modified Date = 15/01/2007 1:29:20 PM | Attr = ]
slimtray.exe -> %ProgramFiles%\SlimServer\SlimTray.exe -> [Ver = 0.0.0.0 | Size = 1093701 bytes | Modified Date = 15/01/2007 1:29:06 PM | Attr = ]
smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 28 | Size = 729088 bytes | Modified Date = 10/04/2006 8:19:46 AM | Attr = ]
superantispyware.exe -> %ProgramFiles%\Antispyware\SuperAntispyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 5, 0, 1016 | Size = 1310720 bytes | Modified Date = 10/01/2007 3:14:36 PM | Attr = ]
teatimer.exe -> %ProgramFiles%\Antispyware\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31/05/2005 1:04:00 AM | Attr = ]
unlockerassistant.exe -> %ProgramFiles%\Utilities\Unlocker\UnlockerAssistant.exe -> [Ver = | Size = 15872 bytes | Modified Date = 07/09/2006 12:19:28 PM | Attr = ]
wfxmod32.exe -> %ProgramFiles%\FAX\WFXMOD32.EXE -> Symantec Corporation [Ver = 10.00.2001.0910 | Size = 541184 bytes | Modified Date = 27/11/2001 7:14:14 PM | Attr = ]
wfxsvc.exe -> %System32%\WFXSVC.EXE -> Symantec Corporation [Ver = 10.00.2000.0929 | Size = 129536 bytes | Modified Date = 28/09/2000 10:58:42 PM | Attr = ]
winfah.exe -> %ProgramFiles%\Stanford Folding Project\winFAH.exe -> Stanford University [Ver = 5, 0, 3, 0 | Size = 323584 bytes | Modified Date = 09/11/2004 1:45:08 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.14.0 | Size = 308224 bytes | Modified Date = 03/02/2007 3:49:48 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(APC UPS Service) APC UPS Service [Win32_Own | Auto | Running] -> %ProgramFiles%\APC\APC PowerChute Personal Edition\mainserv.exe -> American Power Conversion Corporation [Ver = 2, 0, 0, 0 | Size = 176193 bytes | Modified Date = 12/12/2005 2:02:24 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Antispyware\Ewido\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 9:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.432 | Size = 323072 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 606316 bytes | Modified Date = 26/07/2005 4:51:22 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ]
(ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -> [Ver = 1, 0, 1, 0 | Size = 172032 bytes | Modified Date = 11/09/2006 7:59:28 PM | Attr = ]
(ForcewareWebInterface) Forceware Web Interface [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 13/04/2006 4:14:26 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.755.22488.beta | Size = 136952 bytes | Modified Date = 01/02/2007 7:40:36 PM | Attr = ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 23, 0 | Size = 878592 bytes | Modified Date = 16/01/2006 4:46:12 PM | Attr = ]
(InCDsrvR) InCD Helper (read only) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 23, 0 | Size = 878592 bytes | Modified Date = 16/01/2006 4:46:12 PM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 20/06/2006 8:08:48 PM | Attr = ]
(nmraapache) Pure Networks Net2Go Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -> Pure Networks, Inc. [Ver = 2.0.54 | Size = 12800 bytes | Modified Date = 14/10/2006 7:21:04 PM | Attr = ]
(nmservice) Pure Networks Network Magic Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Pure Networks\Network Magic\nmsrvc.exe -> Pure Networks, Inc. [Ver = 4.0.6277.0 | Size = 321088 bytes | Modified Date = 01/11/2006 12:04:02 AM | Attr = ]
(nSvcIp) ForceWare IP service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 135227 bytes | Modified Date = 11/09/2006 7:56:02 PM | Attr = ]
(nSvcLog) ForceWare user log service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 65599 bytes | Modified Date = 11/09/2006 7:55:42 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 143426 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
(SlimServerMySQL) SlimServerMySQL [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~1\SLIMSE~1\server\Cache\my.cnf -> File not found
(slimsvc) SlimServer [Win32_Own | Auto | Running] -> %ProgramFiles%\SlimServer\server\slim.exe -> [Ver = 0.0.0.0 | Size = 6611011 bytes | Modified Date = 15/01/2007 1:29:20 PM | Attr = ]
(wfxsvc) WinFax PRO [Win32_Own | Auto | Running] -> %System32%\WFXSVC.EXE -> Symantec Corporation [Ver = 10.00.2000.0929 | Size = 129536 bytes | Modified Date = 28/09/2000 10:58:42 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Antispyware\Ewido\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07/10/2006 7:20:00 AM | Attr = ]
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/2005 4:48:34 PM | Attr = ]
AsusStartupHelp -> %ProgramFiles%\ASUS\AASP\1.00.15\AsRunHelp.exe -> [Ver = | Size = 363008 bytes | Modified Date = 14/11/2006 2:25:40 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
DiskeeperSystray -> %ProgramFiles%\Executive Software\Diskeeper\DkIcon.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 184408 bytes | Modified Date = 26/07/2005 4:52:24 PM | Attr = ]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.016 | Size = 19968 bytes | Modified Date = 07/11/2003 4:50:00 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 9:50:42 AM | Attr = ]
nmapp -> %ProgramFiles%\Pure Networks\Network Magic\nmapp.exe -> Pure Networks, Inc. [Ver = 4.0.6277.0 | Size = 321088 bytes | Modified Date = 01/11/2006 12:04:02 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 7557120 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 86016 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
NVRaidService -> %System32%\nvraidservice.exe -> NVIDIA Corporation [Ver = 5.10.2600.0663 | Size = 135168 bytes | Modified Date = 07/04/2006 9:37:14 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
Omnipage -> %ProgramFiles%\Omnipage\opware32.exe -> ScanSoft, Inc [Ver = 11.0 | Size = 49152 bytes | Modified Date = 25/05/2001 10:56:20 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 14/08/2006 12:07:30 PM | Attr = ]
RoxioDragToDisc -> %ProgramFiles%\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe -> Roxio [Ver = 7.1.0.183 | Size = 1691648 bytes | Modified Date = 25/09/2004 1:37:42 AM | Attr = ]
SoundMax -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 28 | Size = 729088 bytes | Modified Date = 10/04/2006 8:19:46 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 49263 bytes | Modified Date = 07/09/2006 2:51:22 PM | Attr = ]
UnlockerAssistant -> %ProgramFiles%\Utilities\Unlocker\UnlockerAssistant.exe -> [Ver = | Size = 15872 bytes | Modified Date = 07/09/2006 12:19:28 PM | Attr = ]
WMC_AutoUpdate -> -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BitTorrent -> %ProgramFiles%\Torrent\bittorrent.exe -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Antispyware\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31/05/2005 1:04:00 AM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\Antispyware\SuperAntispyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 5, 0, 1016 | Size = 1310720 bytes | Modified Date = 10/01/2007 3:14:36 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\APC UPS Status.lnk -> %ProgramFiles%\APC\APC PowerChute Personal Edition\Display.exe -> American Power Conversion Corporation [Ver = 2, 0, 0, 0 | Size = 221247 bytes | Modified Date = 12/12/2005 2:05:30 PM | Attr = ]
%AllUsersStartup%\SlimServer Tray Tool.lnk -> %ProgramFiles%\SlimServer\SlimTray.exe -> [Ver = 0.0.0.0 | Size = 1093701 bytes | Modified Date = 15/01/2007 1:29:06 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\David & Renee\Start Menu\Programs\Startup
%UserStartup%\Folding@Home 5.03.lnk -> %ProgramFiles%\Stanford Folding Project\winFAH.exe -> Stanford University [Ver = 5, 0, 3, 0 | Size = 323584 bytes | Modified Date = 09/11/2004 1:45:08 PM | Attr = ]
%UserStartup%\MiniReminder.lnk -> %ProgramFiles%\Scheduler\MiniReminder\MiniReminder.exe -> [Ver = | Size = 138752 bytes | Modified Date = 24/05/2006 5:00:00 PM | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 10:05:26 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk -> %ProgramFiles%\APC\APC PowerChute Personal Edition\Display.exe -> American Power Conversion Corporation [Ver = 2, 0, 0, 0 | Size = 221247 bytes | Modified Date = 12/12/2005 2:05:30 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk -> %SystemDrive%\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE -> File not found
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
Ai Nap -> %ProgramFiles%\ASUS\Ai Nap\AiNap.exe -> [Ver = | Size = 1090560 bytes | Modified Date = 10/05/2006 6:28:32 PM | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> File not found
InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 23, 0 | Size = 1398272 bytes | Modified Date = 16/01/2006 11:46:28 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 9:50:42 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
PhotoShow Deluxe Media Manager -> %ProgramFiles%\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe -> Ahead Software [Ver = 1.0.1.0 | Size = 212992 bytes | Modified Date = 25/02/2005 7:28:04 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 14/08/2006 12:07:30 PM | Attr = ]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 28 | Size = 729088 bytes | Modified Date = 10/04/2006 8:19:46 AM | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 61 | Size = 843776 bytes | Modified Date = 30/04/2006 9:07:44 PM | Attr = R ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_07\bin\jusched.exe -> File not found
WFXSwtch -> %ProgramFiles%\FAX\WFXSWTCH.exe -> [Ver = | Size = 27648 bytes | Modified Date = 27/11/2001 7:14:14 PM | Attr = ]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> File not found
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
regfile [merge] -> Reg Data - Key not found ->
scrfile [open] -> "%1" /S ->
scrfile [config] -> "%1" ->
Directory [DrTagBrowse] -> %ProgramFiles%\Dr Tag\DrTag\DrTag.exe -> Aspect one [Ver = 3.0.1.170 | Size = 4987392 bytes | Modified Date = 12/07/2005 9:18:16 PM | Attr = ]
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->
NewLinkHere -> -> File not found
%1 -> -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->
Briefcase_Create -> -> File not found
%2!d! -> -> File not found
%1 -> -> File not found
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ->
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /HideWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->
-a -> -> File not found
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Antispyware\Ewido\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 9:13:28 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\Antispyware\SuperAntispyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 12:55:48 PM | Attr = ]
{A213B520-C6C2-11d0-AF9D-008029E1027E} [HKLM] -> %ProgramFiles%\FAX\WFXSEH32.DLL [] -> Symantec Corporation [Ver = 9.00.98.0727 | Size = 38400 bytes | Modified Date = 27/07/1998 3:54:06 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
!SASWinLogon -> %ProgramFiles%\Antispyware\SuperAntispyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1028 | Size = 258048 bytes | Modified Date = 19/10/2006 9:12:20 AM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place0 -> ::{C55C499D-3518-44a1-998E-796AC5FC989D} ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place1 -> 8 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place2 -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place3 -> 5 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place4 -> 17 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.microsoft...p...&ar=msnhome ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
www_woodgundy.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 4:16:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Antispyware\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 434279 bytes | Modified Date = 07/09/2006 3:06:08 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 1, 0, 4, 0 | Size = 110592 bytes | Modified Date = 19/09/2002 10:45:14 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Sun Java Console ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Windows Messenger ->
NextId -> 8194 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 69746 bytes | Modified Date = 07/09/2006 3:06:08 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 434279 bytes | Modified Date = 07/09/2006 3:06:08 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> %ProgramFiles%\XVID to DVD\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 61440 bytes | Modified Date = 25/02/2006 12:50:46 PM | Attr = ]
{0873D142-79EF-49fa-81B5-211AAC0B0A7F} [HKLM] -> %ProgramFiles%\Roxio\Easy Media Creator 7\Creator Classic\TargetFinder.dll [Target Finder Shell Extension] -> [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Modified Date = 25/09/2004 1:26:04 AM | Attr = ]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> %ProgramFiles%\UNZip\7-Zip\7-zip.dll [7-Zip Shell Extension] -> [Ver = | Size = 138752 bytes | Modified Date = 13/05/2006 11:23:40 PM | Attr = ]
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} [HKLM] -> Reg Data - Key not found [CopyToCD shell extension] -> File not found
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> %ProgramFiles%\Pure Networks\Network Magic\nmspce2.dll [NetworkMagic] -> Pure Networks, Inc. [Ver = 4.0.6313.0 | Size = 661056 bytes | Modified Date = 09/11/2006 1:17:54 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5E44E225-A408-11CF-B581-008029601108} [HKLM] -> %ProgramFiles%\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll [Roxio DragToDisc Shell Extension] -> Roxio [Ver = 7.1.0.183 | Size = 319488 bytes | Modified Date = 25/09/2004 1:37:50 AM | Attr = ]
{62998FFD-B0A8-4019-8B86-CF0785539EC5} [HKLM] -> %ProgramFiles%\DAT\IE Privacy Keeper\SecureDelete.dll [IE Privacy Keeper Secure Delete Shell Extension] -> UnH Solutions [Ver = 2.7.1 | Size = 135168 bytes | Modified Date = 29/05/2005 8:40:40 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %SystemDrive%\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll [Webroot Spy Sweeper Context Menu Integration] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> %ProgramFiles%\Ahead\InCD\incdshx.dll [Shell Extension for CDRW] -> Nero AG [Ver = 4, 3, 23, 0 | Size = 103424 bytes | Modified Date = 16/01/2006 4:35:06 PM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 7557120 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
{C55C499D-3518-44a1-998E-796AC5FC989D} [HKLM] -> %ProgramFiles%\Pure Networks\Network Magic\nmspce2.dll [NetworkMagic] -> Pure Networks, Inc. [Ver = 4.0.6313.0 | Size = 661056 bytes | Modified Date = 09/11/2006 1:17:54 AM | Attr = ]
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Utilities\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 8704 bytes | Modified Date = 07/09/2006 12:19:02 PM | Attr = ]
{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} [HKLM] -> Reg Data - Key not found [Haali Matroska Thumbnail Exctractor] -> File not found
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 7557120 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{CA8ACAFA-5FBB-467B-B348-90DD488DE003} [HKLM] -> %ProgramFiles%\Antispyware\SuperAntispyware\SASCTXMN.DLL [SASContextMenu Class] -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1002 | Size = 61440 bytes | Modified Date = 16/01/2007 1:54:10 PM | Attr = ]
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> %ProgramFiles%\UNZip\7-Zip\7-zip.dll [7-Zip] -> [Ver = | Size = 138752 bytes | Modified Date = 13/05/2006 11:23:40 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Antispyware\Ewido\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06/10/2006 6:40:48 AM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
{62998FFD-B0A8-4019-8B86-CF0785539EC5} [HKLM] -> %ProgramFiles%\DAT\IE Privacy Keeper\SecureDelete.dll [IEPKSecureDelete] -> UnH Solutions [Ver = 2.7.1 | Size = 135168 bytes | Modified Date = 29/05/2005 8:40:40 PM | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %SystemDrive%\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll [SpySweeper] -> File not found
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Utilities\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 8704 bytes | Modified Date = 07/09/2006 12:19:02 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> %ProgramFiles%\Pure Networks\Network Magic\nmspce2.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 4.0.6313.0 | Size = 661056 bytes | Modified Date = 09/11/2006 1:17:54 AM | Attr = ]
{CA8ACAFA-5FBB-467B-B348-90DD488DE003} [HKLM] -> %ProgramFiles%\Antispyware\SuperAntispyware\SASCTXMN.DLL [SASContextMenu Class] -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1002 | Size = 61440 bytes | Modified Date = 16/01/2007 1:54:10 PM | Attr = ]
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> %ProgramFiles%\UNZip\7-Zip\7-zip.dll [7-Zip] -> [Ver = | Size = 138752 bytes | Modified Date = 13/05/2006 11:23:40 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Antispyware\Ewido\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06/10/2006 6:40:48 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> %ProgramFiles%\Pure Networks\Network Magic\nmspce2.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 4.0.6313.0 | Size = 661056 bytes | Modified Date = 09/11/2006 1:17:54 AM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> %ProgramFiles%\Ahead\InCD\incdshx.dll [InCDMenu] -> Nero AG [Ver = 4, 3, 23, 0 | Size = 103424 bytes | Modified Date = 16/01/2006 4:35:06 PM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 7557120 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> %ProgramFiles%\Pure Networks\Network Magic\nmspce2.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 4.0.6313.0 | Size = 661056 bytes | Modified Date = 09/11/2006 1:17:54 AM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
{62998FFD-B0A8-4019-8B86-CF0785539EC5} [HKLM] -> %ProgramFiles%\DAT\IE Privacy Keeper\SecureDelete.dll [IEPKSecureDelete] -> UnH Solutions [Ver = 2.7.1 | Size = 135168 bytes | Modified Date = 29/05/2005 8:40:40 PM | Attr = ]
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %SystemDrive%\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll [SpySweeper] -> File not found
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Utilities\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 8704 bytes | Modified Date = 07/09/2006 12:19:02 PM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> %ProgramFiles%\XVID to DVD\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 61440 bytes | Modified Date = 25/02/2006 12:50:46 PM | Attr = ]
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14/12/2004 2:20:02 AM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
pure-go -> %CommonProgramFiles%\Pure Networks Shared\puresp3.dll -> Pure Networks, Inc. [Ver = 4.0.6305.0 | Size = 71232 bytes | Modified Date = 09/11/2006 1:37:38 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.micr...heckControl.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.micros...b?1154490054000 ->
{850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} -> Sympatico E-mail Configuration Tool - CodeBase = http://upgradecentre...s/emcconfig.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.ma...ash/swflash.cab ->
{D6376DD2-C2BD-49B2-A1B1-138F869633F3} -> ASPRO Installer Class - CodeBase = http://acs.pandasoft...5/asproinst.cab ->
{E473A65C-8087-49A3-AFFD-C5BC4A10669B} -> Quantum Streaming IE Player Class - CodeBase = http://mvnet.xlontec...2ie06101001.cab ->


[Files - Created Within 30 days]
.rnd -> %SystemDrive%\.rnd -> [Ver = | Size = 1024 bytes | Created Date = 19/01/2007 11:52:08 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072156672 bytes | Created Date = 01/01/1601 5:00:00 AM | Attr = HS]
WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_5_0_1016.MSI -> %CommonProgramFiles%\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_5_0_1016.MSI -> [Ver = | Size = 3977216 bytes | Created Date = 02/02/2007 9:49:26 PM | Attr = ]
M2NE502.BIN -> %SystemRoot%\M2NE502.BIN -> [Ver = | Size = 524288 bytes | Created Date = 13/01/2007 11:23:36 AM | Attr = ]
M2NE502.zip -> %SystemRoot%\M2NE502.zip -> [Ver = | Size = 341582 bytes | Created Date = 13/01/2007 11:23:25 AM | Attr = ]
mseixml.sei -> %SystemRoot%\mseixml.sei -> [Ver = | Size = 22 bytes | Created Date = 17/01/2007 1:53:36 PM | Attr = ]
PAV.SIG -> %SystemRoot%\PAV.SIG -> [Ver = | Size = 23651478 bytes | Created Date = 03/02/2007 3:06:19 PM | Attr = ]
.ico -> %System32%\.ico -> [Ver = | Size = 5269 bytes | Created Date = 03/02/2007 10:30:19 AM | Attr = ]
a3d.dll -> %System32%\a3d.dll -> Sensaura Ltd [Ver = 4.12.01.2009 | Size = 65536 bytes | Created Date = 13/01/2007 1:53:18 PM | Attr = R ]
asprouni.exe -> %System32%\asprouni.exe -> Panda Software [Ver = 1, 0, 0, 1 | Size = 69632 bytes | Created Date = 03/02/2007 10:37:18 AM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 03/02/2007 9:10:53 AM | Attr = ]
CapabilityTable.exe -> %System32%\CapabilityTable.exe -> NVIDIA Corporation [Ver = 2, 2, 1, 464 | Size = 442368 bytes | Created Date = 19/01/2007 11:51:22 AM | Attr = ]
CMMGR32.EXE -> %System32%\CMMGR32.EXE -> [Ver = | Size = 0 bytes | Created Date = 02/02/2007 9:59:45 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 03/02/2007 9:10:23 AM | Attr = ]
Helppro.ico -> %System32%\Helppro.ico -> [Ver = | Size = 1406 bytes | Created Date = 03/02/2007 10:30:19 AM | Attr = ]
mseixml.sei -> %System32%\mseixml.sei -> [Ver = | Size = 22 bytes | Created Date = 17/01/2007 1:53:36 PM | Attr = ]
nv4_disp.dll -> %System32%\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 3960064 bytes | Created Date = 13/01/2007 2:05:09 PM | Attr = ]
nvide.nvu -> %System32%\nvide.nvu -> [Ver = | Size = 1570 bytes | Created Date = 19/01/2007 11:51:13 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\nvide.nvu:Zone.Identifier ->
nvuide.exe -> %System32%\nvuide.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 208896 bytes | Created Date = 19/01/2007 11:51:13 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\nvuide.exe:Zone.Identifier ->
OLD2E8.tmp -> %System32%\OLD2E8.tmp -> Sensaura Ltd [Ver = 4.12.01.2009 | Size = 65536 bytes | Created Date = 13/01/2007 1:53:18 PM | Attr = R ]
OLD9CA.tmp -> %System32%\OLD9CA.tmp -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 3960064 bytes | Created Date = 13/01/2007 2:05:09 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 03/02/2007 9:10:22 AM | Attr = ]
pavaspro.ico -> %System32%\pavaspro.ico -> [Ver = | Size = 30590 bytes | Created Date = 03/02/2007 10:30:18 AM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 03/02/2007 9:10:23 AM | Attr = ]
Uninstallpro.ico -> %System32%\Uninstallpro.ico -> [Ver = | Size = 2550 bytes | Created Date = 03/02/2007 10:30:19 AM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 03/02/2007 9:10:53 AM | Attr = ]
3cwmcru.sys -> %System32%\dllcache\3cwmcru.sys -> 3Com, Inc. [Ver = 1.44.008.0020 | Size = 762780 bytes | Created Date = 13/01/2007 1:53:16 PM | Attr = ]
3dfxvs.dll -> %System32%\dllcache\3dfxvs.dll -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 689216 bytes | Created Date = 13/01/2007 1:53:16 PM | Attr = ]
3dfxvsm.sys -> %System32%\dllcache\3dfxvsm.sys -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 148352 bytes | Created Date = 13/01/2007 1:53:16 PM | Attr = ]
a3dapi.dll -> %System32%\dllcache\a3dapi.dll -> Aureal Inc. [Ver = 3.02 | Size = 462848 bytes | Created Date = 13/01/2007 1:53:18 PM | Attr = ]
ac97ali.sys -> %System32%\dllcache\ac97ali.sys -> Acer Laboratories Inc. [Ver = 5.12.01.6003 | Size = 231552 bytes | Created Date = 13/01/2007 1:53:19 PM | Attr = ]
ac97intc.sys -> %System32%\dllcache\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Created Date = 13/01/2007 1:53:20 PM | Attr = ]
ac97sis.sys -> %System32%\dllcache\ac97sis.sys -> Silicon Integrated Systems Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 297728 bytes | Created Date = 13/01/2007 1:53:20 PM | Attr = ]
ac97via.sys -> %System32%\dllcache\ac97via.sys -> VIA Technologies, Inc. [Ver = 5.10.00.3622 built by: WinDDK | Size = 84480 bytes | Created Date = 13/01/2007 1:53:20 PM | Attr = ]
acerscad.dll -> %System32%\dllcache\acerscad.dll -> Color Flatbed Scanner [Ver = 1, 0, 0, 0 | Size = 61440 bytes | Created Date = 13/01/2007 1:53:21 PM | Attr = ]
adm8511.sys -> %System32%\dllcache\adm8511.sys -> ADMtek Incorporated [Ver = 2.04.2001.0719 built by: WinDDK | Size = 20160 bytes | Created Date = 13/01/2007 1:53:22 PM | Attr = ]
adm8810.sys -> %System32%\dllcache\adm8810.sys -> Aureal, Inc. [Ver = 5.12.01.3500 | Size = 584448 bytes | Created Date = 13/01/2007 1:53:23 PM | Attr = ]
adm8820.sys -> %System32%\dllcache\adm8820.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 553984 bytes | Created Date = 13/01/2007 1:53:23 PM | Attr = ]
adm8830.sys -> %System32%\dllcache\adm8830.sys -> Aureal, Inc. [Ver = 5.12.01.2500 | Size = 747392 bytes | Created Date = 13/01/2007 1:53:23 PM | Attr = ]
admjoy.sys -> %System32%\dllcache\admjoy.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 10880 bytes | Created Date = 13/01/2007 1:53:24 PM | Attr = ]
adptsf50.sys -> %System32%\dllcache\adptsf50.sys -> Adaptec, Inc [Ver = V5.10.22 | Size = 46112 bytes | Created Date = 13/01/2007 1:53:25 PM | Attr = ]
adv01nt5.dll -> %System32%\dllcache\adv01nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Created Date = 13/01/2007 1:53:27 PM | Attr = ]
adv02nt5.dll -> %System32%\dllcache\adv02nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Created Date = 13/01/2007 1:53:27 PM | Attr = ]
adv05nt5.dll -> %System32%\dllcache\adv05nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Created Date = 13/01/2007 1:53:28 PM | Attr = ]
adv07nt5.dll -> %System32%\dllcache\adv07nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Created Date = 13/01/2007 1:53:28 PM | Attr = ]
adv08nt5.dll -> %System32%\dllcache\adv08nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Created Date = 13/01/2007 1:53:29 PM | Attr = ]
adv09nt5.dll -> %System32%\dllcache\adv09nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Created Date = 13/01/2007 1:53:30 PM | Attr = ]
adv11nt5.dll -> %System32%\dllcache\adv11nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Created Date = 13/01/2007 1:53:30 PM | Attr = ]
ali5261.sys -> %System32%\dllcache\ali5261.sys -> Acer Laboratories Inc. [Ver = 5.01.2462.0102 | Size = 27678 bytes | Created Date = 13/01/2007 1:53:37 PM | Attr = ]
alifir.sys -> %System32%\dllcache\alifir.sys -> Acer Laboratories Inc. [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 26624 bytes | Created Date = 13/01/2007 1:53:38 PM | Attr = ]
aliide.sys -> %System32%\dllcache\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Created Date = 13/01/2007 1:53:38 PM | Attr = ]
amb8002.sys -> %System32%\dllcache\amb8002.sys -> AmbiCom, Inc. [Ver = v3.03 | Size = 16969 bytes | Created Date = 13/01/2007 1:53:39 PM | Attr = ]
amdagp.sys -> %System32%\dllcache\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Created Date = 13/01/2007 1:53:39 PM | Attr = ]
an983.sys -> %System32%\dllcache\an983.sys -> ADMtek Incorporated. [Ver = 2.17.1025.2001 built by: WinDDK | Size = 36224 bytes | Created Date = 13/01/2007 1:53:40 PM | Attr = ]
asc.sys -> %System32%\dllcache\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Created Date = 13/01/2007 1:53:43 PM | Attr = ]
asc3550.sys -> %System32%\dllcache\asc3
  • 0

#14
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
As I suspected the log is big. Can you post the rest of it because it got cut off . Oh and its no problem, I like to help :whistling:
  • 0

#15
Pugnacious

Pugnacious

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
WinPFind3 logfile created on: 03/02/2007 11:42:53 PM
WinPFind3U by OldTimer - Version 1.0.14 Folder = C:\Documents and Settings\David & Renee\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1046956 Kb Total Physical Memory | 418348 Kb Available Physical Memory | 39.96% Memory free
2520056 Kb Paging File | 1960648 Kb Available in Paging File | 77.80% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61440560 Kb Total Space | 46140892 Kb Free Space | 75.10% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 251120012 Kb Total Space | 129927672 Kb Free Space | 51.74% Space Free


[Processes - Non-Microsoft Only]
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 13/04/2006 4:14:26 PM | Attr = ]
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 13/04/2006 4:14:26 PM | Attr = ]
apcsystray.exe -> %ProgramFiles%\APC\APC PowerChute Personal Edition\apcsystray.exe -> American Power Conversion Corporation [Ver = 2, 0, 0, 0 | Size = 417855 bytes | Modified Date = 12/12/2005 2:03:54 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Antispyware\Ewido\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07/10/2006 7:20:00 AM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.432 | Size = 323072 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
dkservice.exe -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 606316 bytes | Modified Date = 26/07/2005 4:51:22 PM | Attr = ]
drgtodsc.exe -> %ProgramFiles%\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe -> Roxio [Ver = 7.1.0.183 | Size = 1691648 bytes | Modified Date = 25/09/2004 1:37:42 AM | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.79.019 | Size = 37888 bytes | Modified Date = 14/11/2003 9:50:00 AM | Attr = ]
fahcore_78.exe -> %ProgramFiles%\Stanford Folding Project\FahCore_78.exe -> [Ver = | Size = 2338816 bytes | Modified Date = 07/08/2006 10:27:20 AM | Attr = ]
gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/2005 4:48:34 PM | Attr = ]
guard.exe -> %ProgramFiles%\Antispyware\Ewido\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 9:13:20 AM | Attr = ]
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 23, 0 | Size = 878592 bytes | Modified Date = 16/01/2006 4:46:12 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 49263 bytes | Modified Date = 07/09/2006 2:51:22 PM | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 20/06/2006 8:08:48 PM | Attr = ]
mainserv.exe -> %ProgramFiles%\APC\APC PowerChute Personal Edition\mainserv.exe -> American Power Conversion Corporation [Ver = 2, 0, 0, 0 | Size = 176193 bytes | Modified Date = 12/12/2005 2:02:24 PM | Attr = ]
mysqld.exe -> %ProgramFiles%\SlimServer\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -> [Ver = | Size = 4149248 bytes | Modified Date = 15/01/2007 1:28:38 PM | Attr = ]
nmapp.exe -> %ProgramFiles%\Pure Networks\Network Magic\nmapp.exe -> Pure Networks, Inc. [Ver = 4.0.6277.0 | Size = 321088 bytes | Modified Date = 01/11/2006 12:04:02 AM | Attr = ]
nmsrvc.exe -> %ProgramFiles%\Pure Networks\Network Magic\nmsrvc.exe -> Pure Networks, Inc. [Ver = 4.0.6277.0 | Size = 321088 bytes | Modified Date = 01/11/2006 12:04:02 AM | Attr = ]
nsvcappflt.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -> [Ver = 1, 0, 1, 0 | Size = 172032 bytes | Modified Date = 11/09/2006 7:59:28 PM | Attr = ]
nsvcip.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 135227 bytes | Modified Date = 11/09/2006 7:56:02 PM | Attr = ]
nsvclog.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 65599 bytes | Modified Date = 11/09/2006 7:55:42 PM | Attr = ]
nvraidservice.exe -> %System32%\nvraidservice.exe -> NVIDIA Corporation [Ver = 5.10.2600.0663 | Size = 135168 bytes | Modified Date = 07/04/2006 9:37:14 AM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 143426 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
opware32.exe -> %ProgramFiles%\Omnipage\opware32.exe -> ScanSoft, Inc [Ver = 11.0 | Size = 49152 bytes | Modified Date = 25/05/2001 10:56:20 PM | Attr = ]
slim.exe -> %ProgramFiles%\SlimServer\server\slim.exe -> [Ver = 0.0.0.0 | Size = 6611011 bytes | Modified Date = 15/01/2007 1:29:20 PM | Attr = ]
slimtray.exe -> %ProgramFiles%\SlimServer\SlimTray.exe -> [Ver = 0.0.0.0 | Size = 1093701 bytes | Modified Date = 15/01/2007 1:29:06 PM | Attr = ]
smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 28 | Size = 729088 bytes | Modified Date = 10/04/2006 8:19:46 AM | Attr = ]
superantispyware.exe -> %ProgramFiles%\Antispyware\SuperAntispyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 5, 0, 1016 | Size = 1310720 bytes | Modified Date = 10/01/2007 3:14:36 PM | Attr = ]
teatimer.exe -> %ProgramFiles%\Antispyware\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31/05/2005 1:04:00 AM | Attr = ]
unlockerassistant.exe -> %ProgramFiles%\Utilities\Unlocker\UnlockerAssistant.exe -> [Ver = | Size = 15872 bytes | Modified Date = 07/09/2006 12:19:28 PM | Attr = ]
wfxmod32.exe -> %ProgramFiles%\FAX\WFXMOD32.EXE -> Symantec Corporation [Ver = 10.00.2001.0910 | Size = 541184 bytes | Modified Date = 27/11/2001 7:14:14 PM | Attr = ]
wfxsvc.exe -> %System32%\WFXSVC.EXE -> Symantec Corporation [Ver = 10.00.2000.0929 | Size = 129536 bytes | Modified Date = 28/09/2000 10:58:42 PM | Attr = ]
winfah.exe -> %ProgramFiles%\Stanford Folding Project\winFAH.exe -> Stanford University [Ver = 5, 0, 3, 0 | Size = 323584 bytes | Modified Date = 09/11/2004 1:45:08 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.14.0 | Size = 308224 bytes | Modified Date = 03/02/2007 3:49:48 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(APC UPS Service) APC UPS Service [Win32_Own | Auto | Running] -> %ProgramFiles%\APC\APC PowerChute Personal Edition\mainserv.exe -> American Power Conversion Corporation [Ver = 2, 0, 0, 0 | Size = 176193 bytes | Modified Date = 12/12/2005 2:02:24 PM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Antispyware\Ewido\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 9:13:20 AM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.432 | Size = 323072 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 606316 bytes | Modified Date = 26/07/2005 4:51:22 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ]
(ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -> [Ver = 1, 0, 1, 0 | Size = 172032 bytes | Modified Date = 11/09/2006 7:59:28 PM | Attr = ]
(ForcewareWebInterface) Forceware Web Interface [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 13/04/2006 4:14:26 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.755.22488.beta | Size = 136952 bytes | Modified Date = 01/02/2007 7:40:36 PM | Attr = ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 23, 0 | Size = 878592 bytes | Modified Date = 16/01/2006 4:46:12 PM | Attr = ]
(InCDsrvR) InCD Helper (read only) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 23, 0 | Size = 878592 bytes | Modified Date = 16/01/2006 4:46:12 PM | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.105.1 | Size = 49152 bytes | Modified Date = 20/06/2006 8:08:48 PM | Attr = ]
(nmraapache) Pure Networks Net2Go Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -> Pure Networks, Inc. [Ver = 2.0.54 | Size = 12800 bytes | Modified Date = 14/10/2006 7:21:04 PM | Attr = ]
(nmservice) Pure Networks Network Magic Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Pure Networks\Network Magic\nmsrvc.exe -> Pure Networks, Inc. [Ver = 4.0.6277.0 | Size = 321088 bytes | Modified Date = 01/11/2006 12:04:02 AM | Attr = ]
(nSvcIp) ForceWare IP service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 135227 bytes | Modified Date = 11/09/2006 7:56:02 PM | Attr = ]
(nSvcLog) ForceWare user log service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 65599 bytes | Modified Date = 11/09/2006 7:55:42 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 143426 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
(SlimServerMySQL) SlimServerMySQL [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=C:\PROGRA~1\SLIMSE~1\server\Cache\my.cnf -> File not found
(slimsvc) SlimServer [Win32_Own | Auto | Running] -> %ProgramFiles%\SlimServer\server\slim.exe -> [Ver = 0.0.0.0 | Size = 6611011 bytes | Modified Date = 15/01/2007 1:29:20 PM | Attr = ]
(wfxsvc) WinFax PRO [Win32_Own | Auto | Running] -> %System32%\WFXSVC.EXE -> Symantec Corporation [Ver = 10.00.2000.0929 | Size = 129536 bytes | Modified Date = 28/09/2000 10:58:42 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Antispyware\Ewido\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07/10/2006 7:20:00 AM | Attr = ]
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 15/07/2005 4:48:34 PM | Attr = ]
AsusStartupHelp -> %ProgramFiles%\ASUS\AASP\1.00.15\AsRunHelp.exe -> [Ver = | Size = 363008 bytes | Modified Date = 14/11/2006 2:25:40 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
DiskeeperSystray -> %ProgramFiles%\Executive Software\Diskeeper\DkIcon.exe -> Executive Software International, Inc. [Ver = 9.0.532.0 | Size = 184408 bytes | Modified Date = 26/07/2005 4:52:24 PM | Attr = ]
Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE -> Logitech Inc. [Ver = 9.79.016 | Size = 19968 bytes | Modified Date = 07/11/2003 4:50:00 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 9:50:42 AM | Attr = ]
nmapp -> %ProgramFiles%\Pure Networks\Network Magic\nmapp.exe -> Pure Networks, Inc. [Ver = 4.0.6277.0 | Size = 321088 bytes | Modified Date = 01/11/2006 12:04:02 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 7557120 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 86016 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
NVRaidService -> %System32%\nvraidservice.exe -> NVIDIA Corporation [Ver = 5.10.2600.0663 | Size = 135168 bytes | Modified Date = 07/04/2006 9:37:14 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
Omnipage -> %ProgramFiles%\Omnipage\opware32.exe -> ScanSoft, Inc [Ver = 11.0 | Size = 49152 bytes | Modified Date = 25/05/2001 10:56:20 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 14/08/2006 12:07:30 PM | Attr = ]
RoxioDragToDisc -> %ProgramFiles%\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe -> Roxio [Ver = 7.1.0.183 | Size = 1691648 bytes | Modified Date = 25/09/2004 1:37:42 AM | Attr = ]
SoundMax -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 28 | Size = 729088 bytes | Modified Date = 10/04/2006 8:19:46 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_09\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 49263 bytes | Modified Date = 07/09/2006 2:51:22 PM | Attr = ]
UnlockerAssistant -> %ProgramFiles%\Utilities\Unlocker\UnlockerAssistant.exe -> [Ver = | Size = 15872 bytes | Modified Date = 07/09/2006 12:19:28 PM | Attr = ]
WMC_AutoUpdate -> -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BitTorrent -> %ProgramFiles%\Torrent\bittorrent.exe -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Antispyware\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31/05/2005 1:04:00 AM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\Antispyware\SuperAntispyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 5, 0, 1016 | Size = 1310720 bytes | Modified Date = 10/01/2007 3:14:36 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\APC UPS Status.lnk -> %ProgramFiles%\APC\APC PowerChute Personal Edition\Display.exe -> American Power Conversion Corporation [Ver = 2, 0, 0, 0 | Size = 221247 bytes | Modified Date = 12/12/2005 2:05:30 PM | Attr = ]
%AllUsersStartup%\SlimServer Tray Tool.lnk -> %ProgramFiles%\SlimServer\SlimTray.exe -> [Ver = 0.0.0.0 | Size = 1093701 bytes | Modified Date = 15/01/2007 1:29:06 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\David & Renee\Start Menu\Programs\Startup
%UserStartup%\Folding@Home 5.03.lnk -> %ProgramFiles%\Stanford Folding Project\winFAH.exe -> Stanford University [Ver = 5, 0, 3, 0 | Size = 323584 bytes | Modified Date = 09/11/2004 1:45:08 PM | Attr = ]
%UserStartup%\MiniReminder.lnk -> %ProgramFiles%\Scheduler\MiniReminder\MiniReminder.exe -> [Ver = | Size = 138752 bytes | Modified Date = 24/05/2006 5:00:00 PM | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 10:05:26 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk -> %ProgramFiles%\APC\APC PowerChute Personal Edition\Display.exe -> American Power Conversion Corporation [Ver = 2, 0, 0, 0 | Size = 221247 bytes | Modified Date = 12/12/2005 2:05:30 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk -> %SystemDrive%\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE -> File not found
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
Ai Nap -> %ProgramFiles%\ASUS\Ai Nap\AiNap.exe -> [Ver = | Size = 1090560 bytes | Modified Date = 10/05/2006 6:28:32 PM | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> File not found
InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 23, 0 | Size = 1398272 bytes | Modified Date = 16/01/2006 11:46:28 AM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 9:50:42 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
PhotoShow Deluxe Media Manager -> %ProgramFiles%\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe -> Ahead Software [Ver = 1.0.1.0 | Size = 212992 bytes | Modified Date = 25/02/2005 7:28:04 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 14/08/2006 12:07:30 PM | Attr = ]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 28 | Size = 729088 bytes | Modified Date = 10/04/2006 8:19:46 AM | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 61 | Size = 843776 bytes | Modified Date = 30/04/2006 9:07:44 PM | Attr = R ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_07\bin\jusched.exe -> File not found
WFXSwtch -> %ProgramFiles%\FAX\WFXSWTCH.exe -> [Ver = | Size = 27648 bytes | Modified Date = 27/11/2001 7:14:14 PM | Attr = ]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> File not found
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
regfile [merge] -> Reg Data - Key not found ->
scrfile [open] -> "%1" /S ->
scrfile [config] -> "%1" ->
Directory [DrTagBrowse] -> %ProgramFiles%\Dr Tag\DrTag\DrTag.exe -> Aspect one [Ver = 3.0.1.170 | Size = 4987392 bytes | Modified Date = 12/07/2005 9:18:16 PM | Attr = ]
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->
NewLinkHere -> -> File not found
%1 -> -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->
Briefcase_Create -> -> File not found
%2!d! -> -> File not found
%1 -> -> File not found
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ->
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /HideWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->
-a -> -> File not found
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Antispyware\Ewido\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 9:13:28 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\Antispyware\SuperAntispyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 12:55:48 PM | Attr = ]
{A213B520-C6C2-11d0-AF9D-008029E1027E} [HKLM] -> %ProgramFiles%\FAX\WFXSEH32.DLL [] -> Symantec Corporation [Ver = 9.00.98.0727 | Size = 38400 bytes | Modified Date = 27/07/1998 3:54:06 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
!SASWinLogon -> %ProgramFiles%\Antispyware\SuperAntispyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1028 | Size = 258048 bytes | Modified Date = 19/10/2006 9:12:20 AM | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place0 -> ::{C55C499D-3518-44a1-998E-796AC5FC989D} ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place1 -> 8 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place2 -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place3 -> 5 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\PlacesBar\\Place4 -> 17 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.microsoft...p...&ar=msnhome ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
www_woodgundy.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 4:16:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Antispyware\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 1:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 434279 bytes | Modified Date = 07/09/2006 3:06:08 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 1, 0, 4, 0 | Size = 110592 bytes | Modified Date = 19/09/2002 10:45:14 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [&Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Sun Java Console ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Windows Messenger ->
NextId -> 8194 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_09\bin\npjpi150_09.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 69746 bytes | Modified Date = 07/09/2006 3:06:08 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 434279 bytes | Modified Date = 07/09/2006 3:06:08 PM | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> %ProgramFiles%\XVID to DVD\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 61440 bytes | Modified Date = 25/02/2006 12:50:46 PM | Attr = ]
{0873D142-79EF-49fa-81B5-211AAC0B0A7F} [HKLM] -> %ProgramFiles%\Roxio\Easy Media Creator 7\Creator Classic\TargetFinder.dll [Target Finder Shell Extension] -> [Ver = 1, 0, 0, 1 | Size = 172032 bytes | Modified Date = 25/09/2004 1:26:04 AM | Attr = ]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> %ProgramFiles%\UNZip\7-Zip\7-zip.dll [7-Zip Shell Extension] -> [Ver = | Size = 138752 bytes | Modified Date = 13/05/2006 11:23:40 PM | Attr = ]
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} [HKLM] -> Reg Data - Key not found [CopyToCD shell extension] -> File not found
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> %ProgramFiles%\Pure Networks\Network Magic\nmspce2.dll [NetworkMagic] -> Pure Networks, Inc. [Ver = 4.0.6313.0 | Size = 661056 bytes | Modified Date = 09/11/2006 1:17:54 AM | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5E44E225-A408-11CF-B581-008029601108} [HKLM] -> %ProgramFiles%\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll [Roxio DragToDisc Shell Extension] -> Roxio [Ver = 7.1.0.183 | Size = 319488 bytes | Modified Date = 25/09/2004 1:37:50 AM | Attr = ]
{62998FFD-B0A8-4019-8B86-CF0785539EC5} [HKLM] -> %ProgramFiles%\DAT\IE Privacy Keeper\SecureDelete.dll [IE Privacy Keeper Secure Delete Shell Extension] -> UnH Solutions [Ver = 2.7.1 | Size = 135168 bytes | Modified Date = 29/05/2005 8:40:40 PM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %SystemDrive%\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll [Webroot Spy Sweeper Context Menu Integration] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> %ProgramFiles%\Ahead\InCD\incdshx.dll [Shell Extension for CDRW] -> Nero AG [Ver = 4, 3, 23, 0 | Size = 103424 bytes | Modified Date = 16/01/2006 4:35:06 PM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 7557120 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
{C55C499D-3518-44a1-998E-796AC5FC989D} [HKLM] -> %ProgramFiles%\Pure Networks\Network Magic\nmspce2.dll [NetworkMagic] -> Pure Networks, Inc. [Ver = 4.0.6313.0 | Size = 661056 bytes | Modified Date = 09/11/2006 1:17:54 AM | Attr = ]
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Utilities\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 8704 bytes | Modified Date = 07/09/2006 12:19:02 PM | Attr = ]
{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} [HKLM] -> Reg Data - Key not found [Haali Matroska Thumbnail Exctractor] -> File not found
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 7557120 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{CA8ACAFA-5FBB-467B-B348-90DD488DE003} [HKLM] -> %ProgramFiles%\Antispyware\SuperAntispyware\SASCTXMN.DLL [SASContextMenu Class] -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1002 | Size = 61440 bytes | Modified Date = 16/01/2007 1:54:10 PM | Attr = ]
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> %ProgramFiles%\UNZip\7-Zip\7-zip.dll [7-Zip] -> [Ver = | Size = 138752 bytes | Modified Date = 13/05/2006 11:23:40 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Antispyware\Ewido\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06/10/2006 6:40:48 AM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
{62998FFD-B0A8-4019-8B86-CF0785539EC5} [HKLM] -> %ProgramFiles%\DAT\IE Privacy Keeper\SecureDelete.dll [IEPKSecureDelete] -> UnH Solutions [Ver = 2.7.1 | Size = 135168 bytes | Modified Date = 29/05/2005 8:40:40 PM | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %SystemDrive%\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll [SpySweeper] -> File not found
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Utilities\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 8704 bytes | Modified Date = 07/09/2006 12:19:02 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> %ProgramFiles%\Pure Networks\Network Magic\nmspce2.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 4.0.6313.0 | Size = 661056 bytes | Modified Date = 09/11/2006 1:17:54 AM | Attr = ]
{CA8ACAFA-5FBB-467B-B348-90DD488DE003} [HKLM] -> %ProgramFiles%\Antispyware\SuperAntispyware\SASCTXMN.DLL [SASContextMenu Class] -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1002 | Size = 61440 bytes | Modified Date = 16/01/2007 1:54:10 PM | Attr = ]
{23170F69-40C1-278A-1000-000100020000} [HKLM] -> %ProgramFiles%\UNZip\7-Zip\7-zip.dll [7-Zip] -> [Ver = | Size = 138752 bytes | Modified Date = 13/05/2006 11:23:40 PM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Antispyware\Ewido\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06/10/2006 6:40:48 AM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> %ProgramFiles%\Pure Networks\Network Magic\nmspce2.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 4.0.6313.0 | Size = 661056 bytes | Modified Date = 09/11/2006 1:17:54 AM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> %ProgramFiles%\Ahead\InCD\incdshx.dll [InCDMenu] -> Nero AG [Ver = 4, 3, 23, 0 | Size = 103424 bytes | Modified Date = 16/01/2006 4:35:06 PM | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 7557120 bytes | Modified Date = 13/02/2006 10:05:00 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{33F85093-44BB-4587-B25B-FFD05D5B9916} [HKLM] -> %ProgramFiles%\Pure Networks\Network Magic\nmspce2.dll [Network Magic Folders] -> Pure Networks, Inc. [Ver = 4.0.6313.0 | Size = 661056 bytes | Modified Date = 09/11/2006 1:17:54 AM | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 02/01/2007 10:08:24 PM | Attr = ]
{62998FFD-B0A8-4019-8B86-CF0785539EC5} [HKLM] -> %ProgramFiles%\DAT\IE Privacy Keeper\SecureDelete.dll [IEPKSecureDelete] -> UnH Solutions [Ver = 2.7.1 | Size = 135168 bytes | Modified Date = 29/05/2005 8:40:40 PM | Attr = ]
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %SystemDrive%\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll [SpySweeper] -> File not found
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} [HKLM] -> %ProgramFiles%\Utilities\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [Ver = | Size = 8704 bytes | Modified Date = 07/09/2006 12:19:02 PM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> %ProgramFiles%\XVID to DVD\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 61440 bytes | Modified Date = 25/02/2006 12:50:46 PM | Attr = ]
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14/12/2004 2:20:02 AM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
pure-go -> %CommonProgramFiles%\Pure Networks Shared\puresp3.dll -> Pure Networks, Inc. [Ver = 4.0.6305.0 | Size = 71232 bytes | Modified Date = 09/11/2006 1:37:38 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com...ex/qtplugin.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.micr...heckControl.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.micros...b?1154490054000 ->
{850F23ED-AC36-4E9D-A5BB-B0AAE453FEAE} -> Sympatico E-mail Configuration Tool - CodeBase = http://upgradecentre...s/emcconfig.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.ma...ash/swflash.cab ->
{D6376DD2-C2BD-49B2-A1B1-138F869633F3} -> ASPRO Installer Class - CodeBase = http://acs.pandasoft...5/asproinst.cab ->
{E473A65C-8087-49A3-AFFD-C5BC4A10669B} -> Quantum Streaming IE Player Class - CodeBase = http://mvnet.xlontec...2ie06101001.cab ->


[Files - Created Within 30 days]
.rnd -> %SystemDrive%\.rnd -> [Ver = | Size = 1024 bytes | Created Date = 19/01/2007 11:52:08 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072156672 bytes | Created Date = 01/01/1601 5:00:00 AM | Attr = HS]
WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_5_0_1016.MSI -> %CommonProgramFiles%\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_3_5_0_1016.MSI -> [Ver = | Size = 3977216 bytes | Created Date = 02/02/2007 9:49:26 PM | Attr = ]
M2NE502.BIN -> %SystemRoot%\M2NE502.BIN -> [Ver = | Size = 524288 bytes | Created Date = 13/01/2007 11:23:36 AM | Attr = ]
M2NE502.zip -> %SystemRoot%\M2NE502.zip -> [Ver = | Size = 341582 bytes | Created Date = 13/01/2007 11:23:25 AM | Attr = ]
mseixml.sei -> %SystemRoot%\mseixml.sei -> [Ver = | Size = 22 bytes | Created Date = 17/01/2007 1:53:36 PM | Attr = ]
PAV.SIG -> %SystemRoot%\PAV.SIG -> [Ver = | Size = 23651478 bytes | Created Date = 03/02/2007 3:06:19 PM | Attr = ]
.ico -> %System32%\.ico -> [Ver = | Size = 5269 bytes | Created Date = 03/02/2007 10:30:19 AM | Attr = ]
a3d.dll -> %System32%\a3d.dll -> Sensaura Ltd [Ver = 4.12.01.2009 | Size = 65536 bytes | Created Date = 13/01/2007 1:53:18 PM | Attr = R ]
asprouni.exe -> %System32%\asprouni.exe -> Panda Software [Ver = 1, 0, 0, 1 | Size = 69632 bytes | Created Date = 03/02/2007 10:37:18 AM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 03/02/2007 9:10:53 AM | Attr = ]
CapabilityTable.exe -> %System32%\CapabilityTable.exe -> NVIDIA Corporation [Ver = 2, 2, 1, 464 | Size = 442368 bytes | Created Date = 19/01/2007 11:51:22 AM | Attr = ]
CMMGR32.EXE -> %System32%\CMMGR32.EXE -> [Ver = | Size = 0 bytes | Created Date = 02/02/2007 9:59:45 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 03/02/2007 9:10:23 AM | Attr = ]
Helppro.ico -> %System32%\Helppro.ico -> [Ver = | Size = 1406 bytes | Created Date = 03/02/2007 10:30:19 AM | Attr = ]
mseixml.sei -> %System32%\mseixml.sei -> [Ver = | Size = 22 bytes | Created Date = 17/01/2007 1:53:36 PM | Attr = ]
nv4_disp.dll -> %System32%\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 3960064 bytes | Created Date = 13/01/2007 2:05:09 PM | Attr = ]
nvide.nvu -> %System32%\nvide.nvu -> [Ver = | Size = 1570 bytes | Created Date = 19/01/2007 11:51:13 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\nvide.nvu:Zone.Identifier ->
nvuide.exe -> %System32%\nvuide.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 208896 bytes | Created Date = 19/01/2007 11:51:13 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\nvuide.exe:Zone.Identifier ->
OLD2E8.tmp -> %System32%\OLD2E8.tmp -> Sensaura Ltd [Ver = 4.12.01.2009 | Size = 65536 bytes | Created Date = 13/01/2007 1:53:18 PM | Attr = R ]
OLD9CA.tmp -> %System32%\OLD9CA.tmp -> NVIDIA Corporation [Ver = 6.14.10.8391 | Size = 3960064 bytes | Created Date = 13/01/2007 2:05:09 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 03/02/2007 9:10:22 AM | Attr = ]
pavaspro.ico -> %System32%\pavaspro.ico -> [Ver = | Size = 30590 bytes | Created Date = 03/02/2007 10:30:18 AM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 03/02/2007 9:10:23 AM | Attr = ]
Uninstallpro.ico -> %System32%\Uninstallpro.ico -> [Ver = | Size = 2550 bytes | Created Date = 03/02/2007 10:30:19 AM | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 03/02/2007 9:10:53 AM | Attr = ]
3cwmcru.sys -> %System32%\dllcache\3cwmcru.sys -> 3Com, Inc. [Ver = 1.44.008.0020 | Size = 762780 bytes | Created Date = 13/01/2007 1:53:16 PM | Attr = ]
3dfxvs.dll -> %System32%\dllcache\3dfxvs.dll -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 689216 bytes | Created Date = 13/01/2007 1:53:16 PM | Attr = ]
3dfxvsm.sys -> %System32%\dllcache\3dfxvsm.sys -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 148352 bytes | Created Date = 13/01/2007 1:53:16 PM | Attr = ]
a3dapi.dll -> %System32%\dllcache\a3dapi.dll -> Aureal Inc. [Ver = 3.02 | Size = 462848 bytes | Created Date = 13/01/2007 1:53:18 PM | Attr = ]
ac97ali.sys -> %System32%\dllcache\ac97ali.sys -> Acer Laboratories Inc. [Ver = 5.12.01.6003 | Size = 231552 bytes | Created Date = 13/01/2007 1:53:19 PM | Attr = ]
ac97intc.sys -> %System32%\dllcache\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Created Date = 13/01/2007 1:53:20 PM | Attr = ]
ac97sis.sys -> %System32%\dllcache\ac97sis.sys -> Silicon Integrated Systems Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 297728 bytes | Created Date = 13/01/2007 1:53:20 PM | Attr = ]
ac97via.sys -> %System32%\dllcache\ac97via.sys -> VIA Technologies, Inc. [Ver = 5.10.00.3622 built by: WinDDK | Size = 84480 bytes | Created Date = 13/01/2007 1:53:20 PM | Attr = ]
acerscad.dll -> %System32%\dllcache\acerscad.dll -> Color Flatbed Scanner [Ver = 1, 0, 0, 0 | Size = 61440 bytes | Created Date = 13/01/2007 1:53:21 PM | Attr = ]
adm8511.sys -> %System32%\dllcache\adm8511.sys -> ADMtek Incorporated [Ver = 2.04.2001.0719 built by: WinDDK | Size = 20160 bytes | Created Date = 13/01/2007 1:53:22 PM | Attr = ]
adm8810.sys -> %System32%\dllcache\adm8810.sys -> Aureal, Inc. [Ver = 5.12.01.3500 | Size = 584448 bytes | Created Date = 13/01/2007 1:53:23 PM | Attr = ]
adm8820.sys -> %System32%\dllcache\adm8820.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 553984 bytes | Created Date = 13/01/2007 1:53:23 PM | Attr = ]
adm8830.sys -> %System32%\dllcache\adm8830.sys -> Aureal, Inc. [Ver = 5.12.01.2500 | Size = 747392 bytes | Created Date = 13/01/2007 1:53:23 PM | Attr = ]
admjoy.sys -> %System32%\dllcache\admjoy.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 10880 bytes | Created Date = 13/01/2007 1:53:24 PM | Attr = ]
adptsf50.sys -> %System32%\dllcache\adptsf50.sys -> Adaptec, Inc [Ver = V5.10.22 | Size = 46112 bytes | Created Date = 13/01/2007 1:53:25 PM | Attr = ]
adv01nt5.dll -> %System32%\dllcache\adv01nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Created Date = 13/01/2007 1:53:27 PM | Attr = ]
adv02nt5.dll -> %System32%\dllcache\adv02nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Created Date = 13/01/2007 1:53:27 PM | Attr = ]
adv05nt5.dll -> %System32%\dllcache\adv05nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Created Date = 13/01/2007 1:53:28 PM | Attr = ]
adv07nt5.dll -> %System32%\dllcache\adv07nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Created Date = 13/01/2007 1:53:28 PM | Attr = ]
adv08nt5.dll -> %System32%\dllcache\adv08nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Created Date = 13/01/2007 1:53:29 PM | Attr = ]
adv09nt5.dll -> %System32%\dllcache\adv09nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Created Date = 13/01/2007 1:53:30 PM | Attr = ]
adv11nt5.dll -> %System32%\dllcache\adv11nt5.dll -> Intel® Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Created Date = 13/01/2007 1:53:30 PM | Attr = ]
ali5261.sys -> %System32%\dllcache\ali5261.sys -> Acer Laboratories Inc. [Ver = 5.01.2462.0102 | Size = 27678 bytes | Created Date = 13/01/2007 1:53:37 PM | Attr = ]
alifir.sys -> %System32%\dllcache\alifir.sys -> Acer Laboratories Inc. [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 26624 bytes | Created Date = 13/01/2007 1:53:38 PM | Attr = ]
aliide.sys -> %System32%\dllcache\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Created Date = 13/01/2007 1:53:38 PM | Attr = ]
amb8002.sys -> %System32%\dllcache\amb8002.sys -> AmbiCom, Inc. [Ver = v3.03 | Size = 16969 bytes | Created Date = 13/01/2007 1:53:39 PM | Attr = ]
amdagp.sys -> %System32%\dllcache\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Created Date = 13/01/2007 1:53:39 PM | Attr = ]
an983.sys -> %System32%\dllcache\an983.sys -> ADMtek Incorporated. [Ver = 2.17.1025.2001 built by: WinDDK | Size = 36224 bytes | Created Date = 13/01/2007 1:53:40 PM | Attr = ]
asc.sys -> %System32%\dllcache\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Created Date = 13/01/2007 1:53:43 PM | Attr = ]
asc3550.sys -> %System32%\dllcache\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Created Date = 13/01/2007 1:53:43 PM | Attr = ]
aspndis3.sys -> %System32%\dllcache\aspndis3.sys -> Bay Networks, Inc. [Ver = 3.23.11 | Size = 97354 bytes | Created Date = 13/01/2007 1:53:44 PM | Attr = ]

Edited by Pugnacious, 04 February 2007 - 08:26 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP