Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Is my computer infected?

Started by sukaira-ku , Mar 04 2007 11:45 AM

  • This topic is locked This topic is locked

#16
RiP
Posted 07 March 2007 - 02:47 PM

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello sukaira-ku,

winpfind2 always seems to freeze and I get the not responding message. Am I suppose to run it in safe mode? Currently I am running it in normal mode with all other applications closed.

It should work in normal mode, just give it a few more minutes and see if it stays not responding. Feel free to delete all of the items AVG Anti-Spyware has in quarantine.
  • 0

Advertisements

#17
sukaira-ku
Posted 07 March 2007 - 02:50 PM

sukaira-ku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I rebooted my computer and tried winpfind2 again and it worked. Here is the scan report

Logfile created on: 3/7/2007 3:49:31 PM
WinPFind2 by OldTimer - Version 1.0.15 Folder = C:\Documents and Settings\Daisy\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)


< All Processes >
\systemroot\system32\smss.exe - (Microsoft Corporation )
\??\c:\windows\system32\csrss.exe - (Microsoft Corporation )
\??\c:\windows\system32\winlogon.exe - (Microsoft Corporation )
c:\windows\system32\services.exe - (Microsoft Corporation )
c:\windows\system32\lsass.exe - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] - (Microsoft Corporation )
(RpcSs) C:\WINDOWS\system32\rpcss.dll - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] - (Microsoft Corporation )
(AppMgmt) C:\WINDOWS\System32\appmgmts.dll - (Microsoft Corporation )
(AudioSrv) C:\WINDOWS\System32\audiosrv.dll - (Microsoft Corporation )
(BITS) C:\WINDOWS\System32\qmgr.dll - (Microsoft Corporation )
(Browser) C:\WINDOWS\System32\browser.dll - (Microsoft Corporation )
(CryptSvc) C:\WINDOWS\System32\cryptsvc.dll - (Microsoft Corporation )
(Dhcp) C:\WINDOWS\System32\dhcpcsvc.dll - (Microsoft Corporation )
(dmserver) C:\WINDOWS\System32\dmserver.dll - (Microsoft Corp. )
(ERSvc) C:\WINDOWS\System32\ersvc.dll - (Microsoft Corporation )
(EventSystem) C:\WINDOWS\System32\es.dll - (Microsoft Corporation )
(FastUserSwitchingCompatibility) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(helpsvc) %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (File not found))
(HidServ) C:\WINDOWS\System32\hidserv.dll - (Microsoft Corporation )
(lanmanserver) C:\WINDOWS\System32\srvsvc.dll - (Microsoft Corporation )
(lanmanworkstation) C:\WINDOWS\System32\wkssvc.dll - (Microsoft Corporation )
(Messenger) C:\WINDOWS\System32\msgsvc.dll - (Microsoft Corporation )
(Netman) C:\WINDOWS\System32\netman.dll - (Microsoft Corporation )
(Nla) C:\WINDOWS\System32\mswsock.dll - (Microsoft Corporation )
(NtmsSvc) C:\WINDOWS\system32\ntmssvc.dll - (Microsoft Corporation )
(RasAuto) C:\WINDOWS\System32\rasauto.dll - (Microsoft Corporation )
(RasMan) C:\WINDOWS\System32\rasmans.dll - (Microsoft Corporation )
(RemoteAccess) C:\WINDOWS\System32\mprdim.dll - (Microsoft Corporation )
(Schedule) C:\WINDOWS\system32\schedsvc.dll - (Microsoft Corporation )
(seclogon) C:\WINDOWS\System32\seclogon.dll - (Microsoft Corporation )
(SENS) C:\WINDOWS\system32\sens.dll - (Microsoft Corporation )
(SharedAccess) C:\WINDOWS\System32\ipnathlp.dll - (Microsoft Corporation )
(ShellHWDetection) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(srservice) C:\WINDOWS\System32\srsvc.dll - (Microsoft Corporation )
(TapiSrv) C:\WINDOWS\System32\tapisrv.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
(Themes) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(TrkWks) C:\WINDOWS\system32\trkwks.dll - (Microsoft Corporation )
(uploadmgr) %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (File not found))
(W32Time) C:\WINDOWS\System32\w32time.dll - (Microsoft Corporation )
(winmgmt) C:\WINDOWS\system32\wbem\WMIsvc.dll - (Microsoft Corporation )
(WmdmPmSN) C:\WINDOWS\System32\MsPMSNSv.dll - (Microsoft Corporation )
(Wmi) C:\WINDOWS\System32\advapi32.dll - (Microsoft Corporation )
(wuauserv) C:\WINDOWS\System32\wuauserv.dll - (Microsoft Corporation )
(WZCSVC) C:\WINDOWS\System32\wzcsvc.dll - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] - (Microsoft Corporation )
(Dnscache) C:\WINDOWS\System32\dnsrslvr.dll - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] - (Microsoft Corporation )
(Alerter) C:\WINDOWS\system32\alrsvc.dll - (Microsoft Corporation )
(LmHosts) C:\WINDOWS\System32\lmhsvc.dll - (Microsoft Corporation )
(RemoteRegistry) C:\WINDOWS\system32\regsvc.dll - (Microsoft Corporation )
(SSDPSRV) C:\WINDOWS\System32\ssdpsrv.dll - (Microsoft Corporation )
(upnphost) C:\WINDOWS\System32\upnphost.dll - (Microsoft Corporation )
(WebClient) C:\WINDOWS\System32\webclnt.dll - (Microsoft Corporation )
c:\windows\system32\brsvc01a.exe - (brother Industries Ltd )
c:\windows\system32\spoolsv.exe - (Microsoft Corporation )
c:\windows\system32\brss01a.exe - (brother Industries Ltd )
c:\windows\explorer.exe - (Microsoft Corporation )
c:\program files\trend micro\pc-cillin 2000\pop3trap.exe - (Trend Micro Inc. )
c:\program files\trend micro\pc-cillin 2000\webtrapnt.exe - (Trend Micro Inc. )
c:\program files\java\jre1.5.0_10\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\program files\itunes\ituneshelper.exe - (Apple Computer, Inc. )
c:\windows\system32\ctfmon.exe - (Microsoft Corporation )
c:\documents and settings\daisy\desktop\avg anti-spyware 7.5\guard.exe - (Anti-Malware Development a.s. )
c:\program files\trend micro\pc-cillin 2000\pccntupd.exe - ( )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] - (Microsoft Corporation )
(stisvc) C:\WINDOWS\system32\wiaservc.dll - (Microsoft Corporation )
c:\program files\trend micro\pc-cillin 2000\tmntsrv.exe - (Trend Micro Inc. )
c:\program files\ipod\bin\ipodservice.exe - (Apple Computer, Inc. )
c:\windows\system32\wuauclt.exe - (Microsoft Corporation )
c:\documents and settings\daisy\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.microsoft...p...ER}&ar=home
HKLM->Main\\Search Page - http://www.microsoft...amp;ar=iesearch
HKLM->Main\\Default_Page_URL - http://www.microsoft...p...&ar=msnhome
HKLM->Main\\Default_Search_URL - http://www.microsoft...amp;ar=iesearch
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page - http://www.google.com/
HKCU->Main\\Search Page - http://www.microsoft...amp;ar=iesearch
HKCU->Main\\Local Page - C:\WINDOWS\System32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm
HKLM->Search\\SearchAssistant - http://ie.search.msn...st/srchasst.htm
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0

[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc. )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINDOWS\system32\msdxm.ocx ( )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Toolbar = Reg Data - Key not found (File not found)

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8195 - Sun Java Console
{53F6FCCD-9E22-4d71-86EA-6E43136192AB} - 8196 - Reg Data - Key not found
{925DAB62-F9AC-4221-806A-057BFB1014AA} - 8197 - Reg Data - Key not found
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 - Messenger
NextId - 8198

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc. )
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc. )
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation )

[HKCU-> Internet Explorer Menu Extensions]
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data - Key not found (File not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found)
{48F45200-91E6-11CE-8A4F-0080C81A28D4} - TMD Shell Extension = C:\Program Files\Trend Micro\PC-cillin 2000\Tmdshell.dll (Trend Micro Inc. )
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data - Key not found (File not found)
{771A9DA0-731A-11CE-993C-00AA004ADB6C} - VBPropSheet = C:\Program Files\Trend Micro\PC-cillin 2000\VBProp.dll (Trend Micro Inc. )
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data - Key not found (File not found)
{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data - Key not found (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc. )
{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc. )
{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - {48F45200-91E6-11CE-8A4F-0080C81A28D4} - Reg Data - Value does not exist = C:\Program Files\Trend Micro\PC-cillin 2000\Tmdshell.dll (Trend Micro Inc. )
* - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Daisy\Desktop\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
* - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
Directory - {48F45200-91E6-11CE-8A4F-0080C81A28D4} - Reg Data - Value does not exist = C:\Program Files\Trend Micro\PC-cillin 2000\Tmdshell.dll (Trend Micro Inc. )
Directory - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Daisy\Desktop\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Directory - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]
Folder - {7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalColumnHandler Class = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG )
Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\System32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\!AVG Anti-Spyware - "C:\Documents and Settings\Daisy\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized (Anti-Malware Development a.s. )
HKLM->Run\\C-Media Mixer - Mixer.exe /startup (C-Media Electronic Inc. (www.cmedia.com.tw) )
HKLM->Run\\DAEMON Tools - "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd. )
HKLM->Run\\iTunesHelper - "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc. )
HKLM->Run\\NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh )
HKLM->Run\\Pop3trap.exe - "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe" (Trend Micro Inc. )
HKLM->Run\\REGSHAVE - C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN (FUJI PHOTO FILM CO., LTD. )
HKLM->Run\\SunJavaUpdateSched - "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" (Sun Microsystems, Inc. )
HKLM->Run\\WebTrapNT.exe - "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe" (Trend Micro Inc. )
HKLM->Run\\WMC_AutoUpdate - (File not found)
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\ctfmon.exe - C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation )

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]
AppInit_DLL - (File not found)

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{4DEC9B29-F08F-4cbc-B179-592B9283FAC9} - = c:\program files\trend micro\pc-cillin 2000\fgpcbazu.dll (File not found)
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Documents and Settings\Daisy\Desktop\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s. )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - SsiEfr.e;

[PendingFileRenameOperations]

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]

[>> User Agent Post Platform <<]

[>> Winlogon <<]
HMLM->AltDefaultDomainName - P4
HMLM->AltDefaultUserName - Daisy
HMLM->AutoAdminLogon - Reg Data - Value does not exist
HMLM->DefaultDomainName - P4
HMLM->DefaultUserName - Daisy
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )
Notify\WRNotifier - WRLogonNTF.dll (File not found)

[>> DNS Name Servers <<]
{823DCE86-261F-448A-8419-253063CCC6AE} - (SiS 900-Based PCI Fast Ethernet Adapter)
{EC94AB2D-8112-416B-95E6-18ADBDE7BB0A} - ()

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 (Tcpip) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 (NTDS) - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 (Network Location Awareness (NLA) Namespace) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found)
msdaipp - (File not found)
vnd.ms.radio - C:\WINDOWS\system32\msdxm.ocx ( )

[>> Protocol Filters (Non-Microsoft only) <<]

< All Services >
Abiosdsk (Abiosdsk) - (File not found)) [Disabled - Stopped - Kernel driver]
abp480n5 (abp480n5) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft ACPI Driver (ACPI) - \SystemRoot\System32\DRIVERS\ACPI.sys (Microsoft Corporation ) [ - Running - Kernel driver]
ACPIEC (ACPIEC) - (File not found)) [Disabled - Stopped - Kernel driver]
adpu160m (adpu160m) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft Kernel Acoustic Echo Canceller (aec) - system32\drivers\aec.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
AFD Networking Support Environment (AFD) - \SystemRoot\System32\drivers\afd.sys (Microsoft Corporation ) [Automatic - Running - Kernel driver]
Aha154x (Aha154x) - (File not found)) [Disabled - Stopped - Kernel driver]
aic78u2 (aic78u2) - (File not found)) [Disabled - Stopped - Kernel driver]
aic78xx (aic78xx) - (File not found)) [Disabled - Stopped - Kernel driver]
Alerter (Alerter) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Application Layer Gateway Service (ALG) - C:\WINDOWS\System32\alg.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
AliIde (AliIde) - (File not found)) [Disabled - Stopped - Kernel driver]
amsint (amsint) - (File not found)) [Disabled - Stopped - Kernel driver]
Application Management (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
asc (asc) - (File not found)) [Disabled - Stopped - Kernel driver]
asc3350p (asc3350p) - (File not found)) [Disabled - Stopped - Kernel driver]
asc3550 (asc3550) - (File not found)) [Disabled - Stopped - Kernel driver]
RAS Asynchronous Media Driver (AsyncMac) - System32\DRIVERS\asyncmac.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Standard IDE/ESDI Hard Disk Controller (atapi) - \SystemRoot\System32\DRIVERS\atapi.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Atdisk (Atdisk) - (File not found)) [Disabled - Stopped - Kernel driver]
ati2mpaa (ati2mpaa) - System32\DRIVERS\ati2mpaa.sys (ATI Technologies Inc. ) [On Demand - Running - Kernel driver]
ATM ARP Client Protocol (Atmarpc) - System32\DRIVERS\atmarpc.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Audio Stub Driver (audstub) - System32\DRIVERS\audstub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) - \??\C:\Documents and Settings\Daisy\Desktop\AVG Anti-Spyware 7.5\guard.sys ( ) [ - Running - Kernel driver]
AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Documents and Settings\Daisy\Desktop\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
AVG Anti-Spyware Clean Driver (AvgAsCln) - System32\DRIVERS\AvgAsCln.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver]
Beep (Beep) - (File not found)) [ - Running - Kernel driver]
Background Intelligent Transfer Service (BITS) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Brother MFC Filter Driver (brfilt) - System32\Drivers\Brfilt.sys (Brother Industries Ltd. ) [On Demand - Stopped - Kernel driver]
BrSplService (Brother XP spl Service) - C:\WINDOWS\System32\brsvc01a.exe (brother Industries Ltd ) [Automatic - Running - Win32, running in it's own process]
Computer Browser (Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Brother Serial driver (BrSerWDM) - System32\Drivers\BrSerWdm.sys (Brother Industries Ltd. ) [On Demand - Stopped - Kernel driver]
Brother MFC USB Fax Only Modem (BrUsbMdm) - System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd. ) [On Demand - Stopped - Kernel driver]
Brother MFC USB Scanner driver (BrUsbScn) - System32\Drivers\BrUsbScn.sys (Brother Industries Ltd. ) [On Demand - Stopped - Kernel driver]
cbidf2k (cbidf2k) - (File not found)) [Disabled - Stopped - Kernel driver]
Closed Caption Decoder (CCDECODE) - System32\DRIVERS\CCDECODE.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
cd20xrnt (cd20xrnt) - (File not found)) [Disabled - Stopped - Kernel driver]
Cdaudio (Cdaudio) - (File not found)) [ - Stopped - Kernel driver]
Cdfs (Cdfs) - (File not found)) [Disabled - Running - Filesystem driver]
CD-ROM Driver (Cdrom) - System32\DRIVERS\cdrom.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Changer (Changer) - (File not found)) [ - Stopped - Kernel driver]
Indexing Service (cisvc) - C:\WINDOWS\System32\cisvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
CmdIde (CmdIde) - (File not found)) [Disabled - Stopped - Kernel driver]
C-Media PCI Audio Driver (WDM) (cmpci) - system32\drivers\cmaudio.sys (C-Media Inc ) [On Demand - Running - Kernel driver]
COM+ System Application (COMSysApp) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Cpqarray (Cpqarray) - (File not found)) [Disabled - Stopped - Kernel driver]
Cryptographic Services (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
dac960nt (dac960nt) - (File not found)) [Disabled - Stopped - Kernel driver]
DHCP Client (Dhcp) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Disk Driver (Disk) - \SystemRoot\System32\DRIVERS\disk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Logical Disk Manager Administrative Service (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com (Microsoft Corp., Veritas Software ) [On Demand - Stopped - Win32, running in a shared process]
dmboot (dmboot) - System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software ) [Disabled - Stopped - Kernel driver]
Logical Disk Manager Driver (dmio) - \SystemRoot\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software ) [ - Running - Kernel driver]
dmload (dmload) - \SystemRoot\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software. ) [ - Running - Kernel driver]
Logical Disk Manager (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Microsoft Kernel DLS Syntheiszer (DMusic) - system32\drivers\DMusic.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
DNS Client (Dnscache) - C:\WINDOWS\System32\svchost.exe -k NetworkService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
dpti2o (dpti2o) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft Kernel DRM Audio Descrambler (drmkaud) - system32\drivers\drmkaud.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
dtscsi (dtscsi) - \SystemRoot\System32\Drivers\dtscsi.sys ( ) [On Demand - Running - Kernel driver]
Error Reporting Service (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Event Log (Eventlog) - C:\WINDOWS\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
COM+ Event System (EventSystem) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Fastfat (Fastfat) - (File not found)) [Disabled - Stopped - Filesystem driver]
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Fax (Fax) - C:\WINDOWS\system32\fxssvc.exe (Microsoft Corporation ) [Automatic - Stopped - Win32, running in it's own process]
Floppy Disk Controller Driver (Fdc) - System32\DRIVERS\fdc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Fips (Fips) - (File not found)) [ - Running - Kernel driver]
Floppy Disk Driver (Flpydisk) - System32\DRIVERS\flpydisk.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Volume Manager Driver (Ftdisk) - \SystemRoot\System32\DRIVERS\ftdisk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Game Port Enumerator (gameenum) - System32\DRIVERS\gameenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
GEAR CDRom Filter (GEARAspiWDM) - SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc. ) [On Demand - Running - Kernel driver]
Generic Packet Classifier (Gpc) - System32\DRIVERS\msgpc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Help and Support (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
HID Input Service (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Microsoft HID Class Driver (HidUsb) - System32\DRIVERS\hidusb.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
hpn (hpn) - (File not found)) [Disabled - Stopped - Kernel driver]
hpt3xx (hpt3xx) - (File not found)) [Disabled - Stopped - Kernel driver]
HSFHWBS2 (HSFHWBS2) - System32\DRIVERS\USR_BSC2.sys (Conexant Systems, Inc. ) [On Demand - Running - Kernel driver]
HSF_DP (HSF_DP) - System32\DRIVERS\USR_MDM.sys (Conexant Systems, Inc. ) [On Demand - Running - Kernel driver]
i2omgmt (i2omgmt) - (File not found)) [ - Stopped - Kernel driver]
i2omp (i2omp) - (File not found)) [Disabled - Stopped - Kernel driver]
i8042 Keyboard and PS/2 Mouse Port Driver (i8042prt) - System32\DRIVERS\i8042prt.sys (Microsoft Corporation ) [ - Running - Kernel driver]
InstallDriver Table Manager (IDriverT) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (Macrovision Corporation ) [On Demand - Stopped - Win32, running in it's own process]
CD-Burning Filter Driver (Imapi) - System32\DRIVERS\imapi.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IMAPI CD-Burning COM Service (ImapiService) - C:\WINDOWS\System32\imapi.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
ini910u (ini910u) - (File not found)) [Disabled - Stopped - Kernel driver]
IntelIde (IntelIde) - (File not found)) [Disabled - Stopped - Kernel driver]
IP Traffic Filter Driver (IpFilterDriver) - System32\DRIVERS\ipfltdrv.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP in IP Tunnel Driver (IpInIp) - System32\DRIVERS\ipinip.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP Network Address Translator (IpNat) - System32\DRIVERS\ipnat.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
iPod Service (iPod Service) - "C:\Program Files\iPod\bin\iPodService.exe" (Apple Computer, Inc. ) [On Demand - Running - Win32, running in it's own process]
IPSEC driver (IPSec) - System32\DRIVERS\ipsec.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IR Enumerator Service (IRENUM) - System32\DRIVERS\irenum.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
PnP ISA/EISA Bus Driver (isapnp) - \SystemRoot\System32\DRIVERS\isapnp.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Keyboard Class Driver (Kbdclass) - System32\DRIVERS\kbdclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Keyboard HID Driver (kbdhid) - System32\DRIVERS\kbdhid.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Microsoft Kernel Wave Audio Mixer (kmixer) - system32\drivers\kmixer.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
KSecDD (KSecDD) - (File not found)) [ - Running - Kernel driver]
Server (lanmanserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Workstation (lanmanworkstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
lbrtfdc (lbrtfdc) - (File not found)) [ - Stopped - Kernel driver]
TCP/IP NetBIOS Helper (LmHosts) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
TCP/IP Print Server (LPDSVC) - C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
mdmxsdk (mdmxsdk) - System32\DRIVERS\mdmxsdk.sys (Conexant ) [Automatic - Running - Kernel driver]
Messenger (Messenger) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
mf (mf) - System32\DRIVERS\mf.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
mnmdd (mnmdd) - (File not found)) [ - Running - Kernel driver]
NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\System32\mnmsrvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Modem (Modem) - (File not found)) [On Demand - Running - Kernel driver]
Mouse Class Driver (Mouclass) - System32\DRIVERS\mouclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Mount Point Manager (MountMgr) - (File not found)) [ - Running - Kernel driver]
mraid35x (mraid35x) - (File not found)) [Disabled - Stopped - Kernel driver]
WebDav Client Redirector (MRxDAV) - System32\DRIVERS\mrxdav.sys (Microsoft Corporation ) [On Demand - Running - Filesystem driver]
MRXSMB (MRxSmb) - System32\DRIVERS\mrxsmb.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\System32\msdtc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Msfs (Msfs) - (File not found)) [ - Running - Filesystem driver]
Windows Installer (MSIServer) - C:\WINDOWS\System32\msiexec.exe /V (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Microsoft Streaming Service Proxy (MSKSSRV) - system32\drivers\MSKSSRV.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Clock Proxy (MSPCLOCK) - system32\drivers\MSPCLOCK.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Quality Manager Proxy (MSPQM) - system32\drivers\MSPQM.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Tee/Sink-to-Sink Converter (MSTEE) - system32\drivers\MSTEE.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Mup (Mup) - (File not found)) [ - Running - Filesystem driver]
NABTS/FEC VBI Codec (NABTSFEC) - System32\DRIVERS\NABTSFEC.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
NDIS System Driver (NDIS) - (File not found)) [ - Running - Kernel driver]
Microsoft TV/Video Connection (NdisIP) - System32\DRIVERS\NdisIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Remote Access NDIS TAPI Driver (NdisTapi) - System32\DRIVERS\ndistapi.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
NDIS Usermode I/O Protocol (Ndisuio) - System32\DRIVERS\ndisuio.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Remote Access NDIS WAN Driver (NdisWan) - System32\DRIVERS\ndiswan.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
NDIS Proxy (NDProxy) - (File not found)) [On Demand - Running - Kernel driver]
NetBIOS Interface (NetBIOS) - System32\DRIVERS\netbios.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
NetBios over Tcpip (NetBT) - System32\DRIVERS\netbt.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Network DDE (NetDDE) - C:\WINDOWS\system32\netdde.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Network DDE DSDM (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Net Logon (Netlogon) - C:\WINDOWS\System32\lsass.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Network Connections (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Network Location Awareness (NLA) (Nla) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Npfs (Npfs) - (File not found)) [ - Running - Filesystem driver]
Ntfs (Ntfs) - (File not found)) [Disabled - Running - Filesystem driver]
NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\System32\lsass.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Removable Storage (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Null (Null) - (File not found)) [ - Running - Kernel driver]
IPX Traffic Filter Driver (NwlnkFlt) - System32\DRIVERS\nwlnkflt.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IPX Traffic Forwarder Driver (NwlnkFwd) - System32\DRIVERS\nwlnkfwd.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Office Source Engine (ose) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Parallel port driver (Parport) - System32\DRIVERS\parport.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Partition Manager (PartMgr) - (File not found)) [ - Running - Kernel driver]
ParVdm (ParVdm) - (File not found)) [Automatic - Running - Kernel driver]
PCI Bus Driver (PCI) - \SystemRoot\System32\DRIVERS\pci.sys (Microsoft Corporation ) [ - Running - Kernel driver]
PCIDump (PCIDump) - (File not found)) [ - Stopped - Kernel driver]
PCIIde (PCIIde) - \SystemRoot\System32\DRIVERS\pciide.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Pcmcia (Pcmcia) - (File not found)) [Disabled - Stopped - Kernel driver]
PDCOMP (PDCOMP) - (File not found)) [On Demand - Stopped - Kernel driver]
PDFRAME (PDFRAME) - (File not found)) [On Demand - Stopped - Kernel driver]
PDRELI (PDRELI) - (File not found)) [On Demand - Stopped - Kernel driver]
PDRFRAME (PDRFRAME) - (File not found)) [On Demand - Stopped - Kernel driver]
perc2 (perc2) - (File not found)) [Disabled - Stopped - Kernel driver]
perc2hib (perc2hib) - (File not found)) [Disabled - Stopped - Kernel driver]
Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
IPSEC Services (PolicyAgent) - C:\WINDOWS\System32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
WAN Miniport (PPTP) (PptpMiniport) - System32\DRIVERS\raspptp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Processor Driver (Processor) - System32\DRIVERS\processr.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Protected Storage (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
QoS Packet Scheduler (PSched) - System32\DRIVERS\psched.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Direct Parallel Link Driver (Ptilink) - System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc. ) [On Demand - Running - Kernel driver]
ql1080 (ql1080) - (File not found)) [Disabled - Stopped - Kernel driver]
Ql10wnt (Ql10wnt) - (File not found)) [Disabled - Stopped - Kernel driver]
ql12160 (ql12160) - (File not found)) [Disabled - Stopped - Kernel driver]
ql1240 (ql1240) - (File not found)) [Disabled - Stopped - Kernel driver]
ql1280 (ql1280) - (File not found)) [Disabled - Stopped - Kernel driver]
Remote Access Auto Connection Driver (RasAcd) - System32\DRIVERS\rasacd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Remote Access Auto Connection Manager (RasAuto) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
WAN Miniport (L2TP) (Rasl2tp) - System32\DRIVERS\rasl2tp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Remote Access Connection Manager (RasMan) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Remote Access PPPOE Driver (RasPppoe) - System32\DRIVERS\raspppoe.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Direct Parallel (Raspti) - System32\DRIVERS\raspti.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Rdbss (Rdbss) - System32\DRIVERS\rdbss.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
RDPCDD (RDPCDD) - System32\DRIVERS\RDPCDD.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Terminal Server Device Redirector Driver (rdpdr) - System32\DRIVERS\rdpdr.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
RDPWD (RDPWD) - (File not found)) [On Demand - Stopped - Kernel driver]
Remote Desktop Help Session Manager (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Digital CD Audio Playback Filter Driver (redbook) - System32\DRIVERS\redbook.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Routing and Remote Access (RemoteAccess) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Remote Registry (RemoteRegistry) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Remote Procedure Call (RPC) Locator (RpcLocator) - C:\WINDOWS\System32\locator.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Remote Procedure Call (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
QoS RSVP (RSVP) - C:\WINDOWS\System32\rsvp.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Security Accounts Manager (SamSs) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Smart Card Helper (SCardDrv) - C:\WINDOWS\System32\SCardSvr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Smart Card (SCardSvr) - C:\WINDOWS\System32\SCardSvr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Task Scheduler (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Secdrv (Secdrv) - System32\DRIVERS\secdrv.sys ( ) [On Demand - Stopped - Kernel driver]
Secondary Logon (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
System Event Notification (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Serenum Filter Driver (serenum) - System32\DRIVERS\serenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Serial port driver (Serial) - System32\DRIVERS\serial.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Sfloppy (Sfloppy) - (File not found)) [ - Stopped - Kernel driver]
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) (SharedAccess) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Shell Hardware Detection (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Simbad (Simbad) - (File not found)) [Disabled - Stopped - Kernel driver]
SIS AGP Bus Filter (sisagp) - \SystemRoot\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation ) [ - Running - Kernel driver]
SiS PCI Fast Ethernet Adapter Driver (SISNIC) - System32\DRIVERS\sisnic.sys (SiS Corporation ) [On Demand - Running - Kernel driver]
BDA Slip De-Framer (SLIP) - System32\DRIVERS\SLIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Sony Digital Imaging Base (sonyhcb) - \SystemRoot\System32\DRIVERS\sonyhcb.sys (Sony Corporation ) [ - Running - Kernel driver]
Sony Digital Imaging Video (sonyhcs) - System32\DRIVERS\sonyhcs.sys (Sony Corporation ) [On Demand - Stopped - Kernel driver]
Sparrow (Sparrow) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft Kernel Audio Splitter (splitter) - system32\drivers\splitter.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
sptd (sptd) - \SystemRoot\System32\Drivers\sptd.sys ( ) [ - Running - Kernel driver]
System Restore Filter Driver (sr) - \SystemRoot\System32\DRIVERS\sr.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
System Restore Service (srservice) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Srv (Srv) - System32\DRIVERS\srv.sys (Microsoft Corporation ) [On Demand - Running - Filesystem driver]
SSDP Discovery Service (SSDPSRV) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\System32\svchost.exe -k imgsvc (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
BDA IPSink (streamip) - System32\DRIVERS\StreamIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Software Bus Driver (swenum) - System32\DRIVERS\swenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft Kernel GS Wavetable Synthesizer (swmidi) - system32\drivers\swmidi.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\System32\dllhost.exe /Processid:{363EEEF6-7CC9-4D0F-A809-B4D4AF4A588F} (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
symc810 (symc810) - (File not found)) [Disabled - Stopped - Kernel driver]
symc8xx (symc8xx) - (File not found)) [Disabled - Stopped - Kernel driver]
sym_hi (sym_hi) - (File not found)) [Disabled - Stopped - Kernel driver]
sym_u3 (sym_u3) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft Kernel System Audio Device (sysaudio) - system32\drivers\sysaudio.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Performance Logs and Alerts (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Telephony (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
TCP/IP Protocol Driver (Tcpip) - System32\DRIVERS\tcpip.sys (Microsoft Corporation ) [ - Running - Kernel driver]
TDPIPE (TDPIPE) - (File not found)) [On Demand - Stopped - Kernel driver]
TDTCP (TDTCP) - (File not found)) [On Demand - Stopped - Kernel driver]
Terminal Device Driver (TermDD) - System32\DRIVERS\termdd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Terminal Services (TermService) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Themes (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Telnet (TlntSvr) - C:\WINDOWS\System32\tlntsvr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
tmfilter (tmfilter) - System32\DRIVERS\tmxpflt.sys (TrendMicro ) [Automatic - Running - Filesystem driver]
Trend NT Realtime Service (Tmntsrv) - "C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe" (Trend Micro Inc. ) [Automatic - Running - Win32, running in it's own process]
tmpreflt (tmpreflt) - System32\DRIVERS\tmpreflt.sys (TrendMicro ) [Automatic - Running - Filesystem driver]
TosIde (TosIde) - (File not found)) [Disabled - Stopped - Kernel driver]
Distributed Link Tracking Client (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Udfs (Udfs) - (File not found)) [Disabled - Stopped - Filesystem driver]
ultra (ultra) - (File not found)) [Disabled - Stopped - Kernel driver]
Microcode Update Driver (Update) - System32\DRIVERS\update.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Upload Manager (uploadmgr) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Universal Plug and Play Device Host (upnphost) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Uninterruptible Power Supply (UPS) - C:\WINDOWS\System32\ups.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Sony Digital Imaging Audio (usbaudio) - system32\drivers\usbaudio.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft USB Generic Parent Driver (usbccgp) - System32\DRIVERS\usbccgp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft USB Standard Hub Driver (usbhub) - System32\DRIVERS\usbhub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft USB Open Host Controller Miniport Driver (usbohci) - System32\DRIVERS\usbohci.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft USB PRINTER Class (usbprint) - System32\DRIVERS\usbprint.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
USB Mass Storage Driver (USBSTOR) - System32\DRIVERS\USBSTOR.SYS (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
VGA Display Controller. (VgaSave) - \SystemRoot\System32\drivers\vga.sys (Microsoft Corporation ) [ - Running - Kernel driver]
ViaIde (ViaIde) - (File not found)) [Disabled - Stopped - Kernel driver]
VolSnap (VolSnap) - (File not found)) [ - Running - Kernel driver]
vsapint (vsapint) - System32\DRIVERS\vsapint.sys (Trend Micro Inc. ) [Automatic - Running - Filesystem driver]
Volume Shadow Copy (VSS) - C:\WINDOWS\System32\vssvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Windows Time (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Remote Access IP ARP Driver (Wanarp) - System32\DRIVERS\wanarp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
WDICA (WDICA) - (File not found)) [On Demand - Stopped - Kernel driver]
Microsoft WINMM WDM Audio Compatibility Driver (wdmaud) - system32\drivers\wdmaud.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
WebClient (WebClient) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
winachsf (winachsf) - System32\DRIVERS\HSF_USR.sys (Conexant Systems, Inc. ) [On Demand - Running - Kernel driver]
Windows DHCP Service (WinDHCPsvc) - C:\WINDOWS\System32\\rundll32.exe windhcp.ocx,input (Microsoft Corporation ) [Automatic - Stopped - Win32, running in it's own process]
Windows Management Instrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Portable Media Serial Number Service (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Windows Management Instrumentation Driver Extensions (Wmi) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
WMI Performance Adapter (WmiApSrv) - C:\WINDOWS\System32\wbem\wmiapsrv.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
World Standard Teletext Codec (WSTCODEC) - System32\DRIVERS\WSTCODEC.SYS (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Automatic Updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Wireless Zero Configuration (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]

< Files >

%SystemDrive%
C:\ATF-Cleaner.exe - UPX! (Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Date = 3/6/2007 7:17:38 PM | Attr = ])
C:\KillBox.exe - UPX! (Option^Explicit Softwar
  • 0

#18
sukaira-ku
Posted 07 March 2007 - 02:55 PM

sukaira-ku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
%ProgramFilesDir%

%WinDir%

%System%
C:\WINDOWS\SYSTEM32\d3dx9_25.dll - aspack (Microsoft Corporation [Ver = 9.06.168.0000 | Size = 2337488 bytes | Date = 3/18/2005 5:19:58 PM | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_26.dll - aspack (Microsoft Corporation [Ver = 9.07.239.0000 | Size = 2297552 bytes | Date = 5/26/2005 3:34:52 PM | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_27.dll - aspack (Microsoft Corporation [Ver = 9.08.299.0000 | Size = 2319568 bytes | Date = 7/22/2005 7:59:04 PM | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_28.dll - aspack (Microsoft Corporation [Ver = 9.10.455.0000 | Size = 2323664 bytes | Date = 12/5/2005 6:09:18 PM | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_29.dll - aspack (Microsoft Corporation [Ver = 9.11.519.0000 | Size = 2332368 bytes | Date = 2/3/2006 8:43:16 AM | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_30.dll - aspack (Microsoft Corporation [Ver = 9.12.589.0000 | Size = 2388176 bytes | Date = 3/31/2006 12:40:58 PM | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_31.dll - aspack (Microsoft Corporation [Ver = 9.15.779.0000 | Size = 2414360 bytes | Date = 9/28/2006 4:05:20 PM | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_32.dll - aspack (Microsoft Corporation [Ver = 9.16.843.0000 | Size = 3426072 bytes | Date = 11/29/2006 1:06:18 PM | Attr = ])
C:\WINDOWS\SYSTEM32\dfrg.msc - PEC2 ( [Ver = | Size = 41397 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\divx.dll - PEC2 (DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Date = 2/1/2007 5:56:06 AM | Attr = ])
C:\WINDOWS\SYSTEM32\divx.dll - PECompact2 (DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Date = 2/1/2007 5:56:06 AM | Attr = ])
C:\WINDOWS\SYSTEM32\LegitCheckControl.dll - PTech (Microsoft® Corporation [Ver = 1.3.0254.0 | Size = 520456 bytes | Date = 7/12/2005 6:04:22 PM | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - PECompact2 (Microsoft Corporation [Ver = 1.12.0967.0 | Size = 2827616 bytes | Date = 1/4/2006 7:46:40 PM | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.12.0967.0 | Size = 2827616 bytes | Date = 1/4/2006 7:46:40 PM | Attr = ])
C:\WINDOWS\SYSTEM32\ntbackup.exe - WSUD (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 1135616 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - WSUD (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\rasdlg.dll - Umonitor (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 631808 bytes | Date = 8/29/2002 3:41:10 AM | Attr = ])
C:\WINDOWS\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])

%System%\Drivers folder and sub-folders
C:\WINDOWS\SYSTEM32\drivers\vsapint.sys - UPX! (Trend Micro Inc. [Ver = 6.640-1001 | Size = 839408 bytes | Date = 7/21/2003 10:46:58 AM | Attr = ])
C:\WINDOWS\SYSTEM32\drivers\vsapint.sys - aspack (Trend Micro Inc. [Ver = 6.640-1001 | Size = 839408 bytes | Date = 7/21/2003 10:46:58 AM | Attr = ])

%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\bootstat.dat - ( [Ver = | Size = 2048 bytes | Date = 3/7/2007 3:39:40 PM | Attr = S])
C:\WINDOWS\G_Server2006.DLL - ( [Ver = | Size = 695808 bytes | Date = 3/6/2007 7:14:30 PM | Attr = RHS])
C:\WINDOWS\G_SERVER2006KEY.DLL - ( [Ver = | Size = 61952 bytes | Date = 3/6/2007 7:14:38 PM | Attr = RHS])
C:\WINDOWS\LastGood\INF\d3dx9_24_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:38 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_24_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:38 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_25_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:38 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_25_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:38 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_26_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:40 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_26_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:40 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_27_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:40 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_27_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:40 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_28_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:42 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_28_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:42 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_29_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:44 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_29_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:44 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_30_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:46 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_30_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:46 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_31_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:48 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_31_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:48 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_32_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:50 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\d3dx9_32_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:50 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xact2_1_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:46 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xact2_1_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:46 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xact2_2_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:46 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xact2_2_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:46 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xact2_3_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:48 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xact2_3_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:48 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xact2_4_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:50 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xact2_4_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:50 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xact2_5_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:50 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xact2_5_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:50 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xact2_6_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:52 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xact2_6_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:52 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xact_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:44 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xact_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:44 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xinput1_1_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:46 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xinput1_1_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:46 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xinput1_2_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:48 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xinput1_2_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:48 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xinput1_3_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:48 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xinput1_3_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:48 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xinput9_1_0_x86.inf - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:40 PM | Attr = H ])
C:\WINDOWS\LastGood\INF\xinput9_1_0_x86.PNF - ( [Ver = | Size = 0 bytes | Date = 2/6/2007 5:45:40 PM | Attr = H ])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\xact2_6_x86.CAT - ( [Ver = | Size = 10662 bytes | Date = 1/24/2007 3:35:42 PM | Attr = S])
C:\WINDOWS\system32\config\default.LOG - ( [Ver = | Size = 1024 bytes | Date = 3/7/2007 3:42:30 PM | Attr = H ])
C:\WINDOWS\system32\config\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 3/7/2007 3:39:46 PM | Attr = H ])
C:\WINDOWS\system32\config\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 3/7/2007 3:41:34 PM | Attr = H ])
C:\WINDOWS\system32\config\software.LOG - ( [Ver = | Size = 20480 bytes | Date = 3/7/2007 3:48:12 PM | Attr = H ])
C:\WINDOWS\system32\config\system.LOG - ( [Ver = | Size = 1024 bytes | Date = 3/7/2007 3:42:30 PM | Attr = H ])
C:\WINDOWS\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 3/7/2007 3:39:42 PM | Attr = H ])

CPL files
C:\WINDOWS\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 66048 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 578560 bytes | Date = 8/29/2002 3:41:28 AM | Attr = ])
C:\WINDOWS\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 129024 bytes | Date = 8/29/2002 3:41:28 AM | Attr = ])
C:\WINDOWS\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 150016 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 292352 bytes | Date = 8/29/2002 3:41:28 AM | Attr = ])
C:\WINDOWS\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 121856 bytes | Date = 8/29/2002 3:41:28 AM | Attr = ])
C:\WINDOWS\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 65536 bytes | Date = 8/29/2002 3:41:28 AM | Attr = ])
C:\WINDOWS\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49265 bytes | Date = 11/9/2006 3:07:28 PM | Attr = ])
C:\WINDOWS\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 559616 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\nwc.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.520.7713.0 | Size = 36864 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 109056 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 268288 bytes | Date = 8/29/2002 3:41:28 AM | Attr = ])
C:\WINDOWS\SYSTEM32\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 5/26/2005 4:16:30 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 66048 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 578560 bytes | Date = 8/29/2002 3:41:28 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 129024 bytes | Date = 8/29/2002 3:41:28 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 150016 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 292352 bytes | Date = 8/29/2002 3:41:28 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 121856 bytes | Date = 8/29/2002 3:41:28 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 48128 bytes | Date = 8/17/2001 10:37:02 PM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\joy.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 65536 bytes | Date = 8/29/2002 3:41:28 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 559616 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl - (Microsoft Corporation [Ver = 3.520.7713.0 | Size = 36864 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 109056 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl - (Microsoft Corporation [Ver = 5.1.4111.00 (xpsp1.020828-1920) | Size = 147456 bytes | Date = 8/29/2002 3:41:28 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 268288 bytes | Date = 8/29/2002 3:41:28 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 8/23/2001 7:00:00 AM | Attr = ])

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 12/27/2005 7:51:46 PM | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD. [Ver = 2, 0, 0, 3 | Size = 212992 bytes | Date = 8/13/2001 5:34:06 PM | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Real-time Monitor.lnk - C:\WINDOWS\Installer\{A839294B-70A9-11D5-9F5A-0050DAD742CD}\_A687B56.exe ( [Ver = | Size = 57344 bytes | Date = 12/28/2005 12:59:50 PM | Attr = R ])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Daisy\Start Menu\Programs\Startup
C:\Documents and Settings\Daisy\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 12/27/2005 7:51:46 PM | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
Win.ini->[Windows]\\Run -
System.ini->[Boot]\\Shell - Explorer.exe
Wininit.ini: Line 1 - [rename]
Wininit.ini: Line 2 - C:\WINDOWS\SYSTEM32\DRIVERS\CMAUDIO.OLD=C:\WINDOWS\SYSTEM32\DRIVERS\CMAUDIO.SYS
Wininit.ini: Line 3 - C:\WINDOWS\SYSTEM\CRLDS3D.OLD=C:\WINDOWS\SYSTEM\CRLDS3D.DLL
Wininit.ini: Line 4 - C:\WINDOWS\MIXER.OLD=C:\WINDOWS\MIXER.EXE
Wininit.ini: Line 5 - C:\WINDOWS\CMUninst.OLD=C:\WINDOWS\CMUninst.dat
Wininit.ini: Line 6 - C:\WINDOWS\cmmixer.OLD=C:\WINDOWS\cmmixer.ini
Config.nt: Line 54 - dos=high, umb
Config.nt: Line 55 - device=%SystemRoot%\system32\himem.sys
Config.nt: Line 56 - files=40
AutoExec.nt: Line 1 - @echo off
AutoExec.nt: Line 8 - lh %SystemRoot%\system32\mscdexnt.exe
AutoExec.nt: Line 11 - lh %SystemRoot%\system32\redir
AutoExec.nt: Line 14 - lh %SystemRoot%\system32\dosx
AutoExec.nt: Line 36 - SET BLASTER=A220 I5 D1 P330 T3

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 12/27/2005 2:37:36 PM | Attr = HS])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Daisy\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 12/27/2005 2:37:36 PM | Attr = HS])
C:\Documents and Settings\Daisy\Application Data\GDIPFONTCACHEV1.DAT - ( [Ver = | Size = 47288 bytes | Date = 10/27/2006 4:16:24 PM | Attr = ])
C:\Documents and Settings\Daisy\Application Data\internaldb41.dat - ( [Ver = | Size = 0 bytes | Date = 7/23/2006 1:44:22 AM | Attr = ])
C:\Documents and Settings\Daisy\Application Data\Sskuknwrd.dll - ( [Ver = | Size = 36 bytes | Date = 1/31/2006 6:14:14 PM | Attr = ])
C:\Documents and Settings\Daisy\Application Data\waver_2.95.dat - ( [Ver = | Size = 665 bytes | Date = 8/24/2006 10:48:38 PM | Attr = ])

Program Files Folder

Common Files Folder

DPF files
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://fpdownload.ma...director/sw.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://by116fd.bay11...es/MsnPUpld.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://update.micros...b?1136918882453
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macr...ash/swflash.cab

Hosts file = 698 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright © 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a "#" symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
# -
127.0.0.1 localhost -

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 5
Desktop\Components\0 -
Desktop\Components\0\\Source - About:Home
Desktop\Components\0\\SubscribedURL - About:Home
Desktop\Components\0\\FriendlyName - My Current Home Page
Desktop\Components\0\\Flags - 2
Desktop\Components\0\\Position - 2C 00 00 00 E6 00 00 00 00 00 00 00 9A 03 00 00 42 03 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 04 00 00 40
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00
Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 12 03 00 00 23 00 00 00 DC 00 00 00 D2 00 00 00 01 00 00 00
Desktop\General -
Desktop\General\\BackupWallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\General\\WallpaperFileTime - CE 89 4F 60 90 58 C7 01
Desktop\General\\WallpaperLocalFileTime - CE 81 79 77 66 58 C7 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 2
Desktop\General\\Wallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\General\\ComponentsPositioned - 1
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 80 04 00 00 42 03 00 00
Desktop\SafeMode -
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

KEY - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - DF 00 00 00
policies\System -
policies\System\\DisableRegistryTools - 0

KEY - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -

>>>>Output for AddOn file SID_Run_Policies.def<<<<

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run -

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145

< End of report >
  • 0

#19
RiP
Posted 07 March 2007 - 06:40 PM

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello sukaira-ku,

The scan didn't turn up any more baddies, how is the computer running?
  • 0

#20
sukaira-ku
Posted 07 March 2007 - 06:43 PM

sukaira-ku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Oh that's great news. Thanks so much. I don't actually notice any differences with my computer, but there's no more random error popups which is good. Just wondering, is there any way to check if I have still have an open proxy? Also, what precautions do you reccomend I take to prevent my computer from being infected again? Thanks again =)
  • 0

#21
RiP
Posted 08 March 2007 - 06:06 PM

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Hello sukaira-ku,

Go here, to see if you're still running a proxy.

Let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

  • 0

#22
RiP
Posted 18 March 2007 - 09:11 PM

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP