Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

OTScanIT log for trojan agent.anfu

Started by sancou , Feb 11 2008 06:09 PM

  • Please log in to reply

#1
sancou
Posted 11 February 2008 - 06:09 PM

sancou

    New Member

  • Member
  • Pip
  • 3 posts
I have tried everything, had it a few days ago, ran your FixIEDef.exe and it worked wonderfully.... now I have it again, and that won't work, tried everything else, all scans suggested and all downloads, and now I am down to this.... Please let me know if there is anything you can see in this log, thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:02 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.weather.c...;from=whatwhere
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {5CF87193-FD1E-4400-863D-FD9AFC5F402F} - C:\WINDOWS\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} -

C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinReminders 2005] C:\Program Files\HES\WinReminders\WinReminders.exe /check /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -

http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) -

http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -

http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) -

http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) -

http://zone.msn.com/...vl.cab46704.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.104/app/view22RTE.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) -

http://zone.msn.com/...ol.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) -

http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) -

http://games.pogo.co...sh.1.0.0.80.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -

http://fdl.msn.com/z...s/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{767193B2-43E9-477C-B1F2-0EBABA34BE07}: NameServer =

205.152.132.23,205.152.37.23
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol

Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with

SpeedBooster\WLService.exe

--
End of file - 8223 bytes
  • 0

Advertisements

#2
sancou
Posted 13 February 2008 - 09:50 PM

sancou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
wow, 25 views and not a single reply with help.....
  • 0

#3
sancou
Posted 03 December 2008 - 06:23 AM

sancou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here is the notepad log from my scan. Please help..... Thanks in advance!



[code=auto:0]OTScanIt2 logfile created on: 12/3/2008 6:13:24 AM - Run 1
OTScanIt2 by OldTimer - Version 1.0.2.1 Folder = C:\Documents and Settings\Me\My Documents\Downloads\OTScanIt2
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.23 Mb Total Physical Memory | 216.20 Mb Available Physical Memory | 42.29% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.62% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 1.31 Gb Free Space | 1.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANDY
Current User Name: Me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 90 Days

[Processes - Safe List]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.)
avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2008/08/30 05:21:29 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> [2008/07/06 08:33:41 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008/08/30 05:21:31 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/06/19 11:44:41 | 00,068,856 | ---- | M] (Google Inc.)
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/10/04 18:22:58 | 00,168,432 | ---- | M] (Google)
iexplore.exe -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE -> [2004/08/03 19:07:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
mspmspsv.exe -> %SystemRoot%\system32\MsPMSPSv.exe -> [2001/05/01 18:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\My Documents\Downloads\OTScanIt2\OTScanIt2.exe -> [2008/12/01 10:28:50 | 00,477,184 | ---- | M] (OldTimer Tools)
smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> [2003/05/30 10:42:22 | 00,585,728 | ---- | M] (Analog Devices, Inc.)
smax4pnp.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> [2003/05/29 17:28:32 | 00,790,528 | ---- | M] (Analog Devices, Inc.)
starwindserviceae.exe -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -> [2007/05/28 10:57:54 | 00,275,968 | ---- | M] (Rocket Division Software)
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
wlservice.exe -> %ProgramFiles%\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe -> [2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS)
wusb54gsc.exe -> %ProgramFiles%\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe -> [2006/04/21 13:26:38 | 05,358,592 | ---- | M] (Linksys)

[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2007/10/31 14:09:16 | 00,110,592 | ---- | M] (Apple, Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation)
(avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2008/08/30 05:21:29 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2008/08/30 05:21:31 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/08/27 07:50:39 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/10/04 18:22:58 | 00,168,432 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2004/08/03 19:07:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2007/12/11 12:10:16 | 00,504,104 | ---- | M] (Apple Inc.)
(SerialKeys) SerialKeys [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\skeys.exe -> [2004/08/03 19:07:00 | 00,026,112 | ---- | M] (Microsoft Corporation)
(StarWindServiceAE) StarWind AE Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -> [2007/05/28 10:57:54 | 00,275,968 | ---- | M] (Rocket Division Software)
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation)
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(vsmon) TrueVector Internet Monitor [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> [2005/07/20 03:45:30 | 01,672,976 | ---- | M] (Zone Labs, LLC)
(WMDM PMSP Service) WMDM PMSP Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\MsPMSPSv.exe -> [2001/05/01 18:06:22 | 00,053,248 | ---- | M] (Microsoft Corporation)
(WUSB54GSCSVC) WUSB54GSCSVC [Win32_Own | Auto | Running] -> -> File not found

[Driver Services - Safe List]
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> [2003/03/13 04:34:48 | 00,100,224 | R--- | M] (Andrea Electronics Corporation)
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> [2007/12/27 21:19:11 | 00,017,801 | ---- | M] (Meetinghouse Data Communications)
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> [2008/08/30 05:21:29 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> [2008/07/06 08:33:40 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> [2008/07/06 08:33:47 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.)
(BCM42RLY) BCM42RLY [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\bcm42rly.sys -> [2005/02/01 18:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation)
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> [2003/12/09 19:24:58 | 00,067,024 | ---- | M] (Roxio)
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\cdralw2k.sys -> [2003/12/09 19:24:58 | 00,024,698 | ---- | M] (Roxio)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.)
(HSFHWCD2) HSFHWCD2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSFHWCD2.sys -> [2004/02/24 22:21:36 | 00,201,728 | R--- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> [2004/02/24 22:18:46 | 01,041,536 | R--- | M] (Conexant Systems, Inc.)
(MCSTRM) MCSTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\mcstrm.sys -> [2005/01/17 09:38:47 | 00,008,413 | ---- | M] (RealNetworks, Inc.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2003/04/08 23:48:08 | 00,011,043 | R--- | M] (Conexant)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2004/08/03 16:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(Pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pcouffin.sys -> [2006/12/30 10:58:39 | 00,047,360 | ---- | M] (VSO Software)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/03 19:07:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2006/05/04 17:39:53 | 00,020,576 | ---- | M] (Sonic Solutions)
(RIOUNIV) Rio universal USB driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RIOUNIV.SYS -> [2003/10/03 02:03:44 | 00,016,128 | ---- | M] (Digital Networks North America, Inc.)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASDIFSV.SYS -> [2008/07/01 05:58:20 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> [2006/02/16 16:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [2008/07/01 05:58:20 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2006/02/02 18:54:53 | 00,011,376 | ---- | M] ()
(smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> [2003/06/01 23:42:14 | 00,578,304 | R--- | M] (Analog Devices, Inc.)
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [2007/09/24 16:34:58 | 00,685,816 | ---- | M] ()
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\USBAUDIO.sys -> [2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation)
(USB_RNDIS) Compact Wireless-G USB Network Adapter with SpeedBooster [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usb8023.sys -> [2004/08/03 19:07:00 | 00,012,672 | ---- | M] (Microsoft Corporation)
(USB_RNDIS_XP) Westell WireSpeed Dual Connect Modem [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usb8023.sys -> [2004/08/03 19:07:00 | 00,012,672 | ---- | M] (Microsoft Corporation)
(vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> [2005/07/20 03:45:18 | 00,366,736 | ---- | M] (Zone Labs, LLC)
(winachsf) winachsf [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> [2004/02/24 22:20:22 | 00,682,624 | R--- | M] (Conexant Systems, Inc.)
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004/08/03 19:07:00 | 00,012,032 | ---- | M] (Microsoft Corporation)
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\GTNDIS5.sys -> [2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.weather.com/weather/local/70560?lswe=70560&lwsa=WeatherLocalUndeclared&from=whatwhere ->
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s ->
HKEY_CURRENT_USER\: SearchURL\\"provider" -> gogl ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Me\Application Data\Mozilla\FireFox\Profiles\9wad3xe8.default\prefs.js ->
browser.startup.homepage -> "http://www.weather.com/weather/local/70560?lswe=70560&lwsa=WeatherLocalUndeclared&from=whatwhere" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.4" ->
extensions.enabledItems -> [email protected]:1.0.0.071101000055 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2008/08/30 05:21:33 | 00,455,960 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/01/28 11:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)
{b847676d-72ac-4393-bfff-43a1eb979352} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/06/13 10:38:37 | 02,549,368 | R--- | M] (Google Inc.)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
"SITEguard" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/06/13 10:38:37 | 02,549,368 | R--- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/06/13 10:38:37 | 02,549,368 | R--- | M] (Google Inc.)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AVG8_TRAY" -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2008/11/27 08:28:10 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.)
"CookiePatrol" -> %ProgramFiles%\PestPatrol\CookiePatrol.exe [c:\PROGRA~1\PESTPA~1\CookiePatrol.exe] -> [2005/01/10 11:35:16 | 00,073,728 | ---- | M] (Computer Associates International)
"PestPatrol Control Center" -> %ProgramFiles%\PestPatrol\PPControl.exe [c:\PROGRA~1\PESTPA~1\PPControl.exe] -> [2004/11/15 12:49:54 | 00,098,304 | ---- | M] (Computer Associates International)
"PestPatrolCL" -> [] -> File not found
"PPMemCheck" -> %ProgramFiles%\PestPatrol\PPMemCheck.exe [c:\PROGRA~1\PESTPA~1\PPMemCheck.exe] -> [2004/04/02 16:11:54 | 00,148,480 | ---- | M] ()
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2007/12/11 10:56:54 | 00,286,720 | ---- | M] (Apple Inc.)
"SoundMAX" -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe ["C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray] -> [2003/05/30 10:42:22 | 00,585,728 | ---- | M] (Analog Devices, Inc.)
"SoundMAXPnP" -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe [C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] -> [2003/05/29 17:28:32 | 00,790,528 | ---- | M] (Analog Devices, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"EPSON Stylus Photo RX580 Series" -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIBPA.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPA.EXE /FU "C:\WINDOWS\TEMP\E_SB8.tmp" /EF "HKCU"] -> [2006/05/23 04:00:00 | 00,139,264 | ---- | M] (SEIKO EPSON CORPORATION)
"QdrModule12" -> %ProgramFiles%\QdrModule\QdrModule12.exe ["C:\Program Files\QdrModule\QdrModule12.exe"] -> File not found
"QdrPack12" -> %ProgramFiles%\QdrPack\QdrPack12.exe ["C:\Program Files\QdrPack\QdrPack12.exe"] -> File not found
"SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2008/01/28 11:43:40 | 02,097,488 | RHS- | M] (Safer Networking Limited)
"SUPERAntiSpyware" -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2008/07/01 05:58:20 | 01,506,544 | ---- | M] (SUPERAntiSpyware.com)
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2007/06/19 11:44:41 | 00,068,856 | ---- | M] (Google Inc.)
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"FlashPlayerUpdate" -> %SystemRoot%\system32\Macromed\Flash\FlashUtil9b.exe [C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Me Startup Folder > -> C:\Documents and Settings\Me\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Adobe Media Player.lnk -> %ProgramFiles%\Adobe Media Player\Adobe Media Player.exe -> File not found
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
\Run\\"FkFcBl1qoF" -> %AllUsersProfile%\Application Data\gjinqnuh\oribmfsn.exe [C:\Documents and Settings\All Users\Application Data\gjinqnuh\oribmfsn.exe] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableTaskMgr" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" -> [0] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Menu: Sun Java Console] -> [2005/11/10 14:22:12 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/01/28 11:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\NPJPI150_06.dll [Sun Java Console] -> [2005/11/10 14:22:12 | 00,069,746 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/01/28 11:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 10:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> [2001/01/30 14:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
online_musicmatch.com [https] -> Trusted sites ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05D44720-58E3-49E6-BDF6-D00330E511D3} [HKLM] -> http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab[StagingUI Object] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] ->
{3BB54395-5982-4788-8AF4-B5388FFDD0D8} [HKLM] -> http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab[MSN Games – Buddy Invite] ->
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://photo.walgreens.com/WalgreensActivia.cab[Snapfish Activia] ->
{48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab[MySpace Uploader Control] ->
{5736C456-EA94-4AAC-BB08-917ABDD035B3} [HKLM] -> http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab[ZonePAChat Object] ->
{6F750202-1362-4815-A476-88533DE61D0C} [HKLM] -> http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab[Kodak Gallery Easy Upload Manager Class] ->
{6F750203-1362-4815-A476-88533DE61D0C} [HKLM] -> http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab[Kodak Gallery Easy Upload Manager Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{A4110378-789B-455F-AE86-3A1BFC402853} [HKLM] -> http://zone.msn.com/bingame/zpagames/zpa_shvl.cab46704.cab[ZPA_SHVL Object] ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} [HKLM] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] ->
{BCBC9371-595D-11D4-A96D-00105A1CEF6C} [HKLM] -> http://66.242.36.104/app/view22RTE.cab[View22RTE Class] ->
{CAC181B0-4D70-402D-B571-C596A47D0CE0} [HKLM] -> http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab[CBankshotZoneCtrl Class] ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] ->
{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} [HKLM] -> http://zone.msn.com/binframework/v10/StProxy.cab55579.cab[MSN Games – Game Communicator] ->
{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} [HKLM] -> http://games.pogo.com/online2/pogo/diner_dash/DinerDash.1.0.0.80.cab[CPlayFirstDinerDashControl Object] ->
{E5D419D6-A846-4514-9FAD-97E826C84822} [HKLM] -> http://fdl.msn.com/zone/datafiles/heartbeat.cab[HeartbeatCtl Class] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{767193B2-43E9-477C-B1F2-0EBABA34BE07} -> 205.152.132.23,205.152.37.23 (Westell WireSpeed Dual Connect Modem) ->
{AD693E8D-7C64-4D59-851B-14F9D10B52F2} -> (Compact Wireless-G USB Network Adapter with SpeedBooster) ->
{C1C79347-C7DC-4AEE-BE90-7E181D7B0D15} -> (1394 Net Adapter) ->
{C3C17A0D-E3C3-43EE-8A7A-4A840AC78BFA} -> (Compact Wireless-G USB Network Adapter with SpeedBooster) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> [2008/07/06 08:33:41 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
vtuuvuv -> -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/07/01 05:58:19 | 00,077,824 | ---- | M] (SuperAdBlocker.com)
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}" [HKLM] -> %SystemDrive%\Eudora Mail\EuShlExt.dll [Eudora's Shell Extension] -> [2006/08/17 13:57:20 | 00,086,016 | R--- | M] (Qualcomm Inc.)
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
zwebauth.dll -> %SystemRoot%\system32\ZWebAuth.dll -> [2001/09/18 19:37:34 | 00,016,973 | ---- | M] ()
digeste.dll -> -> File not found
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/03 19:07:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/03 19:07:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\Me\My Documents\Downloads\utorrent.exe" -> C:\Documents and Settings\Me\My Documents\Downloads\utorrent.exe [C:\Documents and Settings\Me\My Documents\Downloads\utorrent.exe:*:Enabled:µTorrent] -> [2006/05/22 10:38:12 | 00,158,147 | -H-- | M] ()
"C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> [2008/08/30 05:21:29 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2008/08/30 05:19:51 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/11/03 01:17:27 | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\FlashGet\flashget.exe" -> C:\Program Files\FlashGet\flashget.exe [C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget] -> File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -> C:\Program Files\Internet Explorer\IEXPLORE.EXE [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> [2004/08/03 19:07:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2007/12/11 12:10:18 | 17,152,808 | ---- | M] (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Program Files\Microsoft Office\Office\FRONTPG.EXE" -> C:\Program Files\Microsoft Office\Office\FRONTPG.EXE [C:\Program Files\Microsoft Office\Office\FRONTPG.EXE:*:Enabled:Microsoft FrontPage] -> [1999/03/20 07:06:38 | 01,990,730 | R--- | M] (Microsoft Corporation)
"C:\Program Files\mIRC\mirc.exe" -> C:\Program Files\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> [2007/08/14 04:45:09 | 01,949,696 | ---- | M] (mIRC Co. Ltd.)
"C:\Program Files\SmartFTP\SmartFTP.exe" -> C:\Program Files\SmartFTP\SmartFTP.exe [C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP] -> [2005/03/23 21:08:32 | 01,593,344 | ---- | M] (SmartFTP)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found
"C:\Program Files\Zone.com Deluxe Games\Wheel of Fortune Deluxe\Wheel of Fortune Deluxe.exe" -> C:\Program Files\Zone.com Deluxe Games\Wheel of Fortune Deluxe\Wheel of Fortune Deluxe.exe [C:\Program Files\Zone.com Deluxe Games\Wheel of Fortune Deluxe\Wheel of Fortune Deluxe.exe:*:Enabled:Wheel of Fortune Deluxe] -> [2003/10/23 10:06:32 | 00,540,672 | ---- | M] (Sony Pictures Digital Networks Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2004/08/03 19:07:00 | 00,049,536 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

[Registry - Additional Scans - Safe List]
< ColumnHandlers - Folder [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ ->
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> [2004/12/14 03:20:02 | 00,110,592 | ---- | M] (Adobe Systems, Inc.)
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 23:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk -> %SystemDrive%\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA9.EXE -> [1999/02/17 22:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PlexTools Professional.lnk -> %ProgramFiles%\Plextor\PlexTool.exe -> [2004/03/30 15:48:02 | 05,165,056 | ---- | M] (Plextor SA/NV)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> [2004/10/22 04:47:02 | 00,806,912 | ---- | M] (Intuit, Inc.)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
CookiePatrol hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\PestPatrol\CookiePatrol.exe -> [2005/01/10 11:35:16 | 00,073,728 | ---- | M] (Computer Associates International)
HP Software Update hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd2.exe -> [2005/02/17 00:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.)
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2007/12/11 12:10:26 | 00,267,048 | ---- | M] (Apple Inc.)
MimBoot hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\mimboot.exe -> [2006/01/19 10:06:16 | 00,011,776 | ---- | M] (Musicmatch, Inc.)
NBJ hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> [2004/09/07 14:55:20 | 01,871,872 | ---- | M] (Ahead Software AG)
NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\NeroCheck.exe -> [2001/07/09 13:50:42 | 00,155,648 | ---- | M] (Ahead Software Gmbh)
PestPatrol Control Center hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\PestPatrol\PPControl.exe -> [2004/11/15 12:49:54 | 00,098,304 | ---- | M] (Computer Associates International)
PPMemCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\PestPatrol\PPMemCheck.exe -> [2004/04/02 16:11:54 | 00,148,480 | ---- | M] ()
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\QuickTime\QTTask.exe -> [2007/12/11 10:56:54 | 00,286,720 | ---- | M] (Apple Inc.)
RemoteControl hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Roxio\Roxio DVDMax Player\PDVDServ.exe -> File not found
RoxioAudioCentral hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
RoxioDragToDisc hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
RoxioEngineUtility hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Roxio Shared\System\EngUtil.exe -> [2003/05/01 19:44:50 | 00,065,536 | ---- | M] (Roxio)
SP2 Connection Patcher hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\SP2 Connection Patcher\SP2ConnPatcher.exe -> [2005/07/11 06:51:08 | 00,409,600 | ---- | M] ()
SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> [2005/11/10 14:03:52 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.)
swg hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/06/19 11:44:41 | 00,068,856 | ---- | M] (Google Inc.)
TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> File not found
updateMgr hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> [2006/03/30 17:45:08 | 00,313,472 | R--- | M] (Adobe Systems Incorporated)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->
"bootini" -> 0 ->
"services" -> 0 ->
"startup" -> 2 ->
"system.ini" -> 0 ->
"win.ini" -> 0 ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2005/05/26 17:22:01 | 00,010,752 | ---- | M] (Microsoft Corporation)
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2004/08/03 19:07:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
.hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2004/08/03 19:07:00 | 00,029,184 | ---- | M] (Microsoft Corporation)
.html [@ = htmlfile] -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE -> [2004/08/03 19:07:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
.inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2004/08/03 19:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
.ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2004/08/03 19:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
.js [@ = jsfile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/03 19:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/03 19:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* ->
.reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2004/08/03 19:07:00 | 00,146,432 | ---- | M] (Microsoft Corporation)
.scr [@ = scrfile] -> "%1" /S ->
.txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2004/08/03 19:07:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
.vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/03 19:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/03 19:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/03 19:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/03 19:07:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> [] ->
HidServ -> [ValueNotFound] ->
Ias -> [] ->
Iprip -> [] ->
Irmon -> [] ->
NWCWorkstation -> [] ->
Nwsapagent -> [] ->
WmdmPmSp -> [] ->
helpsvc -> C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll] -> [2004/08/03 19:07:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKLM] -> No CLSID value
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[Microsoft OLE DB Moniker Binder for Internet Publishing] -> [2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation)
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> [2008/07/06 08:33:47 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.)
msdaipp: [HKLM] -> No CLSID value
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[Microsoft OLE DB Moniker Binder for Internet Publishing] -> [2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2002/05/24 14:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
HelpSvc -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll ->
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP