heres the winpfind log:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
UPX! 7/9/2005 4:03:06 AM 433152 C:\WINDOWS\SYSTEM32\aswBoot.exe
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
69.59.186.63 8/3/2005 11:43:08 AM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
209.66.67.134 8/3/2005 11:43:08 AM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.97 8/3/2005 11:43:08 AM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.77 8/3/2005 11:43:08 AM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
web-nex 8/3/2005 11:43:08 AM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
winsync 8/3/2005 11:43:08 AM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
rec2_run 8/3/2005 11:43:08 AM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
PEC2 8/23/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 6/9/2005 3:32:28 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 6/9/2005 3:32:28 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
Umonitor 8/5/2005 7:29:34 PM 417792 C:\WINDOWS\SYSTEM32\dvkquoui.dll
WinShutDown 8/5/2005 7:29:34 PM 417792 C:\WINDOWS\SYSTEM32\dvkquoui.dll
Umonitor 8/7/2005 4:39:54 PM 417792 C:\WINDOWS\SYSTEM32\guard.tmp
WinShutDown 8/7/2005 4:39:54 PM 417792 C:\WINDOWS\SYSTEM32\guard.tmp
Umonitor 8/7/2005 9:13:26 PM 417792 C:\WINDOWS\SYSTEM32\iz32_32.dll
WinShutDown 8/7/2005 9:13:26 PM 417792 C:\WINDOWS\SYSTEM32\iz32_32.dll
aspack 8/7/2003 2:01:52 PM 126464 C:\WINDOWS\SYSTEM32\lame_enc.dll
PECompact2 8/4/2005 8:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 8:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/5/2002 2:40:18 PM 332288 C:\WINDOWS\SYSTEM32\msvcp70.dll
aspack 1/6/2002 5:37:26 AM 194048 C:\WINDOWS\SYSTEM32\msvcr70.dll
aspack 6/2/2004 4:46:12 PM 528896 C:\WINDOWS\SYSTEM32\NCTAudioCompress2.dll
aspack 6/2/2004 4:51:08 PM 622592 C:\WINDOWS\SYSTEM32\NCTAudioFile2.dll
aspack 6/4/2004 1:41:02 PM 150528 C:\WINDOWS\SYSTEM32\NCTAVIFile.dll
aspack 5/12/2004 6:01:08 PM 367616 C:\WINDOWS\SYSTEM32\NCTMPEGFile.dll
aspack 6/4/2004 4:09:32 PM 101376 C:\WINDOWS\SYSTEM32\NCTQuickTimeFile.dll
aspack 6/4/2004 1:40:18 PM 83968 C:\WINDOWS\SYSTEM32\NCTRMFile.dll
aspack 6/8/2004 11:39:16 AM 235520 C:\WINDOWS\SYSTEM32\NCTVideoCompress.dll
aspack 6/8/2004 11:50:56 AM 66560 C:\WINDOWS\SYSTEM32\NCTVideoFile.dll
aspack 6/4/2004 4:08:20 PM 90112 C:\WINDOWS\SYSTEM32\NCTWMVFile.dll
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
Umonitor 8/10/2005 8:01:54 AM 417792 C:\WINDOWS\SYSTEM32\sfndmail.dll
WinShutDown 8/10/2005 8:01:54 AM 417792 C:\WINDOWS\SYSTEM32\sfndmail.dll
winsync 8/23/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder for system and hidden files within the last 60 days...
8/10/2005 8:35:48 AM 54156 C:\WINDOWS\QTFont.qfn
6/14/2005 5:53:04 PM 749 C:\WINDOWS\WindowsShell.Manifest
6/14/2005 5:53:10 PM 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
6/20/2005 12:45:56 PM 59556 C:\WINDOWS\Downloaded Program Files\Doremi.ttf
6/14/2005 5:53:48 PM 67 C:\WINDOWS\Fonts\desktop.ini
7/23/2005 8:34:46 PM 0 C:\WINDOWS\inf\oem27.inf
7/23/2005 8:41:22 PM 0 C:\WINDOWS\inf\oem28.inf
7/23/2005 8:43:28 PM 0 C:\WINDOWS\inf\oem29.inf
6/14/2005 5:53:10 PM 65 C:\WINDOWS\Offline Web Pages\desktop.ini
6/14/2005 5:53:26 PM 242478 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_1.cab
6/14/2005 5:53:26 PM 19959 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_2.cab
6/14/2005 5:53:26 PM 727 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_3.cab
7/26/2005 12:15:56 PM 305145 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_5.cab
7/26/2005 12:18:24 PM 68327 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_6.cab
6/14/2005 5:54:20 PM 233472 C:\WINDOWS\repair\ntuser.dat
6/14/2005 5:53:04 PM 749 C:\WINDOWS\system32\cdplayer.exe.manifest
6/14/2005 5:53:10 PM 488 C:\WINDOWS\system32\logonui.exe.manifest
6/14/2005 5:53:04 PM 749 C:\WINDOWS\system32\ncpa.cpl.manifest
6/14/2005 5:53:04 PM 749 C:\WINDOWS\system32\nwc.cpl.manifest
6/14/2005 5:53:04 PM 749 C:\WINDOWS\system32\sapi.cpl.manifest
6/14/2005 5:53:10 PM 488 C:\WINDOWS\system32\WindowsLogon.manifest
6/14/2005 5:53:04 PM 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
8/10/2005 8:47:12 AM 16384 C:\WINDOWS\system32\config\default.LOG
8/10/2005 8:47:08 AM 1024 C:\WINDOWS\system32\config\SAM.LOG
8/10/2005 8:46:50 AM 12288 C:\WINDOWS\system32\config\SECURITY.LOG
8/10/2005 8:47:12 AM 151552 C:\WINDOWS\system32\config\software.LOG
8/10/2005 8:46:54 AM 856064 C:\WINDOWS\system32\config\system.LOG
6/14/2005 12:39:50 PM 1024 C:\WINDOWS\system32\config\TempKey.LOG
6/14/2005 12:39:50 PM 1024 C:\WINDOWS\system32\config\userdiff.LOG
8/9/2005 5:19:36 PM 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
6/14/2005 12:41:48 PM 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
6/14/2005 12:41:48 PM 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
6/14/2005 5:53:30 PM 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
6/14/2005 5:53:30 PM 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
6/14/2005 5:53:30 PM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
6/14/2005 5:53:30 PM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
6/14/2005 5:53:30 PM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4LEFKTIF\desktop.ini
6/14/2005 5:53:30 PM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8XU7OPM7\desktop.ini
6/14/2005 5:53:30 PM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CX2NW92F\desktop.ini
6/14/2005 5:53:30 PM 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KTIFO1IB\desktop.ini
6/14/2005 5:53:12 PM 181 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
6/14/2005 12:41:48 PM 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
6/14/2005 5:54:14 PM 206 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
6/14/2005 5:54:14 PM 482 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
6/14/2005 5:54:14 PM 348 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
6/14/2005 5:54:14 PM 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
6/14/2005 5:54:14 PM 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
7/23/2005 8:45:58 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\ae19809c-dd1d-474a-bbf7-ba2ca7d878b1
7/23/2005 8:45:58 PM 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
8/4/2005 6:51:36 PM 206 C:\WINDOWS\Tasks\RUTASK.job
8/10/2005 8:45:24 AM 6 C:\WINDOWS\Tasks\SA.DAT
7/26/2005 12:22:34 PM 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
7/26/2005 12:22:32 PM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
7/26/2005 12:22:32 PM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\A5SPMHMN\desktop.ini
7/26/2005 12:22:32 PM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ATOP8LGT\desktop.ini
7/26/2005 12:22:32 PM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\O7QRMTO1\desktop.ini
7/26/2005 12:22:32 PM 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SX0Z2FKH\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
6/20/2005 1:00:56 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
6/20/2005 8:47:00 PM 1469 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LimeWire 4.0.8 Pro.lnk
7/15/2005 1:37:18 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
6/15/2005 2:18:10 PM 1758 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{2473CCD9-71CB-4A08-B070-EC78AA0CC6B1} = C:\WINDOWS\system32\ndevtmsg.dll
{779618F3-278C-4843-9849-E82E7864FFE9} = C:\WINDOWS\system32\ozethk32.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = F:\Avast\ashShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fqkgqtmg
{32971447-a2db-493d-a7de-13b0ac579bdf} = C:\WINDOWS\system32\jbkdb.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = F:\Avast\ashShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : H:\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMan SOUNDMAN.EXE
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
SmcService C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
avast! F:\Avast\ashDisp.exe
LogonStudio "F:\Stardock\LogonStudio\logonstudio.exe" /RANDOM
iTunesHelper "H:\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
mscin C:\WINDOWS\system32\m190309.EXE
System service62 C:\WINDOWS\etb\pokapoka62.exe
BullsEye Network C:\Program Files\BullsEye Network\bin\bargains.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PopUpStopperFreeEdition "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
Steam "g:\valve\steam\steam.exe" -silent
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
AIM H:\AIM\aim.exe -cnetwait.odl
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} = C:\PROGRA~1\COMMON~1\Stardock\mcpcore.dll
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage
= C:\WINDOWS\system32\iMssdo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs wbsys.dll
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.9 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/10/2005 8:55:07 AM
======================================================================================
and heres the vbscript report:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"avast!"="F:\\Avast\\ashDisp.exe"
"LogonStudio"="\"F:\\Stardock\\LogonStudio\\logonstudio.exe\" /RANDOM"
"iTunesHelper"="\"H:\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"mscin"="C:\\WINDOWS\\system32\\m190309.EXE"
"System service62"="C:\\WINDOWS\\etb\\pokapoka62.exe"
"BullsEye Network"="C:\\Program Files\\BullsEye Network\\bin\\bargains.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- avast
{472083B0-C522-11CF-8763-00608CC02F24}
F:\Avast\ashShell.dll
Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll
Subkey --- fqkgqtmg
{32971447-a2db-493d-a7de-13b0ac579bdf}
C:\WINDOWS\system32\jbkdb.dll
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRAR\rarext.dll
Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk
desktop.ini
LimeWire 4.0.8 Pro.lnk
Microsoft Office.lnk
Microtek Scanner Finder.lnk
==============================
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk
desktop.ini
LimeWire 4.0.8 Pro.lnk
Microsoft Office.lnk
Microtek Scanner Finder.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files
ALSNDMGR.CPL Realtek Semiconductor Corp.
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nvtuicpl.cpl NVIDIA Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
Edited by Aknightwhosezni, 10 August 2005 - 10:02 AM.