Trackqoo results::REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"EPSON Stylus CX4600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9AA.EXE /P26 \"EPSON Stylus CX4600 Series\" /O6 \"USB001\" /M \"Stylus CX4600\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe"
"PestPatrol Control Center"="C:\\Program Files\\PestPatrol\\PPControl.exe"
"PPMemCheck"="C:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe"
"CookiePatrol"="C:\\PROGRA~1\\PESTPA~1\\CookiePatrol.exe"
"WildTangent CDA"="\"C:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" /startup \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0500.dll\""
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"CaAvTray"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.2\\THGuard.exe\""
"IP Monitor"="C:\\PROGRA~1\\IPMONI~1\\IPMonitor.exe"
"SoundMan"="SOUNDMAN.EXE"
"winsync"="C:\\WINDOWS\\system32\\naiupp.exe reg_run"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- CA_AntiVirus
{1CE2AA40-1317-11D3-9922-00104B0AD431}
C:\WINDOWS\avshlext.dll
Subkey --- gfxqnnsx
{f81cef23-bc60-491e-a1a6-a3f37abf4c3d}
C:\WINDOWS\system32\gfwle.dll
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}
C:\PROGRA~1\TROJAN~1.2\contmenu.dll
Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRAR\rarext.dll
Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {6EC11407-5B2E-4E25-8BDF-77445B52AB37}
C:\WINDOWS\system32\wuauclt.dll
==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini
dnit.exe
Microsoft Office.lnk
Personal Coach.lnk
==============================
C:\Documents and Settings\David Lim\Start Menu\Programs\Startup
desktop.ini
dnit.exe
Microsoft Office.lnk
Personal Coach.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files
ac3filter.cpl
access.cpl Microsoft Corporation
ALSNDMGR.CPL Realtek Semiconductor Corp.
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nvtuicpl.cpl NVIDIA Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
vgactl.cpl
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
WinPFind results::[COLOR=red]
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
UPX! 2004-04-20 ¿ÀÈÄ 9:58:22 10342 C:\WINDOWS\SYSTEM32\123.45
PEC2 2002-08-29 ¿ÀÀü 5:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
69.59.186.63 2005-09-10 ¿ÀÀü 8:52:44 133120 C:\WINDOWS\SYSTEM32\gfwle.dll
209.66.67.134 2005-09-10 ¿ÀÀü 8:52:44 133120 C:\WINDOWS\SYSTEM32\gfwle.dll
web-nex 2005-09-10 ¿ÀÀü 8:52:44 133120 C:\WINDOWS\SYSTEM32\gfwle.dll
winsync 2005-09-10 ¿ÀÀü 8:52:44 133120 C:\WINDOWS\SYSTEM32\gfwle.dll
69.59.186.63 2005-09-10 ¿ÀÀü 10:42:46 181760 C:\WINDOWS\SYSTEM32\kioorrx.dll
209.66.67.134 2005-09-10 ¿ÀÀü 10:42:46 181760 C:\WINDOWS\SYSTEM32\kioorrx.dll
web-nex 2005-09-10 ¿ÀÀü 10:42:46 181760 C:\WINDOWS\SYSTEM32\kioorrx.dll
winsync 2005-09-10 ¿ÀÀü 10:42:46 181760 C:\WINDOWS\SYSTEM32\kioorrx.dll
UPX! 2005-05-24 ¿ÀÈÄ 4:40:58 RH 195269 C:\WINDOWS\SYSTEM32\LC.exe
PTech 2005-07-12 ¿ÀÈÄ 6:04:22 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 2005-08-04 ¿ÀÈÄ 6:31:38 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 2005-08-04 ¿ÀÈÄ 6:31:38 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 2004-08-04 ¿ÀÀü 12:56:38 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 2004-08-04 ¿ÀÀü 12:56:46 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 2002-08-29 ¿ÀÀü 5:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
69.59.186.63 2005-08-30 ¿ÀÀü 9:47:36 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
209.66.67.134 2005-08-30 ¿ÀÀü 9:47:36 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.97 2005-08-30 ¿ÀÀü 9:47:36 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.77 2005-08-30 ¿ÀÀü 9:47:36 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
web-nex 2005-08-30 ¿ÀÀü 9:47:36 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
winsync 2005-08-30 ¿ÀÀü 9:47:36 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
rec2_run 2005-08-30 ¿ÀÀü 9:47:36 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
Checking %System%\Drivers folder and sub-folders...
PTech 2004-08-03 ¿ÀÈÄ 10:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
2005-07-19 ¿ÀÈÄ 7:18:10 S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
2005-09-10 ¿ÀÀü 10:34:38 H 8192 C:\WINDOWS\system32\config\default.LOG
2005-09-10 ¿ÀÀü 10:38:18 H 1024 C:\WINDOWS\system32\config\SAM.LOG
2005-09-10 ¿ÀÀü 10:34:44 H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
2005-09-10 ¿ÀÀü 10:40:20 H 73728 C:\WINDOWS\system32\config\software.LOG
2005-09-10 ¿ÀÀü 10:36:36 H 917504 C:\WINDOWS\system32\config\system.LOG
2005-08-13 ¿ÀÀü 12:20:58 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2005-08-15 ¿ÀÈÄ 7:18:12 S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
2005-09-05 ¿ÀÈÄ 12:21:16 S 18154 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
2005-09-05 ¿ÀÀü 9:26:46 S 7652 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
2005-08-15 ¿ÀÈÄ 7:18:12 S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
2005-09-05 ¿ÀÈÄ 12:21:16 S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
2005-09-05 ¿ÀÀü 9:26:46 S 134 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
2005-08-24 ¿ÀÀü 1:33:04 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\01673532-5989-4ef4-b9ce-0aef32b9c70f
2005-08-24 ¿ÀÀü 1:33:04 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
2005-07-22 ¿ÀÈÄ 9:40:46 H 8628 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_QI021E.GID
2005-09-10 ¿ÀÀü 10:34:08 H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
2004-05-25 ¿ÀÀü 8:06:58 417792 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 2003-04-24 ¿ÀÈÄ 4:53:22 6842880 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 2004-12-06 ¿ÀÈÄ 9:31:48 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 2002-08-29 ¿ÀÀü 5:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 2002-08-29 ¿ÀÀü 5:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 2003-07-28 ¿ÀÈÄ 2:19:00 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 2002-08-29 ¿ÀÀü 5:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
2005-08-30 ¿ÀÀü 9:47:36 31744 C:\WINDOWS\SYSTEM32\vgactl.cpl
Microsoft Corporation 2004-08-04 ¿ÀÀü 12:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 2005-05-26 ¿ÀÀü 4:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 2002-08-29 ¿ÀÀü 5:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 2002-08-29 ¿ÀÀü 5:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 2002-08-29 ¿ÀÀü 5:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 2005-05-26 ¿ÀÀü 4:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Realtek Semiconductor Corp. 2003-04-24 ¿ÀÈÄ 4:53:22 6842880 C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\ALSNDMGR.CPL
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
2005-04-08 ¿ÀÈÄ 1:42:48 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
2005-09-10 ¿ÀÀü 10:42:46 417792 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dnit.exe
2004-05-09 ¿ÀÈÄ 10:11:18 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
2005-06-18 ¿ÀÈÄ 1:50:36 681 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
2005-04-08 ¿ÀÀü 6:34:00 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
Checking files in %USERPROFILE%\Startup folder...
2005-04-08 ¿ÀÈÄ 1:42:48 HS 84 C:\Documents and Settings\David Lim\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
2005-04-08 ¿ÀÀü 6:34:00 HS 62 C:\Documents and Settings\David Lim\Application Data\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
Istarhere.com Toolbar =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CA_AntiVirus
{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\gfxqnnsx
{f81cef23-bc60-491e-a1a6-a3f37abf4c3d} = C:\WINDOWS\system32\gfwle.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\CA_AntiVirus
{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}
= C:\WINDOWS\system32\wuauclt.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Viewpoint Toolbar BHO = C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} = Viewpoint Toolbar : C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3369AF0D-62E9-4bda-8103-B4C75499B578}
ButtonText = AOL Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{D940F380-49C7-4A05-9E33-53930AF5768F} = IstartHere Toolbar : C:\Program Files\IstartHere Toolbar\setup.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
EPSON Stylus CX4600 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
Picasa Media Detector C:\Program Files\Picasa2\PicasaMediaDetector.exe
iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
PestPatrol Control Center C:\Program Files\PestPatrol\PPControl.exe
PPMemCheck C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
CookiePatrol C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
WildTangent CDA "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
CaAvTray "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
CAVRID "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
NeroCheck C:\WINDOWS\system32\\NeroCheck.exe
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
IP Monitor C:\PROGRA~1\IPMONI~1\IPMonitor.exe
SoundMan SOUNDMAN.EXE
winsync C:\WINDOWS\system32\naiupp.exe reg_run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
EZ Smileys "C:\Program Files\EZ Smileys For AOL Instant Messenger\EZSmileys.exe"
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Google Desktop Search "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
EPSON Stylus CX4600 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
IPMonitor
MimarSinan Rubber Ducky "C:\Program Files\MimarSinan Rubber Ducky\RubberDucky.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
mxz C:\WINDOWS\System32\mxz.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
shutdownwithoutlogon 1
undockwithoutlogon 1
LegalNoticeText
LegalNoticeCaption
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
lfnis.exe C:\WINDOWS\system\lfnis.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB
= C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.9 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 2005-09-10 ¿ÀÀü 10:50:33
New Fresh HiJackThis log::[COLOR=red]
Logfile of HijackThis v1.99.1
Scan saved at ?? 11:01:08, on 2005-09-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\IP Monitor\IPMonSvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MimarSinan Rubber Ducky\RubberDucky.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\David Lim\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.istarthere.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.softomate.com/defultsearch/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [IP Monitor] C:\PROGRA~1\IPMONI~1\IPMonitor.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\naiupp.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EZ Smileys] "C:\Program Files\EZ Smileys For AOL Instant Messenger\EZSmileys.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Personal Coach.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) -
http://go.microsoft....467&clcid=0x409O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by107fd.bay10...es/MsnPUpld.cabO16 - DPF: {6FC8738C-1723-4990-BD6E-5633AD3BC6E8} -
http://down.c-zero.c...1/CZInstall.CABO16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) -
http://cafeimg.hanma...ab9_1/dmcc2.cabO16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) -
http://player.bugs.c...l/mv/XTools.cabO16 - DPF: {AD08A7E2-BA60-4733-92E3-A7AA0C0A39E2} (butterple Control) -
http://blogfile.para..._butterplay.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/...ro.cab34246.cabO16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) -
http://player.bugs.c...der20041018.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -
http://fdl.msn.com/z...s/heartbeat.cabO20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: IP Monitor Network Address Monitor (IP Monitor) - Barefoot Productions, Inc. - C:\Program Files\IP Monitor\IPMonSvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
thanks