Post by: Ghostalone on March 04, 2006, 03:00:07 AM
I think I might have gotten a virus from AIM earlier. I'm not sure though, what do you think?
Logfile of HijackThis v1.99.1
Scan saved at 11:57:09 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.alienware.com/Mothership?Comp=AWC&SysCode=PC-AURORA-7500&ai=636E3D33323636393926706F3D504F2D33343535323441
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Thank you
Post by: guestolo on March 04, 2006, 10:13:00 AM
But just in case, can you do the following please
Download and save to your desktop AIMFix.exe by JayLoden (http://\"http://www.jayloden.com/AIMFix.exe\")
Do a "System scan only" with Hijackthis and put a check next to these entries:
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
NOTE: Don't let Microsoft AntiSpyware interfere with the change
ALLOW any changes if prompted
Double click on Aimfix.exe to run it
Reboot the computer
Come back and post the Aimfix.log if anything bad was found please
Post by: Ghostalone on March 04, 2006, 01:45:35 PM
Here is the AIMFix log:
AIMFix version: 1.5.33.246
SeDebug Privilege set successfully
***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***
C:\DOCUME~1\TEDTRE~1\LOCALS~1\Temp\update.exe found, attempting to remove...
C:\DOCUME~1\TEDTRE~1\LOCALS~1\Temp\update.exe quarantined
C:\Documents and Settings\Ted Trezise\Application Data\Aim\lubaume\info.htm quarantined
Profile for lubaume edited to remove possible virus code.
***RUN COMPLETED. ANY FILES REMOVED LISTED ABOVE***
----------------------------------------------------------
Post by: guestolo on March 04, 2006, 06:33:50 PM
I'm just on my way out to work in the yard
But can you please do the following
==Download and Install
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer
Run Aimfix one more time and then reboot your computer
Let me know if Aimfix was clean
Post by: Ghostalone on March 04, 2006, 08:12:01 PM
Well, I have been crashing unexpectedly lately, but here's the AIMFix Log
AIMFix version: 1.5.33.246
SeDebug Privilege set successfully
***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***
***RUN COMPLETED. ANY FILES REMOVED LISTED ABOVE***
----------------------------------------------------------
Thanks for your help Questolo, I really appreciate it.
Post by: guestolo on March 04, 2006, 09:13:58 PM
Can you do the following if you can
Download and save WinPFind.zip (http://\"http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip\")
UNZIP the contents to your desktop
Don't run it yet
RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter
In safe mode
Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Select "Configure Scan Options"
Under Run Addon's on the right hand side
Put a tick in all the empty boxes then click Apply
Click START SCAN
Let this finish, a log will open so you will know it's done
Close out after
Reboot back to Normal mode
Back in Windows
Post the results of the WindPFind.txt located in the WinPFind folder
Post by: Ghostalone on March 04, 2006, 11:23:15 PM
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 8/22/2004 4:04:56 PM 69120 C:\WINDOWS\daemon.dll
Checking %System% folder...
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 7/22/2005 6:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
PEC2 8/3/2004 11:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 11/4/2005 4:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 2/7/2006 9:23:40 PM 4513120 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 2/7/2006 9:23:40 PM 4513120 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/3/2004 11:00:00 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/3/2004 11:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/3/2004 11:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
3/4/2006 7:59:14 PM S 2048 C:\WINDOWS\bootstat.dat
3/4/2006 5:29:20 PM H 54156 C:\WINDOWS\QTFont.qfn
1/13/2006 12:34:32 PM S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat
1/3/2006 9:39:38 PM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911927.cat
1/13/2006 11:28:32 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB913446.cat
3/4/2006 7:59:12 PM H 8192 C:\WINDOWS\system32\config\default.LOG
3/4/2006 7:59:20 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
3/4/2006 7:59:14 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
3/4/2006 7:59:22 PM H 81920 C:\WINDOWS\system32\config\software.LOG
3/4/2006 7:59:16 PM H 1126400 C:\WINDOWS\system32\config\system.LOG
2/16/2006 9:23:28 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
1/8/2006 1:17:30 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b7cbaade-fa20-41d6-bfec-f30f72da4c7e
1/8/2006 1:17:30 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
3/4/2006 7:58:00 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/3/2004 11:00:00 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Creative Technology Ltd. 5/28/2001 9:47:00 AM 32768 C:\WINDOWS\SYSTEM32\AudioHQU.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Logitech Inc. 6/30/2003 7:58:48 PM 135168 C:\WINDOWS\SYSTEM32\CamCpl.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 2:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
12/10/2005 3:06:00 AM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 12:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 8/3/2004 11:00:00 PM 162304 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
10/17/2005 9:17:58 AM 1816 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
1/27/2005 5:15:20 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Checking files in %ALLUSERSPROFILE%\Application Data folder...
1/27/2005 9:09:28 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
3/3/2006 4:23:32 PM 1362 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Checking files in %USERPROFILE%\Startup folder...
1/27/2005 5:15:20 PM HS 84 C:\Documents and Settings\Ted Trezise\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
11/14/2005 11:08:46 AM 885 C:\Documents and Settings\Ted Trezise\Application Data\AdobeDLM.log
1/27/2005 9:09:28 AM HS 62 C:\Documents and Settings\Ted Trezise\Application Data\desktop.ini
11/14/2005 11:08:46 AM 0 C:\Documents and Settings\Ted Trezise\Application Data\dm.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} C:\Program Files\Google\Gmail Notifier\gnotify.exe
NVIDIA nTune "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
DAEMON Tools-1033 "C:\Program Files\D-Tools\daemon.exe" -lang 1033
CTHelper CTHELPER.EXE
CTDVDDET C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
AsioReg REGSVR32.EXE /S CTASIO.DLL
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
nwiz nwiz.exe /install
NvMediaCenter RunDLL32.exe NvMCTray.dll,NvTaskbarInit
CoolSwitch C:\WINDOWS\system32\taskswitch.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
UltraMon "C:\Program Files\UltraMon\UltraMon.exe" /auto
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DeadAIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DeadAIM
hkey HKLM
command rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DeadAIM
hkey HKLM
command rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gcasServ
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gcasServ
hkey HKLM
command "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gcasServ
hkey HKLM
command "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lexmark 2200 Series
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lxbvbmgr
hkey HKLM
command "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lxbvbmgr
hkey HKLM
command "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoRepair
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ISStart
hkey HKLM
command C:\Program Files\Logitech\Video\ISStart.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ISStart
hkey HKLM
command C:\Program Files\Logitech\Video\ISStart.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LogiTray
hkey HKLM
command C:\Program Files\Logitech\Video\LogiTray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LogiTray
hkey HKLM
command C:\Program Files\Logitech\Video\LogiTray.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RunDLL32
hkey HKLM
command RunDLL32.exe NvMCTray.dll,NvTaskbarInit
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RunDLL32
hkey HKLM
command RunDLL32.exe NvMCTray.dll,NvTaskbarInit
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteCenter
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RCMan
hkey HKCU
command C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RCMan
hkey HKCU
command C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SBDrvDet
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SBDrvDet
hkey HKLM
command C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SBDrvDet
hkey HKLM
command C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updateMgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AdobeUpdateManager
hkey HKCU
command C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AdobeUpdateManager
hkey HKCU
command C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UpdReg
hkey HKLM
command C:\WINDOWS\UpdReg.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UpdReg
hkey HKLM
command C:\WINDOWS\UpdReg.EXE
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vptray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item VPTray
hkey HKLM
command C:\PROGRA~1\SYMANT~1\VPTray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item VPTray
hkey HKLM
command C:\PROGRA~1\SYMANT~1\VPTray.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINDOWS\system32\NavLogon.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
<<<<<<<<<< Checking for AddOn Monitors.def information >>>>>>>>>>
Parameter line : regkey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors found!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\BJ Language Monitor
Driver cnbjmon.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Lexmark Network Port
Driver LEXLMPM.DLL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Local Port
Driver localspl.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Microsoft Document Imaging Writer Monitor
Driver mdimon.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\PJL Language Monitor
Driver pjlmon.dll
EOJTimeout 60000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port
Driver tcpmon.dll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports
StatusUpdateInterval 10
StatusUpdateEnabled 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor
Driver usbmon.dll
<<<<<<<<<< Checking for AddOn OpenCommand.def information >>>>>>>>>>
>>>>>>>>>> Exporting Shell Open\Command entries
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\batfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\batfile\shell\open\command found!
"%1" %*
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\comfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\comfile\shell\open\command found!
"%1" %*
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command found!
"%1" %*
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\piffile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\piffile\shell\open\command found!
"%1" %*
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\regfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\regfile\shell\open\command found!
regedit.exe "%1"
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\scrfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\scrfile\shell\open\command found!
"%1" /S
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\vbsfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\vbsfile\shell\open\command found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\htmlfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\htmlfile\shell\open\command found!
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\http\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\http\shell\open\command found!
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mp3file\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mp3file\shell\open\command found!
"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mpegfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mpegfile\shell\open\command found!
"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\jsfile\shell\open\command;;
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\jsfile\shell\open\command found!
<<<<<<<<<< Checking for AddOn Policies.def information >>>>>>>>>>
<<<<<<<<<< Checking for AddOn Qoologic.def information >>>>>>>>>>
>>>>>>>>>> Search by size and name
>>>>>>>>>> Files found by this method are not necessarily bad
>>>>>>>>>> Example PNGFILT.DLL is a windows file
Parameter line : file=%sysdir%;*.exe;150;61952;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 61952 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;7680;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 7680 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;91648;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 91648 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;81920;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 81920 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;7168;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 7168 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;65536;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 65536 bytes was not found!
Parameter line : file=%sysdir%;redit.cpl;;;;;
File C:\WINDOWS\SYSTEM32\redit.cpl was not found!
Parameter line : file=%sysdir%;conres.cpl;;;;;
File C:\WINDOWS\SYSTEM32\conres.cpl was not found!
Parameter line : file=%sysdir%;datadx.dll;;;;;
File C:\WINDOWS\SYSTEM32\datadx.dll was not found!
Parameter line : file=%sysdir%;*.dll;150;10240;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 10240 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;46080;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 46080 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;34816;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 34816 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;16384;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 16384 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;29184;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 29184 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;26624;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 26624 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;9728;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 9728 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;10843;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 10843 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;18432;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 18432 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;23040;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 23040 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;17920;;;
File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 17920 bytes was not found!
Parameter line : file=%allusers%\start menu\programs\startup;*.exe;;;;;
File C:\Documents and Settings\All Users\start menu\programs\startup\*.exe was not found!
>>>>>>>>>> Misc Checks
Parameter line : file=%sysdir%;*.dat;150;81920;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 81920 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;61952;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 61952 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;65536;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 65536 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;7680;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 7680 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;91648;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 91648 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;7168;;;
File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 7168 bytes was not found!
Parameter line : file=%windir%;*.dll;150;10843;;;
File C:\WINDOWS\*.dll for today - 150 days with a size of 10843 bytes was not found!
Parameter line : file=%windir%;*.dll;150;3950;;;
File C:\WINDOWS\*.dll for today - 150 days with a size of 3950 bytes was not found!
Parameter line : file=%windir%;*.dll;150;3943;;;
File C:\WINDOWS\*.dll for today - 150 days with a size of 3943 bytes was not found!
<<<<<<<<<< Checking for AddOn RDriv.def information >>>>>>>>>>
Registry Entries
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center found!
FirstRunDisabled 1
AntiVirusDisableNotify 0
FirewallDisableNotify 0
UpdatesDisableNotify 0
AntiVirusOverride 0
FirewallOverride 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Updates;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Updates not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center AntiVirus;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center AntiVirus not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Firewall;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Firewall not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\OLE;;
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE found!
EnableDCOM Y
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat\ActivationSecurityCheckExemptionList
{A50398B8-9075-4FBF-A7A1-456BF21937AD} 1
{AD65A69D-3831-40D7-9629-9B0B50A93843} 1
{0040D221-54A1-11D1-9DE0-006097042D69} 1
{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} 1
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iTunesMusic;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iTunesMusic not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ITUNESMUSIC;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ITUNESMUSIC not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_RDRIV;;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_RDRIV not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate;;
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall;;
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters;;
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters found!
autodisconnect 15
enableforcedlogoff 1
enablesecuritysignature 0
requiresecuritysignature 0
Lmannounce 0
Size 1
Guid ÕW³æÛM‚CÄSyf L
AdjustedNullSessionPipes 1
CachedOpenLimit 0
Parameter line : RegKey=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanworkstation\parameters;;
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanworkstation\parameters found!
enableplaintextpassword 0
enablesecuritysignature 1
requiresecuritysignature 0
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions;;
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions found!
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00022613-0000-0000-C000-000000000046} Multimedia File Property Sheet
{176d6597-26d3-11d1-b350-080036a75b03} ICM Scanner Management
{1F2E5C40-9550-11CE-99D2-00AA006E086C} NTFS Security Page
{3EA48300-8CF6-101B-84FB-666CCB9BCD32} OLE Docfile Property Page
{40dd6e20-7c17-11ce-a804-00aa003ca9f6} Shell extensions for sharing
{41E300E0-78B6-11ce-849B-444553540000} PlusPack CPL Extension
{42071712-76d4-11d1-8b24-00a0c9068ff3} Display Adapter CPL Extension
{42071713-76d4-11d1-8b24-00a0c9068ff3} Display Monitor CPL Extension
{42071714-76d4-11d1-8b24-00a0c9068ff3} Display Panning CPL Extension
{4E40F770-369C-11d0-8922-00A024AB2DBB} DS Security Page
{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} Compatibility Page
{56117100-C0CD-101B-81E2-00AA004AE837} Shell Scrap DataHandler
{59099400-57FF-11CE-BD94-0020AF85B590} Disk Copy Extension
{59be4990-f85c-11ce-aff7-00aa003ca9f6} Shell extensions for Microsoft Windows Network objects
{5DB2625A-54DF-11D0-B6C4-0800091AA605} ICM Monitor Management
{675F097E-4C4D-11D0-B6C1-0800091AA605} ICM Printer Management
{764BF0E1-F219-11ce-972D-00AA00A14F56} Shell extensions for file compression
{77597368-7b15-11d0-a0c2-080036af3f03} Web Printer Shell Extension
{7988B573-EC89-11cf-9C00-00AA00A14F56} Disk Quota UI
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} Encryption Context Menu
{85BBD920-42A0-1069-A2E4-08002B30309D} Briefcase
{88895560-9AA2-1069-930E-00AA0030EBC8} HyperTerminal Icon Ext
{BD84B380-8CA2-1069-AB1D-08000948F534} Fonts
{DBCE2480-C732-101B-BE72-BA78E9AD5B27} ICC Profile
{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} Printers Security Page
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} Shell extensions for sharing
{f92e8c40-3d33-11d2-b1aa-080036a75b03} Display TroubleShoot CPL Extension
{7444C717-39BF-11D1-8CD9-00C04FC29D45} Crypto PKO Extension
{7444C719-39BF-11D1-8CD9-00C04FC29D45} Crypto Sign Extension
{7007ACC7-3202-11D1-AAD2-00805FC1270E} Network Connections
{992CFFA0-F557-101A-88EC-00DD010CCC48} Network Connections
{E211B736-43FD-11D1-9EFB-0000F8757FCD} Scanners & Cameras
{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} Scanners & Cameras
{905667aa-acd6-11d2-8080-00805f6596d2} Scanners & Cameras
{3F953603-1008-4f6e-A73A-04AAC7A992F1} Scanners & Cameras
{83bbcbf3-b28a-4919-a5aa-73027445d672} Scanners & Cameras
{F0152790-D56E-4445-850E-4F3117DB740C} Remote Sessions CPL Extension
{60254CA5-953B-11CF-8C96-00AA00B8708C} Shell extensions for Windows Script Host
{2206CDB2-19C1-11D1-89E0-00C04FD7A829} Microsoft Data Link
{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} Tasks Folder Icon Handler
{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} Tasks Folder Shell Extension
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} Scheduled Tasks
{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} Set Program Access and Defaults
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} Auto Update Property Sheet Extension
{0DF44EAA-FF21-4412-828E-260A8728E7F1} Taskbar and Start Menu
{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} Search
{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} Help and Support
{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} Help and Support
{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} Run...
{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} Internet
{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} E-mail
{D20EA4E1-3957-11d2-A40B-0C5020524152} Fonts
{D20EA4E1-3957-11d2-A40B-0C5020524153} Administrative Tools
{596AB062-B4D2-4215-9F74-E9109B0A8153} Previous Versions Property Page
{9DB7A13C-F208-4981-8353-73CC61AE2783} Previous Versions
{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} Audio Media Properties Handler
{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} Video Media Properties Handler
{E4B29F9D-D390-480b-92FD-7DDB47101D71} Wav Properties Handler
{87D62D94-71B3-4b9a-9489-5FE6850DC73E} Avi Properties Handler
{A6FD9E45-6E44-43f9-8644-08598F5A74D9} Midi Properties Handler
{c5a40261-cd64-4ccf-84cb-c394da41d590} Video Thumbnail Extractor
{5E6AB780-7743-11CF-A12B-00AA004AE837} Microsoft Internet Toolbar
{22BF0C20-6DA7-11D0-B373-00A0C9034938} Download Status
{91EA3F8B-C99B-11d0-9815-00C04FD91972} Augmented Shell Folder
{6413BA2C-B461-11d1-A18A-080036B11A03} Augmented Shell Folder 2
{F61FFEC1-754F-11d0-80CA-00AA005B4383} BandProxy
{7BA4C742-9E81-11CF-99D3-00AA004AE837} Microsoft BrowserBand
{30D02401-6A81-11d0-8274-00C04FD5AE38} Search Band
{169A0691-8DF9-11d1-A1C4-00C04FD75D13} In-pane search
{07798131-AF23-11d1-9111-00A0C98BA67D} Web Search
{AF4F6510-F982-11d0-8595-00AA004CD6D8} Registry Tree Options Utility
{01E04581-4EEE-11d0-BFE9-00AA005B4383} &Address
{A08C11D2-A228-11d0-825B-00AA005B4383} Address EditBox
{00BB2763-6A77-11D0-A535-00C04FD7D062} Microsoft AutoComplete
{7376D660-C583-11d0-A3A5-00C04FD706EC} TridentImageExtractor
{6756A641-DE71-11d0-831B-00AA005B4383} MRU AutoComplete List
{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} Custom MRU AutoCompleted List
{7e653215-fa25-46bd-a339-34a2790f3cb7} Accessible
{acf35015-526e-4230-9596-becbe19f0ac9} Track Popup Bar
{00BB2764-6A77-11D0-A535-00C04FD7D062} Microsoft History AutoComplete List
{03C036F1-A186-11D0-824A-00AA005B4383} Microsoft Shell Folder AutoComplete List
{00BB2765-6A77-11D0-A535-00C04FD7D062} Microsoft Multiple AutoComplete List Container
{ECD4FC4E-521C-11D0-B792-00A0C90312E1} Shell Band Site Menu
{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} Shell DeskBarApp
{ECD4FC4C-521C-11D0-B792-00A0C90312E1} Shell DeskBar
{ECD4FC4D-521C-11D0-B792-00A0C90312E1} Shell Rebar BandSite
{DD313E04-FEFF-11d1-8ECD-0000F87A470C} User Assist
{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} Global Folder Settings
{EFA24E61-B078-11d0-89E4-00C04FC9E26E} Favorites Band
{0A89A860-D7B1-11CE-8350-444553540000} Shell Automation Inproc Service
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} Shell DocObject Viewer
{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} Microsoft Browser Architecture
{FBF23B40-E3F0-101B-8488-00AA003E56F8} InternetShortcut
{3C374A40-BAE4-11CF-BF7D-00AA006946EE} Microsoft Url History Service
{FF393560-C2A7-11CF-BFF4-444553540000} History
{7BD29E00-76C1-11CF-9DD0-00A0C9034933} Temporary Internet Files
{7BD29E01-76C1-11CF-9DD0-00A0C9034933} Temporary Internet Files
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} Microsoft Url Search Hook
{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} IE4 Suite Splash Screen
{67EA19A0-CCEF-11d0-8024-00C04FD75D13} CDF Extension Copy Hook
{131A6951-7F78-11D0-A979-00C04FD705A2} ISFBand OC
{9461b922-3c5a-11d2-bf8b-00c04fb93661} Search Assistant OC
{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} The Internet
{871C5380-42A0-1069-A2EA-08002B30309D} Internet Name Space
{EFA24E64-B078-11d0-89E4-00C04FC9E26E} Explorer Band
{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} Sendmail service
{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} Sendmail service
{88C6C381-2E85-11D0-94DE-444553540000} ActiveX Cache Folder
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} WebCheck
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} Subscription Mgr
{F5175861-2688-11d0-9C5E-00AA00A45957} Subscription Folder
{08165EA0-E946-11CF-9C87-00AA005127ED} WebCheckWebCrawler
{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} WebCheckChannelAgent
{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} TrayAgent
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} Code Download Agent
{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} ConnectionAgent
{D8BD2030-6FC9-11D0-864F-00AA006809D9} PostAgent
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} WebCheck SyncMgr Handler
{352EC2B7-8B9A-11D1-B8AE-006008059382} Shell Application Manager
{0B124F8F-91F0-11D1-B8B5-006008059382} Installed Apps Enumerator
{CFCCC7A0-A282-11D1-9082-006008059382} Darwin App Publisher
{e84fda7c-1d6a-45f6-b725-cb260c236066} Shell Image Verbs
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} Shell Image Data Factory
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} Autoplay for SlideShow
{3F30C968-480A-4C6C-862D-EFC0897BB84B} GDI+ file thumbnail extractor
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} Summary Info Thumbnail handler (DOCFILES)
{EAB841A0-9550-11cf-8C16-00805F1408F3} HTML Thumbnail Extractor
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} Shell Image Property Handler
{CC6EEFFB-43F6-46c5-9619-51D571967F7D} Web Publishing Wizard
{add36aa8-751a-4579-a266-d66f5202ccbb} Print Ordering via the Web
{6b33163c-76a5-4b6c-bf21-45de9cd503a1} Shell Publishing Wizard Object
{58f1f272-9240-4f51-b6d4-fd63d1618591} Get a Passport Wizard
{7A9D77BD-5403-11d2-8785-2E0420524153} User Accounts
{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} Compressed (zipped) Folder
{BD472F60-27FA-11cf-B8B4-444553540000} Compressed (zipped) Folder Right Drag Handler
{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} Compressed (zipped) Folder SendTo Target
{f39a0dc0-9cc8-11d0-a599-00c04fd64433} Channel File
{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} Channel Shortcut
{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} Channel Handler Object
{f3da0dc0-9cc8-11d0-a599-00c04fd64437} Channel Menu
{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} Channel Properties
{692F0339-CBAA-47e6-B5B5-3B84DB604E87} Extensions Manager Folder
{63da6ec0-2e98-11cf-8d82-444553540000} FTP Folders Webview
{883373C3-BF89-11D1-BE35-080036B11A03} Microsoft DocProp Shell Ext
{A9CF0EAE-901A-4739-A481-E35B73E47F6D} Microsoft DocProp Inplace Edit Box Control
{8EE97210-FD1F-4B19-91DA-67914005F020} Microsoft DocProp Inplace ML Edit Box Control
{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} Microsoft DocProp Inplace Droplist Combo Control
{6A205B57-2567-4A2C-B881-F787FAB579A3} Microsoft DocProp Inplace Calendar Control
{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} Microsoft DocProp Inplace Time Control
{8A23E65E-31C2-11d0-891C-00A024AB2DBB} Directory Query UI
{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} Shell properties for a DS object
{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} Directory Object Find
{F020E586-5264-11d1-A532-0000F8757D7E} Directory Start/Search Find
{0D45D530-764B-11d0-A1CA-00AA00C16E65} Directory Property UI
{62AE1F9A-126A-11D0-A14B-0800361B1103} Directory Context Menu Verbs
{ECF03A33-103D-11d2-854D-006008059367} MyDocs Copy Hook
{ECF03A32-103D-11d2-854D-006008059367} MyDocs Drop Target
{4a7ded0a-ad25-11d0-98a8-0800361b1103} MyDocs Properties
{750fdf0e-2a26-11d1-a3ea-080036587f03} Offline Files Menu
{10CFC467-4392-11d2-8DB4-00C04FA31A66} Offline Files Folder Options
{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} Offline Files Folder
{143A62C8-C33B-11D1-84FE-00C04FA34A14} Microsoft Agent Character Property Sheet Handler
{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} DfsShell
{60fd46de-f830-4894-a628-6fa81bc0190d} %DESC_PublishDropTarget%
{7A80E4A8-8005-11D2-BCF8-00C04F72C717} MMC Icon Handler
{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} .CAB file viewer
{32714800-2E5F-11d0-8B85-00AA0044F941} For &People...
{8DD448E6-C188-4aed-AF92-44956194EB1F} Windows Media Player Play as Playlist Context Menu Handler
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} Windows Media Player Burn Audio CD Context Menu Handler
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} Windows Media Player Add to Playlist Context Menu Handler
{B327765E-D724-4347-8B16-78AE18552FC3} NeroDigitalIconHandler
{7F1CF152-04F8-453A-B34C-E609530A9DC8} NeroDigitalPropSheetHandler
{A70C977A-BF00-412C-90B7-034C51DA2439} NvCpl DesktopContext Class
{1CDB2949-8F65-4355-8456-263E7C208A5D} Desktop Explorer
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} Desktop Explorer Menu
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} nView Desktop Context Menu
{640167b4-59b0-47a6-b335-a6b3c0695aea} Portable Media Devices
{cc86590a-b60a-48e6-996b-41d25ed39a1e} Portable Media Devices Menu
{BDA77241-42F6-11d0-85E2-00AA001FE28C}
Post by: guestolo on March 05, 2006, 12:15:48 AM
You cut off the bottom part of the WPFind log
Could you post everything below this point
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} Desktop Explorer Menu
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} nView Desktop Context Menu
{640167b4-59b0-47a6-b335-a6b3c0695aea} Portable Media Devices
{cc86590a-b60a-48e6-996b-41d25ed39a1e} Portable Media Devices Menu
Post by: Ghostalone on March 05, 2006, 01:40:01 AM
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} Web Folders
{42042206-2D85-11D3-8CFF-005004838597} Microsoft Office HTML Icon Handler
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} My Logitech Pictures
{1530F7EE-5128-43BD-9977-84A4B0FAD7DF} PhotoToys
{B41DB860-8EE4-11D2-9906-E49FADC173CA} WinRAR shell extension
{21569614-B795-46b1-85F4-E737A8DC09AD} Shell Search Band
{FFB699E0-306A-11d3-8BD1-00104B6F7516} Play on my TV helper
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} iTunes
Files
Parameter line : File=%sysdir%;rdriv.sys;;;;;
File C:\WINDOWS\SYSTEM32\rdriv.sys was not found!
Parameter line : File=%sysdir%;ItunesMusic.exe;;;;;
File C:\WINDOWS\SYSTEM32\ItunesMusic.exe was not found!
Parameter line : File=%sysdir%;wkssvc.exe;;;;;
File C:\WINDOWS\SYSTEM32\wkssvc.exe was not found!
Parameter line : File=%windir%;ItunesMusic.exe;;;;;
File C:\WINDOWS\ItunesMusic.exe was not found!
Parameter line : File=%windir%;wkssvc.exe;;;;;
File C:\WINDOWS\wkssvc.exe was not found!
<<<<<<<<<< Checking for AddOn SharedTaskScheduler.def information >>>>>>>>>>
>>>>>>>>>> Exporting Policies from HKLM
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler found!
{438755C2-A8BA-11D1-B96B-00A0C90312E1} Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} Component Categories cache daemon
<<<<<<<<<< Checking for AddOn WareOut.def information >>>>>>>>>>
>>>>>>>>>> PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Parameter line : file=%sysdir%;*.exe;300;55304;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 55304 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;43528;;;
File C:\WINDOWS\SYSTEM32\*.exe with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;*.exe;300;4096;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 4096 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;43528;;;
File C:\WINDOWS\SYSTEM32\*.exe with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;*.exe;300;28680;;;
File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 28680 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;11264;;;
8/3/2004 11:00:00 PM 11264 C:\WINDOWS\SYSTEM32\atmadm.exe found!
8/3/2004 11:00:00 PM 11264 C:\WINDOWS\SYSTEM32\attrib.exe found!
8/3/2004 11:00:00 PM 11264 C:\WINDOWS\SYSTEM32\autolfn.exe found!
8/3/2004 11:00:00 PM 11264 C:\WINDOWS\SYSTEM32\chkntfs.exe found!
8/3/2004 11:00:00 PM 11264 C:\WINDOWS\SYSTEM32\rasdial.exe found!
Parameter line : file=%sysdir%;*.ren;300;43528;;;
File C:\WINDOWS\SYSTEM32\*.ren for today - 300 days with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;ntfsnlpa.exe;;;;;
File C:\WINDOWS\SYSTEM32\ntfsnlpa.exe was not found!
Parameter line : file=%sysdir%;cisvvc.exe;;;;;
File C:\WINDOWS\SYSTEM32\cisvvc.exe was not found!
Parameter line : file=%sysdir%;drv2cltr.dll;;;;;
File C:\WINDOWS\SYSTEM32\drv2cltr.dll was not found!
Parameter line : file=%sysdir%;hybsys32.dll;;;;;
File C:\WINDOWS\SYSTEM32\hybsys32.dll was not found!
Parameter line : file=%sysdir%;loadctr.exe;;;;;
File C:\WINDOWS\SYSTEM32\loadctr.exe was not found!
Parameter line : file=%sysdir%;rdsndin.exe;;;;;
File C:\WINDOWS\SYSTEM32\rdsndin.exe was not found!
Parameter line : file=%sysdir%;pxpcya64.exe;;;;;
File C:\WINDOWS\SYSTEM32\pxpcya64.exe was not found!
Parameter line : file=%windir%;*.exe;300;55304;;;
File C:\WINDOWS\*.exe for today - 300 days with a size of 55304 bytes was not found!
Parameter line : file=%windir%;*.exe;300;43528;;;
File C:\WINDOWS\*.exe for today - 300 days with a size of 43528 bytes was not found!
Parameter line : file=%windir%;*.exe;300;4096;;;
File C:\WINDOWS\*.exe for today - 300 days with a size of 4096 bytes was not found!
Parameter line : file=%windir%;rdt.ini;;;;;
File C:\WINDOWS\rdt.ini was not found!
Parameter line : file=%windir%;baloon.wav;;;;;
File C:\WINDOWS\baloon.wav was not found!
Parameter line : file=%allusers%\start menu\programs\startup;*.exe;;;;;
File C:\Documents and Settings\All Users\start menu\programs\startup\*.exe was not found!
>>>>>>>>>>Registry keys to look for
Parameter line : regvalue=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;system;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\system found!
System
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\WareOut;;
HKEY_LOCAL_MACHINE\SOFTWARE\WareOut not found!
Parameter line : regkey=HKEY_CURRENT_USER\Software\WareOut;;
HKEY_CURRENT_USER\Software\WareOut not found!
Parameter line : regvalue=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer;NoBandCustomize;;
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer found!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoBandCustomize not found!
Parameter line : regvalue=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion;Disabled;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\\Disabled not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar;;
HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar not found!
Parameter line : regkey=HKEY_CURRENT_USER\Software\SearchToolbar;;
HKEY_CURRENT_USER\Software\SearchToolbar not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls;;
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls not found!
Parameter line : regvalue=HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser;{08BEC6AA-49FC-4379-3587-4B21E286C19E};;
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser found!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} not found!
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 3/4/2006 8:12:05 PM
Post by: guestolo on March 05, 2006, 11:35:00 AM
If you are, can you go to start>>Run>>type in msconfig
Under the Startup tab>>Enable all
Under the General tab>>Select Normal startup
apply and close it and then reboot the computer
Come back here and post a fresh hijackthis log please
Keep everything enabled until after you are clear
Post by: Ghostalone on March 05, 2006, 12:49:35 PM
Thanks for everything.
Post by: guestolo on March 05, 2006, 06:50:47 PM
Final Cleanup
We should clear all your restore points to ensure you don't restore any nasties that may be sitting idle
- Go to START>>RUN>>In the open field
Type in
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point
[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")[/url]
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
*Keep up to date on Windows updates
This is one of the most important steps in keeping your system secure
If not set to AutoUpdate, make a habit of regularly checking for updates at least once a month
*Make sure your Anti-Virus software is always kept up to date and actively running in the background
*Make sure your Firewall is enabled and running
A Firewall is very important
This provides a line of defense against someone who might try to access your computer without your permission
*Check for updates with your anti-spyware programs and run a scan on a regular basis
In addition, Open Spybot 1.4
Click on Immunize>>OK>>Immunize at the top green cross
Please immunize after every update
Stay safe
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />