AIM Virus w/ HJT log

[Ghostalone]

Hi,

I think I might have gotten a virus from AIM earlier. I'm not sure though, what do you think?

Logfile of HijackThis v1.99.1
Scan saved at 11:57:09 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.alienware.com/Mothership?Comp=AWC&SysCode=PC-AURORA-7500&ai=636E3D33323636393926706F3D504F2D33343535323441
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Thank you

[guestolo]

I'm not seeing anything critical in your log

But just in case, can you do the following please
Download and save to your desktop  AIMFix.exe by JayLoden

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)


After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
NOTE: Don't let Microsoft AntiSpyware interfere with the change
ALLOW any changes if prompted

Double click on Aimfix.exe to run it

Reboot the computer
Come back and post the Aimfix.log if anything bad was found please

[Ghostalone]

Hi Questolo,

Here is the AIMFix log:

AIMFix version: 1.5.33.246
SeDebug Privilege set successfully

***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***

C:\DOCUME~1\TEDTRE~1\LOCALS~1\Temp\update.exe found, attempting to remove...
C:\DOCUME~1\TEDTRE~1\LOCALS~1\Temp\update.exe quarantined
C:\Documents and Settings\Ted Trezise\Application Data\Aim\lubaume\info.htm quarantined
Profile for lubaume edited to remove possible virus code.

***RUN COMPLETED. ANY FILES REMOVED LISTED ABOVE***
----------------------------------------------------------

[guestolo]

How's everything on your end?

I'm just on my way out to work in the yard
But can you please do the following
==Download and Install
Windows Cleanup! 4.0

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

Run Aimfix one more time and then reboot your computer

Let me know if Aimfix was clean

[Ghostalone]

Hi Questolo,

Well, I have been crashing unexpectedly lately, but here's the AIMFix Log

AIMFix version: 1.5.33.246
SeDebug Privilege set successfully

***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***


***RUN COMPLETED. ANY FILES REMOVED LISTED ABOVE***
----------------------------------------------------------

Thanks for your help Questolo, I really appreciate it.

[guestolo]

Try the following for a double check

Can you do the following if you can
Download and save WinPFind.zip
UNZIP the contents to your desktop
Don't run it yet

RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter

In safe mode
Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Select "Configure Scan Options"
Under Run Addon's on the right hand side
Put a tick in all the empty boxes then click Apply

Click START SCAN
Let this finish, a log will open so you will know it's done
Close out after

Reboot back to Normal mode

Back in Windows
Post the results of the WindPFind.txt located in the WinPFind folder

[Ghostalone]

Here it is:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 2    Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX!                 8/22/2004 4:04:56 PM        69120      C:\WINDOWS\daemon.dll

Checking %System% folder...
aspack               3/18/2005 5:19:58 PM        2337488    C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack               7/22/2005 6:59:04 PM        2319568    C:\WINDOWS\SYSTEM32\d3dx9_27.dll
PEC2                 8/3/2004 11:00:00 PM        41397      C:\WINDOWS\SYSTEM32\dfrg.msc
PTech                11/4/2005 4:27:24 PM        534280     C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2           2/7/2006 9:23:40 PM         4513120    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               2/7/2006 9:23:40 PM         4513120    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               8/3/2004 11:00:00 PM        708096     C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor             8/3/2004 11:00:00 PM        657920     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              8/3/2004 11:00:00 PM        1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
                     3/4/2006 7:59:14 PM       S 2048       C:\WINDOWS\bootstat.dat
                     3/4/2006 5:29:20 PM      H  54156      C:\WINDOWS\QTFont.qfn
                     1/13/2006 12:34:32 PM     S 7898       C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat
                     1/3/2006 9:39:38 PM       S 11223      C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911927.cat
                     1/13/2006 11:28:32 AM     S 10925      C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB913446.cat
                     3/4/2006 7:59:12 PM      H  8192       C:\WINDOWS\system32\config\default.LOG
                     3/4/2006 7:59:20 PM      H  1024       C:\WINDOWS\system32\config\SAM.LOG
                     3/4/2006 7:59:14 PM      H  16384      C:\WINDOWS\system32\config\SECURITY.LOG
                     3/4/2006 7:59:22 PM      H  81920      C:\WINDOWS\system32\config\software.LOG
                     3/4/2006 7:59:16 PM      H  1126400    C:\WINDOWS\system32\config\system.LOG
                     2/16/2006 9:23:28 AM     H  1024       C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
                     1/8/2006 1:17:30 PM      HS 388        C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b7cbaade-fa20-41d6-bfec-f30f72da4c7e
                     1/8/2006 1:17:30 PM      HS 24         C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
                     3/4/2006 7:58:00 PM      H  6          C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation          8/3/2004 11:00:00 PM        68608      C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        549888     C:\WINDOWS\SYSTEM32\appwiz.cpl
Creative Technology Ltd.       5/28/2001 9:47:00 AM        32768      C:\WINDOWS\SYSTEM32\AudioHQU.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        110592     C:\WINDOWS\SYSTEM32\bthprops.cpl
Logitech Inc.                  6/30/2003 7:58:48 PM        135168     C:\WINDOWS\SYSTEM32\CamCpl.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        135168     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        80384      C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        155136     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        358400     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        129536     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        380416     C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        68608      C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc.         6/3/2005 2:52:54 AM         49265      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        618496     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        25600      C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        257024     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
                               12/10/2005 3:06:00 AM       73728      C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        32768      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        114688     C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        298496     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        94208      C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        148480     C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation          5/26/2005 12:16:30 AM       174360     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        68608      C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        549888     C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        135168     C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        80384      C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        155136     C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        358400     C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        129536     C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        68608      C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        187904     C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        618496     C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        35840      C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        25600      C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        257024     C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        32768      C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        114688     C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        155648     C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        298496     C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        28160      C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        94208      C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        148480     C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation          8/3/2004 11:00:00 PM        162304     C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
                     10/17/2005 9:17:58 AM       1816       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
                     1/27/2005 5:15:20 PM     HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
                     1/27/2005 9:09:28 AM     HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini
                     3/3/2006 4:23:32 PM         1362       C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
                     1/27/2005 5:15:20 PM     HS 84         C:\Documents and Settings\Ted Trezise\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
                     11/14/2005 11:08:46 AM      885        C:\Documents and Settings\Ted Trezise\Application Data\AdobeDLM.log
                     1/27/2005 9:09:28 AM     HS 62         C:\Documents and Settings\Ted Trezise\Application Data\desktop.ini
                     11/14/2005 11:08:46 AM      0          C:\Documents and Settings\Ted Trezise\Application Data\dm.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
   SV1    =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
       =

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
   {BDA77241-42F6-11d0-85E2-00AA001FE28C}    = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
   {BDA77241-42F6-11d0-85E2-00AA001FE28C}    = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
    =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
    = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
   MenuText    = Sun Java Console   : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
   ButtonText    = Research   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
   ButtonText    = AIM   : C:\Program Files\AIM\aim.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\system32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   NvCplDaemon   RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
   {0228e555-4f9c-4e35-a3ec-b109a192b4c2}   C:\Program Files\Google\Gmail Notifier\gnotify.exe
   NVIDIA nTune   "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
   DAEMON Tools-1033   "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
   CTHelper   CTHELPER.EXE
   CTDVDDET   C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
   ccApp   "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
   AsioReg   REGSVR32.EXE /S CTASIO.DLL
   gcasServ   "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
   nwiz   nwiz.exe /install
   NvMediaCenter   RunDLL32.exe NvMCTray.dll,NvTaskbarInit
   CoolSwitch   C:\WINDOWS\system32\taskswitch.exe
   iTunesHelper   "C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   UltraMon   "C:\Program Files\UltraMon\UltraMon.exe" /auto

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   
   hkey   HKLM
   command   
   inimapping   0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DeadAIM
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   DeadAIM
   hkey   HKLM
   command   rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   DeadAIM
   hkey   HKLM
   command   rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gcasServ
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   gcasServ
   hkey   HKLM
   command   "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   gcasServ
   hkey   HKLM
   command   "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   iTunesHelper
   hkey   HKLM
   command   "C:\Program Files\iTunes\iTunesHelper.exe"
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   iTunesHelper
   hkey   HKLM
   command   "C:\Program Files\iTunes\iTunesHelper.exe"
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   dumprep 0 -k
   hkey   HKLM
   command   %systemroot%\system32\dumprep 0 -k
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   dumprep 0 -k
   hkey   HKLM
   command   %systemroot%\system32\dumprep 0 -k
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lexmark 2200 Series
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   lxbvbmgr
   hkey   HKLM
   command   "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   lxbvbmgr
   hkey   HKLM
   command   "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoRepair
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   ISStart
   hkey   HKLM
   command   C:\Program Files\Logitech\Video\ISStart.exe
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   ISStart
   hkey   HKLM
   command   C:\Program Files\Logitech\Video\ISStart.exe
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoTray
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   LogiTray
   hkey   HKLM
   command   C:\Program Files\Logitech\Video\LogiTray.exe
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   LogiTray
   hkey   HKLM
   command   C:\Program Files\Logitech\Video\LogiTray.exe
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   NeroCheck
   hkey   HKLM
   command   C:\WINDOWS\system32\NeroCheck.exe
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   NeroCheck
   hkey   HKLM
   command   C:\WINDOWS\system32\NeroCheck.exe
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   NvCpl
   hkey   HKLM
   command   RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   NvCpl
   hkey   HKLM
   command   RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   RunDLL32
   hkey   HKLM
   command   RunDLL32.exe NvMCTray.dll,NvTaskbarInit
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   RunDLL32
   hkey   HKLM
   command   RunDLL32.exe NvMCTray.dll,NvTaskbarInit
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   nwiz
   hkey   HKLM
   command   nwiz.exe /install
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   nwiz
   hkey   HKLM
   command   nwiz.exe /install
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   qttask
   hkey   HKLM
   command   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   qttask
   hkey   HKLM
   command   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteCenter
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   RCMan
   hkey   HKCU
   command   C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   RCMan
   hkey   HKCU
   command   C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SBDrvDet
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   SBDrvDet
   hkey   HKLM
   command   C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   SBDrvDet
   hkey   HKLM
   command   C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   jusched
   hkey   HKLM
   command   C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   jusched
   hkey   HKLM
   command   C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updateMgr
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   AdobeUpdateManager
   hkey   HKCU
   command   C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   AdobeUpdateManager
   hkey   HKCU
   command   C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   UpdReg
   hkey   HKLM
   command   C:\WINDOWS\UpdReg.EXE
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   UpdReg
   hkey   HKLM
   command   C:\WINDOWS\UpdReg.EXE
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vptray
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   VPTray
   hkey   HKLM
   command   C:\PROGRA~1\SYMANT~1\VPTray.exe
   inimapping   0
   key   SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   item   VPTray
   hkey   HKLM
   command   C:\PROGRA~1\SYMANT~1\VPTray.exe
   inimapping   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
   system.ini   0
   win.ini   0
   bootini   0
   services   0
   startup   2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption   
   legalnoticetext   
   shutdownwithoutlogon   1
   undockwithoutlogon   1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder                  {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn                            {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck                          {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
   SysTray                           {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
    = C:\WINDOWS\system32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs   


<<<<<<<<<< Checking for AddOn Monitors.def information >>>>>>>>>>
Parameter line : regkey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors;;
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors found!

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\BJ Language Monitor
   Driver   cnbjmon.dll


  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Lexmark Network Port
   Driver   LEXLMPM.DLL


  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Local Port
   Driver   localspl.dll


  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Microsoft Document Imaging Writer Monitor
   Driver   mdimon.dll


  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\PJL Language Monitor
   Driver   pjlmon.dll
   EOJTimeout   60000


  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port
   Driver   tcpmon.dll


  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports
   StatusUpdateInterval   10
   StatusUpdateEnabled   1

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\USB Monitor
   Driver   usbmon.dll



<<<<<<<<<< Checking for AddOn OpenCommand.def information >>>>>>>>>>
>>>>>>>>>> Exporting Shell Open\Command entries
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\batfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\batfile\shell\open\command found!
      "%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\comfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\comfile\shell\open\command found!
      "%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\exefile\shell\open\command found!
      "%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\piffile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\piffile\shell\open\command found!
      "%1" %*

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\regfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\regfile\shell\open\command found!
      regedit.exe "%1"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\scrfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\scrfile\shell\open\command found!
      "%1" /S

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\vbsfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\vbsfile\shell\open\command found!

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\htmlfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\htmlfile\shell\open\command found!
      "C:\Program Files\Internet Explorer\iexplore.exe" -nohome

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\http\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\http\shell\open\command found!
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mp3file\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mp3file\shell\open\command found!
      "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "%L"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mpegfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\mpegfile\shell\open\command found!
      "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:9 /Open "%L"

Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\jsfile\shell\open\command;;
  HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\jsfile\shell\open\command found!


<<<<<<<<<< Checking for AddOn Policies.def information >>>>>>>>>>

<<<<<<<<<< Checking for AddOn Qoologic.def information >>>>>>>>>>
>>>>>>>>>> Search by size and name
>>>>>>>>>> Files found by this method are not necessarily bad
>>>>>>>>>> Example PNGFILT.DLL is a windows file
Parameter line : file=%sysdir%;*.exe;150;61952;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 61952 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;7680;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 7680 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;91648;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 91648 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;81920;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 81920 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;7168;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 7168 bytes was not found!
Parameter line : file=%sysdir%;*.exe;150;65536;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 150 days with a size of 65536 bytes was not found!
Parameter line : file=%sysdir%;redit.cpl;;;;;
  File C:\WINDOWS\SYSTEM32\redit.cpl was not found!
Parameter line : file=%sysdir%;conres.cpl;;;;;
  File C:\WINDOWS\SYSTEM32\conres.cpl was not found!
Parameter line : file=%sysdir%;datadx.dll;;;;;
  File C:\WINDOWS\SYSTEM32\datadx.dll was not found!
Parameter line : file=%sysdir%;*.dll;150;10240;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 10240 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;46080;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 46080 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;34816;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 34816 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;16384;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 16384 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;29184;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 29184 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;26624;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 26624 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;9728;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 9728 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;10843;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 10843 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;18432;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 18432 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;23040;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 23040 bytes was not found!
Parameter line : file=%sysdir%;*.dll;150;17920;;;
  File C:\WINDOWS\SYSTEM32\*.dll for today - 150 days with a size of 17920 bytes was not found!
Parameter line : file=%allusers%\start menu\programs\startup;*.exe;;;;;
  File C:\Documents and Settings\All Users\start menu\programs\startup\*.exe was not found!
>>>>>>>>>> Misc Checks
Parameter line : file=%sysdir%;*.dat;150;81920;;;
  File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 81920 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;61952;;;
  File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 61952 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;65536;;;
  File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 65536 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;7680;;;
  File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 7680 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;91648;;;
  File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 91648 bytes was not found!
Parameter line : file=%sysdir%;*.dat;150;7168;;;
  File C:\WINDOWS\SYSTEM32\*.dat for today - 150 days with a size of 7168 bytes was not found!
Parameter line : file=%windir%;*.dll;150;10843;;;
  File C:\WINDOWS\*.dll for today - 150 days with a size of 10843 bytes was not found!
Parameter line : file=%windir%;*.dll;150;3950;;;
  File C:\WINDOWS\*.dll for today - 150 days with a size of 3950 bytes was not found!
Parameter line : file=%windir%;*.dll;150;3943;;;
  File C:\WINDOWS\*.dll for today - 150 days with a size of 3943 bytes was not found!

<<<<<<<<<< Checking for AddOn RDriv.def information >>>>>>>>>>
Registry Entries
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center found!
   FirstRunDisabled   1
   AntiVirusDisableNotify   0
   FirewallDisableNotify   0
   UpdatesDisableNotify   0
   AntiVirusOverride   0
   FirewallOverride   0

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Updates;;
  HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Updates not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center AntiVirus;;
  HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center AntiVirus not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Firewall;;
  HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center Firewall not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\OLE;;
  HKEY_LOCAL_MACHINE\Software\Microsoft\OLE found!
   EnableDCOM   Y

  HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat

  HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat\ActivationSecurityCheckExemptionList
   {A50398B8-9075-4FBF-A7A1-456BF21937AD}   1
   {AD65A69D-3831-40D7-9629-9B0B50A93843}   1
   {0040D221-54A1-11D1-9DE0-006097042D69}   1
   {2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}   1

Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv;;
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iTunesMusic;;
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iTunesMusic not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ITUNESMUSIC;;
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ITUNESMUSIC not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_RDRIV;;
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_RDRIV not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate;;
  HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall not found!
Parameter line : RegKey=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters;;
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters found!
   autodisconnect   15
   enableforcedlogoff   1
   enablesecuritysignature   0
   requiresecuritysignature   0
   Lmannounce   0
   Size   1
   Guid   ÕW³æÛM‚CÄSyf L
   AdjustedNullSessionPipes   1
   CachedOpenLimit   0
Parameter line : RegKey=HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanworkstation\parameters;;
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanworkstation\parameters found!
   enableplaintextpassword   0
   enablesecuritysignature   1
   requiresecuritysignature   0

Parameter line : RegKey=HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions;;
  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions found!

  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
   {00022613-0000-0000-C000-000000000046}   Multimedia File Property Sheet
   {176d6597-26d3-11d1-b350-080036a75b03}   ICM Scanner Management
   {1F2E5C40-9550-11CE-99D2-00AA006E086C}   NTFS Security Page
   {3EA48300-8CF6-101B-84FB-666CCB9BCD32}   OLE Docfile Property Page
   {40dd6e20-7c17-11ce-a804-00aa003ca9f6}   Shell extensions for sharing
   {41E300E0-78B6-11ce-849B-444553540000}   PlusPack CPL Extension
   {42071712-76d4-11d1-8b24-00a0c9068ff3}   Display Adapter CPL Extension
   {42071713-76d4-11d1-8b24-00a0c9068ff3}   Display Monitor CPL Extension
   {42071714-76d4-11d1-8b24-00a0c9068ff3}   Display Panning CPL Extension
   {4E40F770-369C-11d0-8922-00A024AB2DBB}   DS Security Page
   {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}   Compatibility Page
   {56117100-C0CD-101B-81E2-00AA004AE837}   Shell Scrap DataHandler
   {59099400-57FF-11CE-BD94-0020AF85B590}   Disk Copy Extension
   {59be4990-f85c-11ce-aff7-00aa003ca9f6}   Shell extensions for Microsoft Windows Network objects
   {5DB2625A-54DF-11D0-B6C4-0800091AA605}   ICM Monitor Management
   {675F097E-4C4D-11D0-B6C1-0800091AA605}   ICM Printer Management
   {764BF0E1-F219-11ce-972D-00AA00A14F56}   Shell extensions for file compression
   {77597368-7b15-11d0-a0c2-080036af3f03}   Web Printer Shell Extension
   {7988B573-EC89-11cf-9C00-00AA00A14F56}   Disk Quota UI
   {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}   Encryption Context Menu
   {85BBD920-42A0-1069-A2E4-08002B30309D}   Briefcase
   {88895560-9AA2-1069-930E-00AA0030EBC8}   HyperTerminal Icon Ext
   {BD84B380-8CA2-1069-AB1D-08000948F534}   Fonts
   {DBCE2480-C732-101B-BE72-BA78E9AD5B27}   ICC Profile
   {F37C5810-4D3F-11d0-B4BF-00AA00BBB723}   Printers Security Page
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   Shell extensions for sharing
   {f92e8c40-3d33-11d2-b1aa-080036a75b03}   Display TroubleShoot CPL Extension
   {7444C717-39BF-11D1-8CD9-00C04FC29D45}   Crypto PKO Extension
   {7444C719-39BF-11D1-8CD9-00C04FC29D45}   Crypto Sign Extension
   {7007ACC7-3202-11D1-AAD2-00805FC1270E}   Network Connections
   {992CFFA0-F557-101A-88EC-00DD010CCC48}   Network Connections
   {E211B736-43FD-11D1-9EFB-0000F8757FCD}   Scanners & Cameras
   {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}   Scanners & Cameras
   {905667aa-acd6-11d2-8080-00805f6596d2}   Scanners & Cameras
   {3F953603-1008-4f6e-A73A-04AAC7A992F1}   Scanners & Cameras
   {83bbcbf3-b28a-4919-a5aa-73027445d672}   Scanners & Cameras
   {F0152790-D56E-4445-850E-4F3117DB740C}   Remote Sessions CPL Extension
   {60254CA5-953B-11CF-8C96-00AA00B8708C}   Shell extensions for Windows Script Host
   {2206CDB2-19C1-11D1-89E0-00C04FD7A829}   Microsoft Data Link
   {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}   Tasks Folder Icon Handler
   {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}   Tasks Folder Shell Extension
   {D6277990-4C6A-11CF-8D87-00AA0060F5BF}   Scheduled Tasks
   {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}   Set Program Access and Defaults
   {5F327514-6C5E-4d60-8F16-D07FA08A78ED}   Auto Update Property Sheet Extension
   {0DF44EAA-FF21-4412-828E-260A8728E7F1}   Taskbar and Start Menu
   {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}   Search
   {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}   Help and Support
   {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}   Help and Support
   {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}   Run...
   {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}   Internet
   {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}   E-mail
   {D20EA4E1-3957-11d2-A40B-0C5020524152}   Fonts
   {D20EA4E1-3957-11d2-A40B-0C5020524153}   Administrative Tools
   {596AB062-B4D2-4215-9F74-E9109B0A8153}   Previous Versions Property Page
   {9DB7A13C-F208-4981-8353-73CC61AE2783}   Previous Versions
   {875CB1A1-0F29-45de-A1AE-CFB4950D0B78}   Audio Media Properties Handler
   {40C3D757-D6E4-4b49-BB41-0E5BBEA28817}   Video Media Properties Handler
   {E4B29F9D-D390-480b-92FD-7DDB47101D71}   Wav Properties Handler
   {87D62D94-71B3-4b9a-9489-5FE6850DC73E}   Avi Properties Handler
   {A6FD9E45-6E44-43f9-8644-08598F5A74D9}   Midi Properties Handler
   {c5a40261-cd64-4ccf-84cb-c394da41d590}   Video Thumbnail Extractor
   {5E6AB780-7743-11CF-A12B-00AA004AE837}   Microsoft Internet Toolbar
   {22BF0C20-6DA7-11D0-B373-00A0C9034938}   Download Status
   {91EA3F8B-C99B-11d0-9815-00C04FD91972}   Augmented Shell Folder
   {6413BA2C-B461-11d1-A18A-080036B11A03}   Augmented Shell Folder 2
   {F61FFEC1-754F-11d0-80CA-00AA005B4383}   BandProxy
   {7BA4C742-9E81-11CF-99D3-00AA004AE837}   Microsoft BrowserBand
   {30D02401-6A81-11d0-8274-00C04FD5AE38}   Search Band
   {169A0691-8DF9-11d1-A1C4-00C04FD75D13}   In-pane search
   {07798131-AF23-11d1-9111-00A0C98BA67D}   Web Search
   {AF4F6510-F982-11d0-8595-00AA004CD6D8}   Registry Tree Options Utility
   {01E04581-4EEE-11d0-BFE9-00AA005B4383}   &Address
   {A08C11D2-A228-11d0-825B-00AA005B4383}   Address EditBox
   {00BB2763-6A77-11D0-A535-00C04FD7D062}   Microsoft AutoComplete
   {7376D660-C583-11d0-A3A5-00C04FD706EC}   TridentImageExtractor
   {6756A641-DE71-11d0-831B-00AA005B4383}   MRU AutoComplete List
   {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}   Custom MRU AutoCompleted List
   {7e653215-fa25-46bd-a339-34a2790f3cb7}   Accessible
   {acf35015-526e-4230-9596-becbe19f0ac9}   Track Popup Bar
   {00BB2764-6A77-11D0-A535-00C04FD7D062}   Microsoft History AutoComplete List
   {03C036F1-A186-11D0-824A-00AA005B4383}   Microsoft Shell Folder AutoComplete List
   {00BB2765-6A77-11D0-A535-00C04FD7D062}   Microsoft Multiple AutoComplete List Container
   {ECD4FC4E-521C-11D0-B792-00A0C90312E1}   Shell Band Site Menu
   {3CCF8A41-5C85-11d0-9796-00AA00B90ADF}   Shell DeskBarApp
   {ECD4FC4C-521C-11D0-B792-00A0C90312E1}   Shell DeskBar
   {ECD4FC4D-521C-11D0-B792-00A0C90312E1}   Shell Rebar BandSite
   {DD313E04-FEFF-11d1-8ECD-0000F87A470C}   User Assist
   {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   Global Folder Settings
   {EFA24E61-B078-11d0-89E4-00C04FC9E26E}   Favorites Band
   {0A89A860-D7B1-11CE-8350-444553540000}   Shell Automation Inproc Service
   {E7E4BC40-E76A-11CE-A9BB-00AA004AE837}   Shell DocObject Viewer
   {A5E46E3A-8849-11D1-9D8C-00C04FC99D61}   Microsoft Browser Architecture
   {FBF23B40-E3F0-101B-8488-00AA003E56F8}   InternetShortcut
   {3C374A40-BAE4-11CF-BF7D-00AA006946EE}   Microsoft Url History Service
   {FF393560-C2A7-11CF-BFF4-444553540000}   History
   {7BD29E00-76C1-11CF-9DD0-00A0C9034933}   Temporary Internet Files
   {7BD29E01-76C1-11CF-9DD0-00A0C9034933}   Temporary Internet Files
   {CFBFAE00-17A6-11D0-99CB-00C04FD64497}   Microsoft Url Search Hook
   {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}   IE4 Suite Splash Screen
   {67EA19A0-CCEF-11d0-8024-00C04FD75D13}   CDF Extension Copy Hook
   {131A6951-7F78-11D0-A979-00C04FD705A2}   ISFBand OC
   {9461b922-3c5a-11d2-bf8b-00c04fb93661}   Search Assistant OC
   {3DC7A020-0ACD-11CF-A9BB-00AA004AE837}   The Internet
   {871C5380-42A0-1069-A2EA-08002B30309D}   Internet Name Space
   {EFA24E64-B078-11d0-89E4-00C04FC9E26E}   Explorer Band
   {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}   Sendmail service
   {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}   Sendmail service
   {88C6C381-2E85-11D0-94DE-444553540000}   ActiveX Cache Folder
   {E6FB5E20-DE35-11CF-9C87-00AA005127ED}   WebCheck
   {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}   Subscription Mgr
   {F5175861-2688-11d0-9C5E-00AA00A45957}   Subscription Folder
   {08165EA0-E946-11CF-9C87-00AA005127ED}   WebCheckWebCrawler
   {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}   WebCheckChannelAgent
   {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}   TrayAgent
   {7D559C10-9FE9-11d0-93F7-00AA0059CE02}   Code Download Agent
   {E6CC6978-6B6E-11D0-BECA-00C04FD940BE}   ConnectionAgent
   {D8BD2030-6FC9-11D0-864F-00AA006809D9}   PostAgent
   {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}   WebCheck SyncMgr Handler
   {352EC2B7-8B9A-11D1-B8AE-006008059382}   Shell Application Manager
   {0B124F8F-91F0-11D1-B8B5-006008059382}   Installed Apps Enumerator
   {CFCCC7A0-A282-11D1-9082-006008059382}   Darwin App Publisher
   {e84fda7c-1d6a-45f6-b725-cb260c236066}   Shell Image Verbs
   {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}   Shell Image Data Factory
   {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}   Autoplay for SlideShow
   {3F30C968-480A-4C6C-862D-EFC0897BB84B}   GDI+ file thumbnail extractor
   {9DBD2C50-62AD-11d0-B806-00C04FD706EC}   Summary Info Thumbnail handler (DOCFILES)
   {EAB841A0-9550-11cf-8C16-00805F1408F3}   HTML Thumbnail Extractor
   {eb9b1153-3b57-4e68-959a-a3266bc3d7fe}   Shell Image Property Handler
   {CC6EEFFB-43F6-46c5-9619-51D571967F7D}   Web Publishing Wizard
   {add36aa8-751a-4579-a266-d66f5202ccbb}   Print Ordering via the Web
   {6b33163c-76a5-4b6c-bf21-45de9cd503a1}   Shell Publishing Wizard Object
   {58f1f272-9240-4f51-b6d4-fd63d1618591}   Get a Passport Wizard
   {7A9D77BD-5403-11d2-8785-2E0420524153}   User Accounts
   {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}   Compressed (zipped) Folder
   {BD472F60-27FA-11cf-B8B4-444553540000}   Compressed (zipped) Folder Right Drag Handler
   {888DCA60-FC0A-11CF-8F0F-00C04FD7D062}   Compressed (zipped) Folder SendTo Target
   {f39a0dc0-9cc8-11d0-a599-00c04fd64433}   Channel File
   {f3aa0dc0-9cc8-11d0-a599-00c04fd64434}   Channel Shortcut
   {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}   Channel Handler Object
   {f3da0dc0-9cc8-11d0-a599-00c04fd64437}   Channel Menu
   {f3ea0dc0-9cc8-11d0-a599-00c04fd64438}   Channel Properties
   {692F0339-CBAA-47e6-B5B5-3B84DB604E87}   Extensions Manager Folder
   {63da6ec0-2e98-11cf-8d82-444553540000}   FTP Folders Webview
   {883373C3-BF89-11D1-BE35-080036B11A03}   Microsoft DocProp Shell Ext
   {A9CF0EAE-901A-4739-A481-E35B73E47F6D}   Microsoft DocProp Inplace Edit Box Control
   {8EE97210-FD1F-4B19-91DA-67914005F020}   Microsoft DocProp Inplace ML Edit Box Control
   {0EEA25CC-4362-4A12-850B-86EE61B0D3EB}   Microsoft DocProp Inplace Droplist Combo Control
   {6A205B57-2567-4A2C-B881-F787FAB579A3}   Microsoft DocProp Inplace Calendar Control
   {28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}   Microsoft DocProp Inplace Time Control
   {8A23E65E-31C2-11d0-891C-00A024AB2DBB}   Directory Query UI
   {9E51E0D0-6E0F-11d2-9601-00C04FA31A86}   Shell properties for a DS object
   {163FDC20-2ABC-11d0-88F0-00A024AB2DBB}   Directory Object Find
   {F020E586-5264-11d1-A532-0000F8757D7E}   Directory Start/Search Find
   {0D45D530-764B-11d0-A1CA-00AA00C16E65}   Directory Property UI
   {62AE1F9A-126A-11D0-A14B-0800361B1103}   Directory Context Menu Verbs
   {ECF03A33-103D-11d2-854D-006008059367}   MyDocs Copy Hook
   {ECF03A32-103D-11d2-854D-006008059367}   MyDocs Drop Target
   {4a7ded0a-ad25-11d0-98a8-0800361b1103}   MyDocs Properties
   {750fdf0e-2a26-11d1-a3ea-080036587f03}   Offline Files Menu
   {10CFC467-4392-11d2-8DB4-00C04FA31A66}   Offline Files Folder Options
   {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}   Offline Files Folder
   {143A62C8-C33B-11D1-84FE-00C04FA34A14}   Microsoft Agent Character Property Sheet Handler
   {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}   DfsShell
   {60fd46de-f830-4894-a628-6fa81bc0190d}   %DESC_PublishDropTarget%
   {7A80E4A8-8005-11D2-BCF8-00C04F72C717}   MMC Icon Handler
   {0CD7A5C0-9F37-11CE-AE65-08002B2E1262}   .CAB file viewer
   {32714800-2E5F-11d0-8B85-00AA0044F941}   For &People...
   {8DD448E6-C188-4aed-AF92-44956194EB1F}   Windows Media Player Play as Playlist Context Menu Handler
   {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}   Windows Media Player Burn Audio CD Context Menu Handler
   {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}   Windows Media Player Add to Playlist Context Menu Handler
   {B327765E-D724-4347-8B16-78AE18552FC3}   NeroDigitalIconHandler
   {7F1CF152-04F8-453A-B34C-E609530A9DC8}   NeroDigitalPropSheetHandler
   {A70C977A-BF00-412C-90B7-034C51DA2439}   NvCpl DesktopContext Class
   {1CDB2949-8F65-4355-8456-263E7C208A5D}   Desktop Explorer
   {1E9B04FB-F9E5-4718-997B-B8DA88302A47}   Desktop Explorer Menu
   {1E9B04FB-F9E5-4718-997B-B8DA88302A48}   nView Desktop Context Menu
   {640167b4-59b0-47a6-b335-a6b3c0695aea}   Portable Media Devices
   {cc86590a-b60a-48e6-996b-41d25ed39a1e}   Portable Media Devices Menu
   {BDA77241-42F6-11d0-85E2-00AA001FE28C}

[guestolo]

Is your computer still crashing?

You cut off the bottom part of the WPFind log
Could you post everything below this point
 {1E9B04FB-F9E5-4718-997B-B8DA88302A47} Desktop Explorer Menu
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} nView Desktop Context Menu
{640167b4-59b0-47a6-b335-a6b3c0695aea} Portable Media Devices
{cc86590a-b60a-48e6-996b-41d25ed39a1e} Portable Media Devices Menu

[Ghostalone]

{BDA77241-42F6-11d0-85E2-00AA001FE28C}   LDVP Shell Extensions
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F}   Web Folders
   {42042206-2D85-11D3-8CFF-005004838597}   Microsoft Office HTML Icon Handler
   {400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}   My Logitech Pictures
      
   {1530F7EE-5128-43BD-9977-84A4B0FAD7DF}   PhotoToys
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}   WinRAR shell extension
   {21569614-B795-46b1-85F4-E737A8DC09AD}   Shell Search Band
   {FFB699E0-306A-11d3-8BD1-00104B6F7516}   Play on my TV helper
   {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}   iTunes


Files
Parameter line : File=%sysdir%;rdriv.sys;;;;;
  File C:\WINDOWS\SYSTEM32\rdriv.sys was not found!
Parameter line : File=%sysdir%;ItunesMusic.exe;;;;;
  File C:\WINDOWS\SYSTEM32\ItunesMusic.exe was not found!
Parameter line : File=%sysdir%;wkssvc.exe;;;;;
  File C:\WINDOWS\SYSTEM32\wkssvc.exe was not found!
Parameter line : File=%windir%;ItunesMusic.exe;;;;;
  File C:\WINDOWS\ItunesMusic.exe was not found!
Parameter line : File=%windir%;wkssvc.exe;;;;;
  File C:\WINDOWS\wkssvc.exe was not found!

<<<<<<<<<< Checking for AddOn SharedTaskScheduler.def information >>>>>>>>>>
>>>>>>>>>> Exporting Policies from HKLM
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler found!
   {438755C2-A8BA-11D1-B96B-00A0C90312E1}   Browseui preloader
   {8C7461EF-2B13-11d2-BE35-3078302C2030}   Component Categories cache daemon


<<<<<<<<<< Checking for AddOn WareOut.def information >>>>>>>>>>
>>>>>>>>>> PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Parameter line : file=%sysdir%;*.exe;300;55304;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 55304 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;43528;;;
  File C:\WINDOWS\SYSTEM32\*.exe with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;*.exe;300;4096;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 4096 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;43528;;;
  File C:\WINDOWS\SYSTEM32\*.exe with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;*.exe;300;28680;;;
  File C:\WINDOWS\SYSTEM32\*.exe for today - 300 days with a size of 28680 bytes was not found!
Parameter line : file=%sysdir%;*.exe;;11264;;;
                       8/3/2004 11:00:00 PM        11264      C:\WINDOWS\SYSTEM32\atmadm.exe found!
                       8/3/2004 11:00:00 PM        11264      C:\WINDOWS\SYSTEM32\attrib.exe found!
                       8/3/2004 11:00:00 PM        11264      C:\WINDOWS\SYSTEM32\autolfn.exe found!
                       8/3/2004 11:00:00 PM        11264      C:\WINDOWS\SYSTEM32\chkntfs.exe found!
                       8/3/2004 11:00:00 PM        11264      C:\WINDOWS\SYSTEM32\rasdial.exe found!
Parameter line : file=%sysdir%;*.ren;300;43528;;;
  File C:\WINDOWS\SYSTEM32\*.ren for today - 300 days with a size of 43528 bytes was not found!
Parameter line : file=%sysdir%;ntfsnlpa.exe;;;;;
  File C:\WINDOWS\SYSTEM32\ntfsnlpa.exe was not found!
Parameter line : file=%sysdir%;cisvvc.exe;;;;;
  File C:\WINDOWS\SYSTEM32\cisvvc.exe was not found!
Parameter line : file=%sysdir%;drv2cltr.dll;;;;;
  File C:\WINDOWS\SYSTEM32\drv2cltr.dll was not found!
Parameter line : file=%sysdir%;hybsys32.dll;;;;;
  File C:\WINDOWS\SYSTEM32\hybsys32.dll was not found!
Parameter line : file=%sysdir%;loadctr.exe;;;;;
  File C:\WINDOWS\SYSTEM32\loadctr.exe was not found!
Parameter line : file=%sysdir%;rdsndin.exe;;;;;
  File C:\WINDOWS\SYSTEM32\rdsndin.exe was not found!
Parameter line : file=%sysdir%;pxpcya64.exe;;;;;
  File C:\WINDOWS\SYSTEM32\pxpcya64.exe was not found!
Parameter line : file=%windir%;*.exe;300;55304;;;
  File C:\WINDOWS\*.exe for today - 300 days with a size of 55304 bytes was not found!
Parameter line : file=%windir%;*.exe;300;43528;;;
  File C:\WINDOWS\*.exe for today - 300 days with a size of 43528 bytes was not found!
Parameter line : file=%windir%;*.exe;300;4096;;;
  File C:\WINDOWS\*.exe for today - 300 days with a size of 4096 bytes was not found!
Parameter line : file=%windir%;rdt.ini;;;;;
  File C:\WINDOWS\rdt.ini was not found!
Parameter line : file=%windir%;baloon.wav;;;;;
  File C:\WINDOWS\baloon.wav was not found!
Parameter line : file=%allusers%\start menu\programs\startup;*.exe;;;;;
  File C:\Documents and Settings\All Users\start menu\programs\startup\*.exe was not found!
>>>>>>>>>>Registry keys to look for
Parameter line : regvalue=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon;system;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon found!
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\system found!
   System   
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\WareOut;;
  HKEY_LOCAL_MACHINE\SOFTWARE\WareOut not found!
Parameter line : regkey=HKEY_CURRENT_USER\Software\WareOut;;
  HKEY_CURRENT_USER\Software\WareOut not found!
Parameter line : regvalue=HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer;NoBandCustomize;;
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer found!
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoBandCustomize not found!
Parameter line : regvalue=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion;Disabled;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion found!
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\\Disabled not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar;;
  HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar not found!
Parameter line : regkey=HKEY_CURRENT_USER\Software\SearchToolbar;;
  HKEY_CURRENT_USER\Software\SearchToolbar not found!
Parameter line : regkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls;;
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls not found!
Parameter line : regvalue=HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser;{08BEC6AA-49FC-4379-3587-4B21E286C19E};;
  HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser found!
  HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} not found!

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 3/4/2006 8:12:05 PM

[guestolo]

Looks good, are you still having problems

If you are, can you go to start>>Run>>type in msconfig
Under the Startup tab>>Enable all
Under the General tab>>Select Normal startup

apply and close it and then reboot the computer

Come back here and post a fresh hijackthis log please
Keep everything enabled until after you are clear

[Ghostalone]

Everything seems to be fine now. I really appreciate your help.

Thanks for everything.

[guestolo]

*If everything is running better
Final Cleanup
We should clear all your restore points to ensure you don't restore any nasties that may be sitting idle

Go to START>>RUN>>In the open field
Type in

msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]                          
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

                 [indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install  SpywareBlaster 3.5.1 by JavaCool[/url]  

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

*Keep up to date on Windows updates
This is one of the most important steps in keeping your system secure
If not set to AutoUpdate, make a habit of regularly checking for updates at least once a month
                   
*Make sure your Anti-Virus software is always kept up to date and actively running in the background

*Make sure your Firewall is enabled and running
A Firewall is very important
This provides a line of defense against someone who might try to access your computer without your permission

*Check for updates with your anti-spyware programs and run a scan on a regular basis
In addition, Open Spybot 1.4
Click on Immunize>>OK>>Immunize at the top green cross
Please immunize after every update

Stay safe  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />