questolo,
Here are the two logs that you asked for. Sorry it took me so long to get them to you--my browser (IE) kept freezing. Actually, this is the 2nd time I'm trying to post. The first time I clicked "Add Reply" IE went blank and came back with the page cannot be found message . . . and my post was gone. Hopefully it will work this time.
Thanks a bunch!
Beck
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'
\' />
----------------------------------------------------------------------------------------------------------------------
Becky - 06-09-01 19:26:14.54
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\Becky\Desktop
((((((((((((((((((((((((((((((( Files Created from 2006-08-01 to 2006-09-01 ))))))))))))))))))))))))))))))))))
2006-08-26 22:13 4 --ah----- C:\WINDOWS\uccspecb.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-01 18:38 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-28 20:47 -------- d-------- C:\Program Files\Java
2006-08-28 20:45 -------- d-------- C:\Program Files\Common Files\Java
2006-08-28 20:45 -------- d-------- C:\Program Files\Common Files
2006-08-18 17:34 22284 --a------ C:\Documents and Settings\Becky\Application Data\Comma Separated Values (Windows).ADR
2006-08-18 17:23 38465 --a------ C:\Documents and Settings\Becky\Application Data\Comma Separated Values (DOS).ADR
2006-08-16 17:20 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-08-16 17:20 197648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-08-16 16:51 1051456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-14 23:19 -------- d-------- C:\Program Files\Yahoo! Games
2006-07-09 20:20 -------- d-------- C:\Program Files\Internet Explorer
2006-07-03 19:25 -------- d-------- C:\Program Files\DBCBT
2006-07-02 19:24 3619 --a------ C:\Documents and Settings\Becky\Application Data\AdobeDLM.log
2006-07-02 19:24 0 --a------ C:\Documents and Settings\Becky\Application Data\dm.ini
2006-07-02 19:24 -------- d-------- C:\Program Files\Adobe
2006-07-02 18:45 -------- d-------- C:\Documents and Settings\Becky\Application Data\AdobeAUM
2006-07-02 18:45 -------- d-------- C:\Documents and Settings\Becky\Application Data\Adobe
2006-07-02 18:42 -------- d-------- C:\Program Files\Yahoo!
2006-07-02 17:19 -------- d-------- C:\Program Files\Common Files\Adobe
2006-06-25 19:33 56 -r-hs---- C:\WINDOWS\system32\D7D10B508E.sys
2006-06-25 19:33 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-06-23 09:28 5512704 --------- C:\WINDOWS\system32\ieframe.dll
2006-06-23 09:28 47616 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-06-23 09:28 454144 --------- C:\WINDOWS\system32\msfeeds.dll
2006-06-23 09:28 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-06-23 09:28 223744 --a------ C:\WINDOWS\system32\webcheck.dll
2006-06-23 09:28 179200 --------- C:\WINDOWS\system32\ieui.dll
2006-06-23 09:28 155648 --a------ C:\WINDOWS\system32\msls31.dll
2006-06-23 05:41 172544 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-06-23 05:40 78848 --a------ C:\WINDOWS\system32\ieencode.dll
2006-06-23 05:40 40960 --a------ C:\WINDOWS\system32\url.dll
2006-06-23 05:39 99328 --a------ C:\WINDOWS\system32\occache.dll
2006-06-23 05:39 39424 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-06-23 05:37 14336 --a------ C:\WINDOWS\system32\corpol.dll
2006-06-23 05:34 81920 --a------ C:\WINDOWS\system32\admparse.dll
2006-06-23 05:34 50688 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-06-23 05:34 372736 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-06-23 05:34 228864 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-06-23 05:34 167936 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-06-23 05:33 54272 --a------ C:\WINDOWS\system32\iesetup.dll
2006-06-23 05:33 41984 --a------ C:\WINDOWS\system32\iernonce.dll
2006-06-23 05:33 121856 --a------ C:\WINDOWS\system32\advpack.dll
2006-06-23 05:30 11776 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-06-23 05:29 55296 --------- C:\WINDOWS\system32\icardie.dll
2006-06-23 05:29 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-06-23 05:27 251392 --------- C:\WINDOWS\system32\iertutil.dll
2006-06-23 05:26 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-06-23 04:46 377856 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-06-23 04:45 48640 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-06-23 04:41 172032 --a------ C:\WINDOWS\system32\ieakui.dll
2006-06-19 15:18 23552 --------- C:\WINDOWS\system32\idndl.dll
2006-06-19 15:18 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-06-19 15:18 20480 --------- C:\WINDOWS\system32\normaliz.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PRONoMgrWired"="C:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"Dell Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Mozilla Quick Launch"="\"C:\\Program Files\\Netscape\\Netscape\\Netscp.exe\" -turbo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20060831-110947-552
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
http://a19.g.akamai.net/7/19/7125/4056/ftp...als/Coupons.cabbackup-20060830-232750-971
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\sstqn.dll (file missing)
Completion time: Fri 09/01/2006 19:27:03.93
ComboFix.txt
-------------------------------------------------------------------------------------------------------------------------
"Silent Runners.vbs", revision 47,
http://www.silentrunners.org/Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"DellSupport" = ""C:\Program Files\Dell Support\DSAgnt.exe" /startup" ["Gteko Ltd."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Mozilla Quick Launch" = ""C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo" ["Mozilla, Netscape"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"PRONoMgrWired" = "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" ["Intel® Corporation"]
"Dell QuickSet" = "C:\Program Files\Dell\QuickSet\quickset.exe" [empty string]
"Dell Wireless Manager UI" = "C:\WINDOWS\system32\WLTRAY" ["Dell Inc"]
"DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]
"RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"dla" = "C:\WINDOWS\system32\dla\tfswctrl.exe" ["Sonic Solutions"]
"ISUSPM Startup" = ""C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup" ["InstallShield Software Corporation"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"MimBoot" = "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" ["Musicmatch, Inc."]
"pccguide.exe" = ""C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"" ["Trend Micro Incorporated."]
"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"Corel Photo Downloader" = "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" ["Corel, Inc."]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06647158-359E-4D10-A8DE-E6145DA90BE9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Trend Micro Antifraud Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll" ["Trend Micro Incorporated."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{48F45200-91E6-11CE-8A4F-0080C81A28D4}" = "TMD Shell Extension"
-> {HKLM...CLSID} = "TMD Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security 2006\Tmdshell.dll" ["Trend Micro Incorporated."]
"{771A9DA0-731A-11CE-993C-00AA004ADB6C}" = "VBPropSheet"
-> {HKLM...CLSID} = "VBPropSheet"
\InProcServer32\(Default) = "C:\Program Files\Trend Micro\Internet Security 2006\VBProp.dll" ["Trend Micro Incorporated."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * stera" [file not found], [MS], [file not found], [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Becky\My Documents\My Pictures\Maltese in custome.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS]
Startup items in "Becky" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"]
"dlbcserv" -> shortcut to: "C:\Program Files\Dell Photo Printer 720\dlbcserv.exe" [null data]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{871F91FD-3A92-4988-A842-16AB2CFF5AF1}"
-> {HKLM...CLSID} = "Trend Micro Antifraud Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll" ["Trend Micro Incorporated."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Dell Wireless WLAN Tray Service, wltrysvc, "C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe" [null data]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
NICCONFIGSVC, NICCONFIGSVC, "C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe" ["Dell Inc."]
Trend Micro Central Control Component, PcCtlCom, "C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe" ["Trend Micro Incorporated."]
Trend Micro Personal Firewall, TmPfw, "C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe" ["Trend Micro Inc."]
Trend Micro Proxy Service, tmproxy, "C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe" ["Trend Micro Inc."]
Trend Micro Real-time Service, Tmntsrv, "C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe" ["Trend Micro Incorporated."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Dell Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
ssgb6 Langmon\Driver = "ssgb6mon.dll" ["Samsung Electronics."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 43 seconds, including 18 seconds for message boxes)
