Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not Loading (Start>Run & Ctrl+Alt+Del)


  • Please log in to reply
19 replies to this topic

#1 Solihull

Solihull

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 31 May 2009 - 04:54 PM

Start > Run and Ctrl+Alt+Del seem to be disabled in that neither will load.

Any help you can supply will be much appreciated.

Windows XP Home Edition Service Pack 3 (build 2600)
AVG Anti-Virus Free Version 8.5
All required security hotfixes (using the 05/12/2009 Microsoft Security Bulletin Summary) have been installed.

Ive been asked to repost this here together with a DDS log which looks like this:

DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 22:29:33.09 on 30/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.894.109 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MWSnap\MWSnap.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\PawPrint.net\WorldTime\worldtime.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Emoze\PC-CON~1\emoze.exe
C:\PROGRA~1\Emoze\PC-CON~1\EMAgent.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.google.co.uk/nwshp?hl=en&tab=wn
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MWSnap] "c:\program files\mwsnap\MWSnap.exe"
uRun: [POP Peeper] "c:\program files\pop peeper\POPPeeper.exe" -min
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [emoze] c:\progra~1\emoze\pc-con~1\emoze.exe
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [BCWipeTM Startup] "c:\program files\jetico\bcwipe\BCWipeTM.exe" startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\worldt~1.lnk - c:\program files\pawprint.net\worldtime\worldtime.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\zdwlan~1.lnk - c:\program files\zydas technology corporation\zydas_802.11g_utility\ZDWlan.exe
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Download all links with IDM
IE: Download FLV video content with IDM
IE: Download with IDM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\64ym7d7f.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/nwshp?hl=en&tab=wn
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2008-5-24 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2008-5-24 52736]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-23 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-24 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-24 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-1 298776]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-11-14 32512]
R3 DCamUSBLTN;Kodak DVC325 Digital Video Camera;c:\windows\system32\drivers\dvc325.sys [1999-11-9 112836]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2008-6-6 34128]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2008-5-24 604160]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-12-4 126984]
S0 Tty27;Tty27;c:\windows\system32\drivers\tty27.sys --> c:\windows\system32\drivers\Tty27.sys [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-5-23 20608]
S3 ip_fw;ipfw kernel-mode driver;\??\c:\windows\system32\drivers\ip_fw.sys --> c:\windows\system32\drivers\ip_fw.sys [?]
S3 USBFVNETA;D-LINK DWL-120 WIRELESS USB ADAPTER;c:\windows\system32\drivers\vnetusba.sys [2008-5-23 67072]
S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\bcswap.sys [2007-1-25 91496]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-05-29 22:54 <DIR> --d----- c:\program files\Cobian Backup 9
2009-05-24 23:46 1,917 -------- c:\windows\imsins.BAK
2009-05-24 22:50 266,360 -------- c:\windows\system32\TweakUI.exe
2009-05-24 22:50 160,217 -------- c:\windows\system32\PowerToysLicense.rtf
2009-05-24 18:58 129,728 -------- c:\windows\system32\MSCAL.OCX
2009-05-24 18:58 68,359 -------- c:\windows\system32\MSCAL.HLP
2009-05-24 01:22 <DIR> --d----- c:\program files\Xpress Software
2009-05-23 23:22 <DIR> --d----- c:\program files\Visual DataFlex 14.0
2009-05-23 23:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Data Access Worldwide
2009-05-23 08:47 16,640 -----r-- c:\windows\system32\drivers\PalmUSBD.sys
2009-05-23 08:43 <DIR> --d----- c:\program files\Palm
2009-05-22 16:03 <DIR> --d----- c:\docume~1\owner\applic~1\EssentialPIM
2009-05-16 22:42 <DIR> --dsh--- c:\documents and settings\owner\IECompatCache
2009-05-16 22:41 <DIR> --dsh--- c:\documents and settings\owner\PrivacIE
2009-05-16 22:32 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-05-16 22:27 <DIR> --d----- c:\windows\ie8updates
2009-05-16 22:21 <DIR> -cd-h--- c:\windows\ie8
2009-05-16 22:19 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-05-16 22:13 102,400 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-07 05:36 28,672 -------- c:\windows\system32\regclass.dll
2009-05-07 05:36 <DIR> --d----- c:\program files\FirefoxPreloader
2009-05-01 10:36 <DIR> --d----- c:\docume~1\owner\applic~1\com.desktopreporting.flex.polaris.D45E9FAD25C0AD532F3E3C235E51131DC132F796.
1
2009-05-01 10:35 <DIR> --d----- c:\program files\Desktop Reporting

==================== Find3M ====================

2009-05-15 07:37 11,952 -------- c:\windows\system32\avgrsstx.dll
2009-05-15 07:37 325,896 -------- c:\windows\system32\drivers\avgldx86.sys
2009-05-15 07:36 108,552 -------- c:\windows\system32\drivers\avgtdix.sys
2009-04-06 15:32 38,496 -------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 -------- c:\windows\system32\drivers\mbam.sys
2009-04-05 10:24 499,712 -------- c:\windows\system32\msvcp71.dll
2009-03-09 05:19 410,984 -------- c:\windows\system32\deploytk.dll
2009-03-08 04:34 914,944 -------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 -------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 -------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 -------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 -------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 -------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 -------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 -------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 -------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 -------- c:\windows\system32\msls31.dll
2009-03-06 15:22 284,160 -------- c:\windows\system32\pdh.dll
2008-09-19 17:57 160 -------- c:\program files\INSTALL.LOG
2008-08-14 12:56 28,392 -------- c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2008-07-15 22:42 100,200 -------- c:\documents and settings\owner\DimdimSetup.exe
2008-02-27 12:15 1,723,432 -------- c:\docume~1\alluse~1\applic~1\Yugma-Uninstaller.exe
2008-05-25 01:54 32,768 ---sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052520080526\index.dat

============= FINISH: 22:31:11.83 ===============

BC AdBot (Login to Remove)

 


m

#2 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:06:08 AM

Posted 01 June 2009 - 10:47 AM

Hi Solihull, sorry for the confusion there. We have some rules in place that caused your thread to get moved around, but you are in the right spot now.

Lets try to take a peek at one of the registry keys on your machine. As you have IE8 loaded I might need to research things a little longer, so hang in there.
Please copy the contents of the code box below, open notepad and paste it there. On the top toolbar in notepad select file, then save as. In the box that opens type in Solipeek.bat for the file name. Right below that click the down arrow in the line for "save as" and select all files. Save this to your desktop and close notepad.
regedit /e peek.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System"
type peek.txt 
start notepad peek.txt
Locate the Solipeek icon on your desktop and double click it. Notepad will pop up with some results, copy and paste them in a reply please.


Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#3 Solihull

Solihull
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 01 June 2009 - 11:04 AM

Hi Harry - Many thanks for finding me again.

As per your instructions this is the result:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000

Not a lot of info but I hope it's what you were expecting.

Regards
David

Edited by Solihull, 01 June 2009 - 11:04 AM.


#4 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:06:08 AM

Posted 01 June 2009 - 11:29 AM

Nope, I was looking for the disable value in there.
hit the following keys instead of the ctrl-alt-del
Ctrl_Shift_Esc
and see what happens.

Look here to see if the run command was configured wrong:
Try right-clicking on Start menu>Properties>Customize>Advanced tab then scroll down and check box for Run Command.

What other problems are showing on the machine? If this was a malware related change I need to know.

Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#5 Solihull

Solihull
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 01 June 2009 - 01:31 PM

Hi again Harry,

Start menu>Properties>Customize>Advanced tab - Run Command was already checked.

Ctrl_Shift_Esc loads Task Manager

Only other problems are to do with Excel but I didn't want to comment on those here as I was not sure that they were anything to do with this but for completeness they are:

1. Unable to use Alt+Enter to insert a carriage return in a cell.
2. In visual basic editor the Tools+Additional Controls does not load anything.

I am unaware of any virus that might have caused this - I did clear some a while back but I'm not sure if it's related or not.

Sorry I can't be any more precise

Thanks for helping
Dave

#6 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:06:08 AM

Posted 01 June 2009 - 01:59 PM

Are you logged into that machine as the administrator?

Lets take a different look at things.
Download OTS by OldTimer to your desktop and launch it. In the box that opens look to the lower right in Additional scans and check the following:
Reg - Disabled MS Config Items
Reg - File Associations
Once you have checked those two items click on the Run Scan button, and then post up the results for me please.
I might not be able to look over the results until the morning, as I have to travel for work shortly.

Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#7 Solihull

Solihull
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 01 June 2009 - 04:30 PM

Hi Harry - Me again!
Here is a listing of the results of the scan - hope it helps
Regards
Dave


OTS logfile created on: 01/06/2009 21:04:10 - Run 1
OTS by OldTimer - Version 3.0.2.6   Mon Jun 1, 2009 16:04:09 Princeton	 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
894.42 Mb Total Physical Memory | 304.84 Mb Available Physical Memory | 34.08% Memory free
2.12 Gb Paging File | 1.24 Gb Available in Paging File | 58.53% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 36.36 Gb Free Space | 48.80% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 4.93 Gb Free Space | 6.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DESKTOP
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
 
[Processes - Safe List]
affinegyservice.exe -> C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -> [2008/05/26 17:14:56 | 00,143,360 | ---- | M] (Affinegy, Inc.)
avgcsrvx.exe -> C:\Program Files\AVG\AVG8\avgcsrvx.exe -> [2009/05/15 07:37:33 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcsrvx.exe -> C:\Program Files\AVG\AVG8\avgcsrvx.exe -> [2009/05/15 07:37:33 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgemc.exe -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009/05/15 07:36:51 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/05/15 07:37:04 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/05/20 06:42:00 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/05/15 07:37:18 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/05/15 07:36:43 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.)
emagent.exe -> C:\Program Files\Emoze\PC-Connector\EMAgent.exe -> [2008/11/03 12:57:34 | 00,028,160 | ---- | M] (Emoze LTD.)
emoze.exe -> C:\Program Files\Emoze\PC-Connector\emoze.exe -> [2009/02/02 16:36:36 | 01,609,728 | ---- | M] (Emoze LTD.)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/04/28 08:20:43 | 00,307,704 | ---- | M] (Mozilla Corporation)
hotsync.exe -> C:\Program Files\Palm\Hotsync.exe -> [2008/01/03 18:28:08 | 01,392,640 | R--- | M] (PalmSource, Inc)
j2gdllcmd.exe -> C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe -> [2008/08/01 00:40:52 | 00,095,744 | ---- | M] (j2 Global Communications, Inc.)
j2gtray.exe -> C:\Program Files\eFax Messenger 4.4\J2GTray.exe -> [2008/08/01 00:45:11 | 00,656,896 | ---- | M] (j2 Global Communications, Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files\Java\jre6\bin\jusched.exe -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
mdm.exe -> C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -> [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
money express.exe -> C:\Program Files\Microsoft Money\System\Money Express.exe -> [1999/08/04 00:00:00 | 00,122,940 | ---- | M] (Microsoft Corporation)
msftesql.exe -> C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -> [2007/06/22 10:22:56 | 00,095,592 | ---- | M] (Microsoft Corporation)
msoffice.exe -> C:\Program Files\Microsoft Office\Office10\msoffice.exe -> [2001/02/13 00:58:54 | 00,226,720 | ---- | M] (Microsoft Corporation)
mwsnap.exe -> C:\Program Files\MWSnap\MWSnap.exe -> [2002/07/06 16:45:42 | 00,427,008 | ---- | M] (Mirek Wojtowicz)
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2009/06/01 21:02:40 | 00,503,808 | ---- | M] (OldTimer Tools)
outlook.exe -> C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE -> [2008/04/23 15:09:50 | 00,199,688 | ---- | M] (Microsoft Corporation)
poppeeper.exe -> C:\Program Files\POP Peeper\POPPeeper.exe -> [2009/01/22 02:43:44 | 01,470,464 | ---- | M] (Mortal Universe)
rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation)
realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2009/04/05 10:24:39 | 00,198,160 | ---- | M] (RealNetworks, Inc.)
rpcapd.exe -> C:\Program Files\WinPcap\rpcapd.exe -> [2008/05/26 17:07:16 | 00,086,016 | ---- | M] (CACE Technologies)
rthdcpl.exe -> C:\WINDOWS\RTHDCPL.EXE -> [2008/07/31 15:05:30 | 16,806,912 | ---- | M] (Realtek Semiconductor Corp.)
s3trayp.exe -> C:\WINDOWS\System32\S3trayp.exe -> [2007/09/30 15:50:36 | 00,200,704 | R--- | M] (S3 Graphics Co., Ltd.)
skype.exe -> C:\Program Files\Skype\Phone\Skype.exe -> [2008/04/30 17:17:34 | 22,058,792 | R--- | M] (Skype Technologies S.A.)
skypepm.exe -> C:\Program Files\Skype\Plugin Manager\skypePM.exe -> [2008/04/30 17:17:34 | 00,076,744 | R--- | M] (Skype Technologies)
snmp.exe -> C:\WINDOWS\System32\snmp.exe -> [2008/04/14 01:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation)
sqlbrowser.exe -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation)
sqlservr.exe -> C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -> [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation)
sqlwriter.exe -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation)
teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2008/09/16 12:16:08 | 01,833,296 | ---- | M] (Safer Networking Limited)
vttimer.exe -> C:\WINDOWS\System32\VTTimer.exe -> [2008/04/16 12:51:00 | 00,081,920 | R--- | M] (S3 Graphics, Inc.)
wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation)
windowssearch.exe -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 23:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation)
winword.exe -> C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE -> [2008/10/13 12:25:02 | 12,310,864 | ---- | M] (Microsoft Corporation)
worldtime.exe -> C:\Program Files\PawPrint.net\WorldTime\worldtime.exe -> [2003/07/18 18:32:28 | 01,386,496 | ---- | M] (PawPrint.net)
zdwlan.exe -> C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -> [2006/09/01 11:13:52 | 00,487,424 | ---- | M] ()
 
[Win32 Services - Safe List]
(AffinegyService) AffinegyService [Win32_Own | Auto | Running] -> C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -> [2008/05/26 17:14:56 | 00,143,360 | ---- | M] (Affinegy, Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(avg8emc) AVG Free8 E-mail Scanner [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009/05/15 07:36:51 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/05/15 07:36:43 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/12/05 23:23:52 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(LPDSVC) TCP/IP Print Server [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\tcpsvcs.exe -> [2003/03/31 13:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -> [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(msftesql$PROPHETSQL) SQL Server FullText Search (PROPHETSQL) [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -> [2007/06/22 10:22:56 | 00,095,592 | ---- | M] (Microsoft Corporation)
(MSSQL$PROPHETSQL) SQL Server (PROPHETSQL) [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -> [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation)
(MSSQLServerADHelper) SQL Server Active Directory Helper [Win32_Own | Disabled | Stopped] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -> [2008/11/24 23:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | Auto | Running] -> C:\Program Files\WinPcap\rpcapd.exe -> [2008/05/26 17:07:16 | 00,086,016 | ---- | M] (CACE Technologies)
(SNMP) SNMP Service [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\snmp.exe -> [2008/04/14 01:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation)
(SQLBrowser) SQL Server Browser [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation)
(SQLWriter) SQL Server VSS Writer [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation)
(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(AFGSp50) AFGSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\AFGSp50.sys -> [2008/05/26 17:09:42 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2009/05/15 07:37:33 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2009/05/15 07:37:34 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2009/05/15 07:36:50 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\BANTExt.sys -> [2008/02/27 13:49:00 | 00,003,840 | ---- | M] ()
(BCSWAP) BCSWAP [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\drivers\bcswap.sys -> [2007/09/14 05:46:44 | 00,091,496 | ---- | M] (Jetico, Inc.)
(BRGSp50) BRGSp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\BRGSp50.sys -> [2005/06/08 18:44:20 | 00,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(DCamUSBLTN) Kodak DVC325 Digital Video Camera [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\dvc325.sys -> [1999/11/09 21:00:24 | 00,112,836 | ---- | M] (ViewQuest Technologies Inc.)
(dfmirage) dfmirage [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\dfmirage.sys -> [2008/06/06 21:07:20 | 00,034,128 | ---- | M] (DemoForge, LLC)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -> [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(GT680x) GrandTechICNameNT [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\gt680x.sys -> [2001/11/08 09:53:54 | 00,018,120 | R--- | M] (   )
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -> [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\RtkHDAud.sys -> [2008/08/12 16:10:50 | 04,751,360 | ---- | M] (Realtek Semiconductor Corp.)
(NPF) NetGroup Packet Filter Driver [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\npf.sys -> [2008/05/26 17:07:16 | 00,032,512 | ---- | M] (CACE Technologies)
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\PalmUSBD.sys -> [2007/12/04 17:10:30 | 00,016,640 | R--- | M] (PalmSource, Inc.)
(PCANDIS5) PCANDIS5 Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Pcandis5.sys -> [2000/10/15 17:38:54 | 00,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2003/03/31 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions)
(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -> [2008/02/25 20:54:56 | 00,105,088 | R--- | M] (Realtek Semiconductor Corporation						   )
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -> [2004/08/04 06:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(S3GIGP) S3GIGP [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\S3gIGPm.sys -> [2008/05/23 11:35:14 | 00,604,160 | R--- | M] (S3 Graphics Co., Ltd.)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(tbhsd) Tunebite High-Speed Dubbing [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\tbhsd.sys -> [2009/01/23 10:49:08 | 00,037,664 | ---- | M] (RapidSolution Software AG)
(tmcomm) tmcomm [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\tmcomm.sys -> [2008/08/27 17:00:51 | 00,102,664 | ---- | M] (Trend Micro Inc.)
(TotRec7) Total Recorder WDM audio driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\TotRec7.sys -> [2008/11/19 00:18:36 | 00,126,984 | ---- | M] (High Criteria inc.)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\usbaudio.sys -> [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(USBFVNETA) D-LINK DWL-120 WIRELESS USB ADAPTER [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\vnetusba.sys -> [2001/10/19 22:24:30 | 00,067,072 | ---- | M] (Compaq)
(usb_rndisx) USB RNDIS Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\usb8023x.sys -> [2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation)
(ViBus) ViBus [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ViBus.sys -> [2007/12/07 11:13:00 | 00,016,896 | R--- | M] (VIA Technologies, Inc.)
(videX32) videX32 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\videX32.sys -> [2007/09/21 17:49:10 | 00,009,216 | R--- | M] (VIA Technologies, Inc.)
(ViPrt) VIA SATA IDE Device Driver [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ViPrt.sys -> [2007/12/07 11:10:10 | 00,052,736 | R--- | M] (VIA Technologies, Inc.)
(vulfnths) VIA USB Host Controller Lower Filter [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\vulfnth.sys -> [2005/01/05 18:02:10 | 00,006,912 | ---- | M] (VIA Technologies, Inc.)
(vulfntrs) VIA USB Roothub Lower Filter [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\vulfntr.sys -> [2005/06/06 17:51:38 | 00,011,264 | ---- | M] (VIA Technologies, Inc.)
(wceusbsh) Windows CE USB Serial Host Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -> [2006/11/06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation)
(ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys -> [2006/08/24 13:44:14 | 00,477,696 | ---- | M] (ZyDAS Technology Corporation)
(ZDPSp50) ZDPSp50 NDIS Protocol Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\ZDPSp50.sys -> [2004/10/25 13:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_LOCAL_MACHINE\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> 
HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" [HKLM] -> C:\Program Files\Winamp Toolbar\winamptb.dll [Winamp Search Class] -> [2008/07/16 21:51:33 | 01,266,992 | ---- | M] (AOL LLC.)
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://home.microsoft.com/access/allinone.asp -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://news.google.co.uk/nwshp?hl=en&tab=wn -> 
HKEY_CURRENT_USER\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" [HKLM] -> C:\Program Files\Winamp Toolbar\winamptb.dll [Winamp Search Class] -> [2008/07/16 21:51:33 | 01,266,992 | ---- | M] (AOL LLC.)
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\64ym7d7f.default\prefs.js -> 
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://news.google.co.uk/nwshp?hl=en&tab=wn" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 ->
extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1 ->
extensions.enabledItems -> {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.1.2 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\64ym7d7f.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES\AVG\AVG8\FIREFOX [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/05/16 22:31:31 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/03/11 07:57:16 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD] -> [2009/04/05 10:25:45 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components -> C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/05/03 13:40:48 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/04/28 08:21:07 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
 -> C:\Documents and Settings\Owner\Application Data\mozilla\Extensions -> [2008/06/18 14:26:38 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/06/18 14:26:38 | 00,000,000 | ---D | M]
 -> C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\64ym7d7f.default\extensions -> [2009/05/20 08:16:11 | 00,099,281 | ---- | M] ()
 -> C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\64ym7d7f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2009/05/20 08:16:11 | 00,099,281 | ---- | M] ()
 -> C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\64ym7d7f.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} -> [2009/05/20 08:16:11 | 00,099,281 | ---- | M] ()
< FireFox SearchPlugins [User Folders] > -> 
C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\64ym7d7f.default\searchplugins\ -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\64ym7d7f.default\searchplugins -> [2008/10/02 17:21:04 | 00,000,000 | ---D | M]
winamp-search.xml -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\64ym7d7f.default\searchplugins\winamp-search.xml -> [2008/10/02 17:21:04 | 00,001,196 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions -> [2009/04/28 08:21:05 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/04/28 08:21:05 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} -> [2009/04/28 08:21:05 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -> [2009/04/28 08:21:05 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -> [2009/04/28 08:21:05 | 09,756,664 | ---- | M] (Mozilla Foundation)
 -> C:\PROGRAM FILES\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/04/28 08:21:05 | 09,756,664 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\components -> [2009/05/03 13:40:48 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/04/28 08:20:43 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/04/28 08:20:43 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins -> [2009/04/28 08:21:07 | 00,000,000 | ---D | M]
atcliun.exe -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\atcliun.exe -> [2009/04/02 13:56:26 | 00,214,344 | ---- | M] (WebEx Communications  Inc.)
atgpcdec.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\atgpcdec.dll -> [2009/04/02 13:55:43 | 00,027,976 | ---- | M] (WebEx Communications, Inc)
atgpcext.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\atgpcext.dll -> [2009/04/02 13:55:43 | 00,126,360 | ---- | M] (WebEx Communications, Inc)
atmccli.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\atmccli.dll -> [2009/04/02 13:56:20 | 00,046,408 | ---- | M] ()
atmgr.exe -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\atmgr.exe -> [2009/04/02 13:56:21 | 00,099,656 | ---- | M] ()
flashplayer.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\flashplayer.xpt -> [2008/03/24 19:19:00 | 00,000,856 | ---- | M] ()
gpc.php -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\gpc.php -> [2009/05/04 13:10:14 | 00,013,569 | ---- | M] ()
ieatgpc.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ieatgpc.dll -> [2009/04/02 13:56:32 | 00,098,712 | ---- | M] (WebEx Communications, Inc)
np32dsw.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\np32dsw.dll -> [2008/12/05 23:52:44 | 00,114,688 | ---- | M] (Adobe Systems, Inc.)
npatgpc.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npatgpc.dll -> [2009/04/02 13:55:41 | 00,060,824 | ---- | M] (WebEx Communications, Inc)
npdeploytk.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npdivx32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.dll -> [2008/05/22 23:19:36 | 01,335,600 | ---- | M] (DivX,Inc.)
npdivx32.xpt -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npdivx32.xpt -> [2008/05/22 23:19:36 | 00,001,607 | ---- | M] ()
npnul32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/04/28 08:20:52 | 00,065,528 | ---- | M] (mozilla.org)
NPOFFICE.DLL -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPOFFICE.DLL -> [2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation)
nppdf32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.)
npqtplugin.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/02/07 00:13:29 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/02/07 00:13:30 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/02/07 00:13:30 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/02/07 00:13:30 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/02/07 00:13:30 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/02/07 00:13:30 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/02/07 00:13:30 | 00,143,360 | ---- | M] (Apple Inc.)
NPSWF32.dll -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPSWF32.dll -> [2008/03/24 20:21:00 | 02,889,088 | ---- | M] ()
NPSWF32_FlashUtil.exe -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\NPSWF32_FlashUtil.exe -> [2008/03/24 20:21:00 | 00,218,496 | ---- | M] (Adobe Systems, Inc.)
QuickTimePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/02/07 00:13:29 | 00,004,208 | ---- | M] ()
ShockwavePlugin.class -> C:\PROGRAM FILES\MOZILLA FIREFOX\plugins\ShockwavePlugin.cla -> [2008/12/05 23:22:26 | 00,001,144 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > -> 
C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins -> [2009/04/01 12:53:21 | 00,000,000 | ---D | M]
amazon-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\amazon-en-GB.xml -> [2009/04/01 12:53:13 | 00,001,538 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/04/01 12:53:13 | 00,002,193 | ---- | M] ()
chambers-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\chambers-en-GB.xml -> [2009/04/01 12:53:13 | 00,000,947 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/04/01 12:53:13 | 00,001,534 | ---- | M] ()
eBay-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\eBay-en-GB.xml -> [2009/04/01 12:53:13 | 00,000,759 | ---- | M] ()
google.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/04/01 12:53:13 | 00,001,706 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/04/01 12:53:13 | 00,001,178 | ---- | M] ()
yahoo-en-GB.xml -> C:\PROGRAM FILES\MOZILLA FIREFOX\searchplugins\yahoo-en-GB.xml -> [2009/04/01 12:53:13 | 00,000,831 | ---- | M] ()
< HOSTS File > (736 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2009/02/27 13:07:32 | 00,061,816 | ---- | M] (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2009/04/05 10:25:42 | 00,312,928 | ---- | M] (RealPlayer)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/05/15 07:37:03 | 01,107,224 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/03/09 05:18:50 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2009/03/09 05:18:52 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}" [HKLM] -> C:\Program Files\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> [2008/07/16 21:51:33 | 01,266,992 | ---- | M] (AOL LLC.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/02/27 18:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" -> C:\WINDOWS\ALCMTR.EXE [ALCMTR.EXE] -> [2008/06/19 16:20:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/05/15 07:37:18 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.)
"BCWipeTM Startup" -> C:\Program Files\Jetico\BCWipe\BCWipeTM.exe ["C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup] -> [2008/09/04 07:06:46 | 00,545,520 | ---- | M] (Jetico, Inc.)
"HotSync" -> C:\Program Files\PalmSource\Desktop\HotSync.exe ["C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers] -> File not found
"RTHDCPL" -> C:\WINDOWS\RTHDCPL.EXE [RTHDCPL.EXE] -> [2008/07/31 15:05:30 | 16,806,912 | ---- | M] (Realtek Semiconductor Corp.)
"S3Trayp" -> C:\WINDOWS\System32\S3Trayp.exe [S3trayp.exe] -> [2007/09/30 15:50:36 | 00,200,704 | R--- | M] (S3 Graphics Co., Ltd.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2009/04/05 10:24:39 | 00,198,160 | ---- | M] (RealNetworks, Inc.)
"VTTimer" -> C:\WINDOWS\System32\VTTimer.exe [VTTimer.exe] -> [2008/04/16 12:51:00 | 00,081,920 | R--- | M] (S3 Graphics, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"eFax 4.4" -> C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe ["C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R] -> [2008/08/01 00:40:52 | 00,095,744 | ---- | M] (j2 Global Communications, Inc.)
"emoze" -> C:\Program Files\Emoze\PC-Connector\emoze.exe [C:\PROGRA~1\Emoze\PC-CON~1\emoze.exe] -> [2009/02/02 16:36:36 | 01,609,728 | ---- | M] (Emoze LTD.)
"H/PC Connection Agent" -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe ["C:\Program Files\Microsoft ActiveSync\wcescomm.exe"] -> [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation)
"MoneyAgent" -> C:\Program Files\Microsoft Money\System\Money Express.exe ["C:\Program Files\Microsoft Money\System\Money Express.exe"] -> [1999/08/04 00:00:00 | 00,122,940 | ---- | M] (Microsoft Corporation)
"MWSnap" -> C:\Program Files\MWSnap\MWSnap.exe ["C:\Program Files\MWSnap\MWSnap.exe"] -> [2002/07/06 16:45:42 | 00,427,008 | ---- | M] (Mirek Wojtowicz)
"Orb" -> C:\Program Files\Winamp Remote\bin\OrbTray.exe ["C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background] -> File not found
"POP Peeper" -> C:\Program Files\POP Peeper\POPPeeper.exe ["C:\Program Files\POP Peeper\POPPeeper.exe" -min] -> [2009/01/22 02:43:44 | 01,470,464 | ---- | M] (Mortal Universe)
"Skype" -> C:\Program Files\Skype\Phone\Skype.exe ["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized] -> [2008/04/30 17:17:34 | 22,058,792 | R--- | M] (Skype Technologies S.A.)
"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2008/09/16 12:16:08 | 01,833,296 | ---- | M] (Safer Networking Limited)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk -> C:\Program Files\Palm\Hotsync.exe -> [2008/01/03 18:28:08 | 01,392,640 | R--- | M] (PalmSource, Inc)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe -> [2008/05/26 23:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk -> C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe -> [2006/09/01 11:13:52 | 00,487,424 | ---- | M] ()
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\eFax 4.4.lnk -> C:\Program Files\eFax Messenger 4.4\J2GTray.exe -> [2008/08/01 00:45:11 | 00,656,896 | ---- | M] (j2 Global Communications, Inc.)
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WorldTime.lnk -> C:\Program Files\PawPrint.net\WorldTime\worldtime.exe -> [2003/07/18 18:32:28 | 01,386,496 | ---- | M] (PawPrint.net)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [149] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"NoDispBackgroundPage" ->  [0] -> File not found
\\"NoDispScrSavPage" ->  [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Winamp Search -> C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html [C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html] -> [2008/03/19 23:12:24 | 00,000,748 | ---- | M] ()
Download all links with IDM -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
Download FLV video content with IDM -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
Download with IDM -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2009/03/02 15:09:56 | 10,351,440 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> C:\Program Files\Microsoft ActiveSync\INetRepl.dll [Button: Create Mobile Favorite] -> [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> C:\Program Files\Microsoft ActiveSync\INetRepl.dll [Menu: Create Mobile Favorite...] -> [2006/11/13 13:39:34 | 00,158,504 | ---- | M] (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> C:\Program Files\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2007/12/12 23:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2008/04/30 17:17:34 | 01,372,160 | ---- | M] (Skype Technologies S.A.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB858B22-55E2-413f-87F5-30ADC5552151}:Exec [HKLM] -> C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe [Button: PDFill PDF Editor] -> [2006/02/23 20:26:38 | 00,172,032 | ---- | M] (PlotSoft LLC)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5249 domain(s) found. -> 
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5256 domain(s) found. -> 
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/05/15 07:37:35 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [] -> [2008/05/26 23:19:02 | 00,304,128 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> [2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" -> C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe [C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:LocalSubNet:Enabled:Wireless Manager] -> [2008/05/26 17:20:50 | 00,585,728 | ---- | M] (Affinegy, Inc.)
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\activePDF\PrimoPDF\PrimoPDF.exe" -> C:\Program Files\activePDF\PrimoPDF\PrimoPDF.exe [C:\Program Files\activePDF\PrimoPDF\PrimoPDF.exe:*:Enabled:PrimoPDF] -> [2008/05/06 23:53:34 | 00,869,256 | ---- | M] (activePDF)
"C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> [2009/05/15 07:36:51 | 00,908,568 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" -> C:\Program Files\AVG\AVG8\avgnsx.exe [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/05/15 07:37:04 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/05/15 07:35:36 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Azureus\Azureus.exe" -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> [2008/10/29 16:35:34 | 00,199,616 | ---- | M] (Vuze Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Internet Download Manager\IDMan.exe" -> C:\Program Files\Internet Download Manager\IDMan.exe [C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:Internet Download Manager (IDM)] -> File not found
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/01/06 14:06:28 | 14,294,824 | ---- | M] (Apple Inc.)
"C:\Program Files\Java\jre6\launch4j-tmp\aTunes.exe" -> C:\Program Files\Java\jre6\launch4j-tmp\aTunes.exe [C:\Program Files\Java\jre6\launch4j-tmp\aTunes.exe:*:Enabled:Java(TM) Platform SE binary] -> [2009/03/09 05:19:13 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> [2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2009/04/28 08:20:43 | 00,307,704 | ---- | M] (Mozilla Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008/04/30 17:17:34 | 22,058,792 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\SopCast\adv\SopAdver.exe" -> C:\Program Files\SopCast\adv\SopAdver.exe [C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver] -> [2007/03/07 11:27:12 | 00,567,384 | ---- | M] (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" -> C:\Program Files\SopCast\SopCast.exe [C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application] -> [2008/04/30 09:32:48 | 01,892,352 | ---- | M] (www.sopcast.com)
"C:\Program Files\Spotify\spotify.exe" -> C:\Program Files\Spotify\spotify.exe [C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify] -> [2009/04/28 12:32:49 | 02,606,416 | ---- | M] (Spotify AB)
"C:\Program Files\TVAnts\Tvants.exe" -> C:\Program Files\TVAnts\Tvants.exe [C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts] -> File not found
"C:\Program Files\TVUPlayer\TVUPlayer.exe" -> C:\Program Files\TVUPlayer\TVUPlayer.exe [C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component] -> File not found
"C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" -> C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe [C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:LocalSubNet:Enabled:Wireless Manager] -> [2008/05/26 17:20:50 | 00,585,728 | ---- | M] (Affinegy, Inc.)
"C:\Program Files\Winamp Remote\bin\Orb.exe" -> C:\Program Files\Winamp Remote\bin\Orb.exe [C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb] -> File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" -> C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe [C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client] -> File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" -> C:\Program Files\Winamp Remote\bin\OrbTray.exe [C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray] -> File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2008/05/23 12:53:55 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Firefox Preloader.lnk -> C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe -> [2005/02/09 22:56:12 | 00,098,304 | ---- | M] (6XGate Incorporated)
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Syrius Updater.lnk -> C:\WINDOWS\Installer\{964A0E79-160F-4F5F-97D0-9C03CFA434FA}\Icon964A0E791.exe -> [2009/02/26 17:56:50 | 00,034,304 | R--- | M] ()
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express Calendar Checker For My Custom Edition.lnk -> C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe -> [2000/11/27 21:14:44 | 00,057,344 | ---- | M] (Ulead Systems, Inc.)
C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2008/09/12 17:49:52 | 00,384,000 | ---- | M] ()
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
BroadCamRun hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\NCH Software\BroadCam\broadCam.exe -> File not found
Eraser hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Eraser\Eraser.exe -> [2007/12/23 00:03:28 | 00,916,240 | ---- | M] (The Eraser Project)
IDMan hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Internet Download Manager\IDMan.exe -> File not found
iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/01/06 14:06:36 | 00,290,088 | ---- | M] (Apple Inc.)
Orb hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Winamp Remote\bin\OrbTray.exe -> File not found
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
Registry Cleaner Scheduler hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe -> [2008/12/05 10:07:59 | 00,913,664 | ---- | M] (CleanMyPC Software)
WinampAgent hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Winamp\winampa.exe -> [2008/08/04 00:02:20 | 00,036,352 | ---- | M] ()
Wireless Manager hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe -> [2008/05/26 17:20:50 | 00,585,728 | ---- | M] (Affinegy, Inc.)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.bat [@ = batfile] -> "%1" %* -> 
.cmd [@ = cmdfile] -> "%1" %* -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
.html [@ = htmlfile] -> C:\Program Files\Internet Explorer\IEXPLORE.EXE -> [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* -> 
.scr [@ = scrfile] -> "%1" /S -> 
 
[Files/Folders - Created Within 30 Days]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2009/06/01 21:02:37 | 00,503,808 | ---- | C] (OldTimer Tools)
Solipeek.bat -> C:\Documents and Settings\Owner\Desktop\Solipeek.bat -> [2009/06/01 17:01:22 | 00,000,136 | ---- | C] ()
dds.scr -> C:\Documents and Settings\Owner\Desktop\dds.scr -> [2009/05/30 22:23:13 | 00,359,883 | ---- | C] ()
Cobian Backup 9 -> C:\Program Files\Cobian Backup 9 -> [2009/05/29 22:54:35 | 00,000,000 | ---D | C]
cbSetup.exe -> C:\Documents and Settings\Owner\Desktop\cbSetup.exe -> [2009/05/29 22:53:18 | 10,314,752 | ---- | C] (Luis Cobian)
MovinCool.pdf -> C:\Documents and Settings\Owner\Desktop\MovinCool.pdf -> [2009/05/29 11:24:02 | 00,367,453 | ---- | C] ()
Recent -> C:\Documents and Settings\Owner\Recent -> [2009/05/27 06:17:04 | 00,000,000 | RH-D | C]
wfospf.mib -> C:\WINDOWS\System32\wfospf.mib -> [2009/05/25 09:55:53 | 00,049,275 | ---- | C] ()
nipx.mib -> C:\WINDOWS\System32\nipx.mib -> [2009/05/25 09:55:53 | 00,038,608 | ---- | C] ()
msiprip2.mib -> C:\WINDOWS\System32\msiprip2.mib -> [2009/05/25 09:55:53 | 00,034,317 | ---- | C] ()
wins.mib -> C:\WINDOWS\System32\wins.mib -> [2009/05/25 09:55:53 | 00,026,236 | ---- | C] ()
smierrsm.dll -> C:\WINDOWS\System32\dllcache\smierrsm.dll -> [2009/05/25 09:55:53 | 00,015,872 | ---- | C] (Microsoft Corporation)
msipbtp.mib -> C:\WINDOWS\System32\msipbtp.mib -> [2009/05/25 09:55:53 | 00,013,767 | ---- | C] ()
snmpstup.dll -> C:\WINDOWS\System32\dllcache\snmpstup.dll -> [2009/05/25 09:55:53 | 00,010,240 | ---- | C] (Microsoft Corporation)
smimsgif.dll -> C:\WINDOWS\System32\dllcache\smimsgif.dll -> [2009/05/25 09:55:53 | 00,005,632 | ---- | C] (Microsoft Corporation)
smierrsy.dll -> C:\WINDOWS\System32\dllcache\smierrsy.dll -> [2009/05/25 09:55:53 | 00,005,632 | ---- | C] (Microsoft Corporation)
smi.mib -> C:\WINDOWS\System32\smi.mib -> [2009/05/25 09:55:53 | 00,004,332 | ---- | C] ()
msft.mib -> C:\WINDOWS\System32\msft.mib -> [2009/05/25 09:55:53 | 00,000,581 | ---- | C] ()
mib_ii.mib -> C:\WINDOWS\System32\mib_ii.mib -> [2009/05/25 09:55:52 | 00,107,882 | ---- | C] ()
hostmib.mib -> C:\WINDOWS\System32\hostmib.mib -> [2009/05/25 09:55:52 | 00,048,593 | ---- | C] ()
mcastmib.mib -> C:\WINDOWS\System32\mcastmib.mib -> [2009/05/25 09:55:52 | 00,030,448 | ---- | C] ()
lmmib2.mib -> C:\WINDOWS\System32\lmmib2.mib -> [2009/05/25 09:55:52 | 00,026,100 | ---- | C] ()
mipx.mib -> C:\WINDOWS\System32\mipx.mib -> [2009/05/25 09:55:52 | 00,021,386 | ---- | C] ()
authserv.mib -> C:\WINDOWS\System32\authserv.mib -> [2009/05/25 09:55:52 | 00,016,617 | ---- | C] ()
ipforwd.mib -> C:\WINDOWS\System32\ipforwd.mib -> [2009/05/25 09:55:52 | 00,015,799 | ---- | C] ()
accserv.mib -> C:\WINDOWS\System32\accserv.mib -> [2009/05/25 09:55:52 | 00,015,597 | ---- | C] ()
mripsap.mib -> C:\WINDOWS\System32\mripsap.mib -> [2009/05/25 09:55:52 | 00,010,313 | ---- | C] ()
dhcp.mib -> C:\WINDOWS\System32\dhcp.mib -> [2009/05/25 09:55:52 | 00,004,597 | ---- | C] ()
Sales contact management database.mdb -> C:\Documents and Settings\Owner\My Documents\Sales contact management database.mdb -> [2009/05/25 01:03:04 | 01,560,576 | ---- | C] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/05/24 23:46:43 | 00,001,917 | ---- | C] ()
Shortcut to cmd.lnk -> C:\Documents and Settings\Owner\Desktop\Shortcut to cmd.lnk -> [2009/05/24 22:56:36 | 00,000,559 | ---- | C] ()
TweakUI.exe -> C:\WINDOWS\System32\TweakUI.exe -> [2009/05/24 22:50:38 | 00,266,360 | ---- | C] (Microsoft Corporation)
PowerToysLicense.rtf -> C:\WINDOWS\System32\PowerToysLicense.rtf -> [2009/05/24 22:50:38 | 00,160,217 | ---- | C] ()
TweakUiPowertoySetup.exe -> C:\Documents and Settings\Owner\Desktop\TweakUiPowertoySetup.exe -> [2009/05/24 22:50:09 | 00,150,192 | ---- | C] ()
Book1.xls -> C:\Documents and Settings\Owner\My Documents\Book1.xls -> [2009/05/24 19:04:54 | 00,025,088 | ---- | C] ()
MSCAL.OCX -> C:\WINDOWS\System32\MSCAL.OCX -> [2009/05/24 18:58:36 | 00,129,728 | ---- | C] (Microsoft Corporation)
MSCAL.HLP -> C:\WINDOWS\System32\MSCAL.HLP -> [2009/05/24 18:58:36 | 00,068,359 | ---- | C] ()
mscal_office2003(2).zip -> C:\Documents and Settings\Owner\Desktop\mscal_office2003(2).zip -> [2009/05/24 18:57:49 | 00,093,233 | ---- | C] ()
mscal_office2003.zip -> C:\Documents and Settings\Owner\Desktop\mscal_office2003.zip -> [2009/05/24 18:57:09 | 00,093,233 | ---- | C] ()
browsercrm-5.100.01.tar.gz -> C:\Documents and Settings\Owner\Desktop\browsercrm-5.100.01.tar.gz -> [2009/05/24 02:00:38 | 02,568,639 | ---- | C] ()
browsercrm-5.100.01.zip -> C:\Documents and Settings\Owner\Desktop\browsercrm-5.100.01.zip -> [2009/05/24 01:53:28 | 03,296,165 | ---- | C] ()
browsercrm_datasheet.pdf -> C:\Documents and Settings\Owner\Desktop\browsercrm_datasheet.pdf -> [2009/05/24 01:45:58 | 00,042,031 | ---- | C] ()
browsercrm_technology_platform.pdf -> C:\Documents and Settings\Owner\Desktop\browsercrm_technology_platform.pdf -> [2009/05/24 01:45:44 | 00,049,390 | ---- | C] ()
Xpress Software -> C:\Program Files\Xpress Software -> [2009/05/24 01:22:28 | 00,000,000 | ---D | C]
Visual DataFlex 14.0 -> C:\Program Files\Visual DataFlex 14.0 -> [2009/05/23 23:22:07 | 00,000,000 | ---D | C]
Data Access Worldwide -> C:\Documents and Settings\All Users\Application Data\Data Access Worldwide -> [2009/05/23 23:22:07 | 00,000,000 | ---D | C]
PalmUSBD.sys -> C:\WINDOWS\System32\drivers\PalmUSBD.sys -> [2009/05/23 08:47:25 | 00,016,640 | R--- | C] (PalmSource, Inc.)
HotSync Manager.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk -> [2009/05/23 08:45:57 | 00,001,513 | ---- | C] ()
Palm Desktop.lnk -> C:\Documents and Settings\All Users\Desktop\Palm Desktop.lnk -> [2009/05/23 08:44:58 | 00,001,478 | ---- | C] ()
Palm -> C:\Program Files\Palm -> [2009/05/23 08:43:11 | 00,000,000 | ---D | C]
HotSync -> C:\Documents and Settings\Owner\Application Data\HotSync -> [2009/05/23 08:42:04 | 00,000,000 | ---D | C]
HotSync -> C:\Documents and Settings\All Users\Application Data\HotSync -> [2009/05/23 08:42:04 | 00,000,000 | ---D | C]
Palm OS Desktop -> C:\Documents and Settings\Owner\My Documents\Palm OS Desktop -> [2009/05/23 08:41:57 | 00,000,000 | ---D | C]
Config.Msi -> C:\Config.Msi -> [2009/05/23 08:22:25 | 00,000,000 | -HSD | C]
My Albums -> C:\Documents and Settings\Owner\My Documents\My Albums -> [2009/05/23 07:48:18 | 00,000,000 | ---D | C]
Arcsoft -> C:\Documents and Settings\Owner\Application Data\Arcsoft -> [2009/05/23 07:48:18 | 00,000,000 | ---D | C]
Contacts -> C:\Documents and Settings\Owner\My Documents\Contacts -> [2009/05/22 22:21:42 | 00,000,000 | ---D | C]
EssentialPIM -> C:\Documents and Settings\Owner\Application Data\EssentialPIM -> [2009/05/22 16:03:41 | 00,000,000 | ---D | C]
Enterprise.pdf -> C:\Documents and Settings\Owner\Desktop\Enterprise.pdf -> [2009/05/20 08:09:37 | 00,194,060 | ---- | C] ()
ContactScienceSiteDemo.swf -> C:\Documents and Settings\Owner\Desktop\ContactScienceSiteDemo.swf -> [2009/05/19 15:05:58 | 03,384,622 | ---- | C] ()
Pprostate cancer test.doc -> C:\Documents and Settings\Owner\Desktop\Pprostate cancer test.doc -> [2009/05/19 11:06:59 | 00,026,112 | ---- | C] ()
(2) Harry Potter And The Chamber of Secrets - J.K. Rowling.m4b -> C:\Documents and Settings\Owner\Desktop\(2) Harry Potter And The Chamber of Secrets - J.K. Rowling.m4b -> [2009/05/18 15:25:06 | 26,721,2760 | ---- | C] ()
cc_20090517_102647.reg -> C:\Documents and Settings\Owner\My Documents\cc_20090517_102647.reg -> [2009/05/17 10:26:50 | 00,001,236 | ---- | C] ()
Credit Reports -> C:\Documents and Settings\Owner\Desktop\Credit Reports -> [2009/05/17 00:50:01 | 00,000,000 | ---D | C]
IECompatCache -> C:\Documents and Settings\Owner\IECompatCache -> [2009/05/16 22:42:05 | 00,000,000 | -HSD | C]
PrivacIE -> C:\Documents and Settings\Owner\PrivacIE -> [2009/05/16 22:41:01 | 00,000,000 | -HSD | C]
IETldCache -> C:\Documents and Settings\Owner\IETldCache -> [2009/05/16 22:32:53 | 00,000,000 | -HSD | C]
ie8updates -> C:\WINDOWS\ie8updates -> [2009/05/16 22:27:39 | 00,000,000 | ---D | C]
ie8 -> C:\WINDOWS\ie8 -> [2009/05/16 22:21:03 | 00,000,000 | -H-D | C]
msdownld.tmp -> C:\WINDOWS\msdownld.tmp -> [2009/05/16 22:19:30 | 00,000,000 | -H-D | C]
iecompat.dll -> C:\WINDOWS\System32\dllcache\iecompat.dll -> [2009/05/16 22:13:19 | 00,102,400 | ---- | C] (Microsoft Corporation)
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2009/05/16 14:00:20 | 00,001,729 | ---- | C] ()
Poulan 1420.pdf -> C:\Documents and Settings\Owner\Desktop\Poulan 1420.pdf -> [2009/05/16 09:40:23 | 00,102,215 | ---- | C] ()
access.ctl -> C:\Documents and Settings\Owner\Local Settings\Application Data\access.ctl -> [2009/05/14 21:20:23 | 00,006,144 | -HS- | C] ()
Courses -> C:\Documents and Settings\Owner\Desktop\Courses -> [2009/05/14 11:08:52 | 00,000,000 | ---D | C]
Jag Costs.xls -> C:\Documents and Settings\Owner\Desktop\Jag Costs.xls -> [2009/05/13 14:36:39 | 00,014,848 | ---- | C] ()
Calendar.xls -> C:\Documents and Settings\Owner\Desktop\Calendar.xls -> [2009/05/10 19:39:30 | 00,026,112 | ---- | C] ()
standardAppdec08.pdf -> C:\Documents and Settings\Owner\Desktop\standardAppdec08.pdf -> [2009/05/09 22:47:28 | 00,178,014 | ---- | C] ()
£2 CReport.pdf -> C:\Documents and Settings\Owner\Desktop\£2 CReport.pdf -> [2009/05/09 22:45:59 | 00,072,587 | ---- | C] ()
spamfighter_web.exe -> C:\Documents and Settings\Owner\Desktop\spamfighter_web.exe -> [2009/05/09 16:25:00 | 01,699,576 | ---- | C] (SPAMfighter ApS)
Reducing Absence -> C:\Documents and Settings\Owner\Desktop\Reducing Absence -> [2009/05/08 11:42:45 | 00,000,000 | ---D | C]
Invitation Letter - Mayur Jinr_UK_7 May 2009.pdf -> C:\Documents and Settings\Owner\Desktop\Invitation Letter - Mayur Jinr_UK_7 May 2009.pdf -> [2009/05/07 05:59:13 | 00,162,472 | ---- | C] ()
DMMSignature.JPG -> C:\Documents and Settings\Owner\Desktop\DMMSignature.JPG -> [2009/05/07 05:52:16 | 00,022,218 | ---- | C] ()
regclass.dll -> C:\WINDOWS\System32\regclass.dll -> [2009/05/07 05:36:22 | 00,028,672 | ---- | C] (6XGate Systems, Inc.)
FirefoxPreloader -> C:\Program Files\FirefoxPreloader -> [2009/05/07 05:36:16 | 00,000,000 | ---D | C]
STN2SNN.jpg -> C:\Documents and Settings\Owner\Desktop\STN2SNN.jpg -> [2009/05/07 04:17:40 | 00,069,498 | ---- | C] ()
TeamViewer 4.lnk -> C:\Documents and Settings\All Users\Desktop\TeamViewer 4.lnk -> [2009/05/04 08:23:51 | 00,000,879 | ---- | C] ()
Zycus Graphics -> C:\Documents and Settings\Owner\Desktop\Zycus Graphics -> [2009/05/03 12:16:58 | 00,000,000 | ---D | C]
ABF1.ppt -> C:\Documents and Settings\Owner\Desktop\ABF1.ppt -> [2009/05/03 11:16:04 | 02,249,728 | ---- | C] ()
kd330lan.ini -> C:\WINDOWS\kd330lan.ini -> [2009/04/04 00:25:01 | 00,001,603 | ---- | C] ()
Dvc325.ini -> C:\WINDOWS\Dvc325.ini -> [2009/04/04 00:25:01 | 00,001,403 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/01/06 14:28:57 | 00,795,648 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2009/01/06 14:28:57 | 00,130,048 | ---- | C] ()
qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2009/01/06 14:28:56 | 03,596,288 | ---- | C] ()
ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2009/01/06 14:28:55 | 00,000,547 | ---- | C] ()
rmc_rtspdl.dll -> C:\WINDOWS\System32\rmc_rtspdl.dll -> [2008/12/04 15:51:37 | 00,237,568 | ---- | C] ()
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2008/11/21 11:28:32 | 00,001,490 | ---- | C] ()
pthreadVC.dll -> C:\WINDOWS\System32\pthreadVC.dll -> [2008/11/14 16:30:52 | 00,053,299 | ---- | C] ()
ltmm15.dll -> C:\WINDOWS\System32\ltmm15.dll -> [2008/09/25 23:31:07 | 01,914,216 | ---- | C] ()
unrar.dll -> C:\WINDOWS\System32\unrar.dll -> [2008/09/25 23:31:07 | 00,168,448 | ---- | C] ()
LMOggSpl.dll -> C:\WINDOWS\System32\LMOggSpl.dll -> [2008/09/25 23:31:02 | 00,247,144 | ---- | C] ()
vusetup.dll -> C:\WINDOWS\System32\vusetup.dll -> [2008/09/03 23:02:45 | 00,045,056 | ---- | C] ()
custmon2k.dll -> C:\WINDOWS\System32\custmon2k.dll -> [2008/08/04 23:17:03 | 00,090,112 | ---- | C] ()
ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2008/06/18 15:59:56 | 00,007,680 | ---- | C] ()
gt680x.sys -> C:\WINDOWS\System32\drivers\gt680x.sys -> [2008/06/11 10:55:48 | 00,018,120 | R--- | C] (   )
ulead32.ini -> C:\WINDOWS\ulead32.ini -> [2008/06/11 10:48:53 | 00,000,347 | ---- | C] ()
MAXLINK.INI -> C:\WINDOWS\MAXLINK.INI -> [2008/06/11 10:41:01 | 00,000,492 | ---- | C] ()
QuickInstall.INI -> C:\WINDOWS\QuickInstall.INI -> [2008/06/04 09:56:11 | 00,000,000 | ---- | C] ()
CNCMP51.INI -> C:\WINDOWS\System32\CNCMP51.INI -> [2008/05/27 00:26:10 | 00,000,599 | ---- | C] ()
CNMVSyd.DLL -> C:\WINDOWS\System32\CNMVSyd.DLL -> [2008/05/27 00:25:57 | 00,006,656 | ---- | C] ()
Primomonnt.dll -> C:\WINDOWS\System32\Primomonnt.dll -> [2008/05/25 23:45:28 | 00,176,235 | ---- | C] ()
BANTExt.sys -> C:\WINDOWS\System32\drivers\BANTExt.sys -> [2008/05/25 01:08:21 | 00,003,840 | ---- | C] ()
CNMVS78.DLL -> C:\WINDOWS\System32\CNMVS78.DLL -> [2008/05/24 00:27:05 | 00,008,704 | ---- | C] ()
InsDrvZD.dll -> C:\WINDOWS\System32\InsDrvZD.dll -> [2008/05/23 16:41:35 | 00,028,672 | ---- | C] ()
InsDrvZD64.DLL -> C:\WINDOWS\System32\InsDrvZD64.DLL -> [2008/05/23 16:41:35 | 00,015,872 | ---- | C] ()
vnetusb.sys -> C:\WINDOWS\System32\drivers\vnetusb.sys -> [2008/05/23 14:20:57 | 00,050,834 | R--- | C] ( )
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2008/05/23 13:07:34 | 00,000,376 | ---- | C] ()
primopdf.ini -> C:\WINDOWS\primopdf.ini -> [2008/04/28 17:13:33 | 00,000,310 | ---- | C] ()
OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2008/02/04 18:23:10 | 00,693,792 | ---- | C] ()
idxcntrs.ini -> C:\WINDOWS\System32\idxcntrs.ini -> [2007/09/27 11:51:02 | 00,020,698 | ---- | C] ()
gsrvctr.ini -> C:\WINDOWS\System32\gsrvctr.ini -> [2007/09/27 11:48:48 | 00,030,628 | ---- | C] ()
gthrctr.ini -> C:\WINDOWS\System32\gthrctr.ini -> [2007/09/27 11:48:28 | 00,031,698 | ---- | C] ()
MouseHook.dll -> C:\WINDOWS\System32\MouseHook.dll -> [2007/04/04 20:42:00 | 00,361,472 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2003/03/31 13:00:00 | 00,000,655 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2003/03/31 13:00:00 | 00,000,227 | ---- | C] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 00,002,695 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
24 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> 
OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2009/06/01 21:02:40 | 00,503,808 | ---- | M] (OldTimer Tools)
UK Money.mny -> C:\Documents and Settings\Owner\My Documents\UK Money.mny -> [2009/06/01 20:14:18 | 06,492,160 | ---- | M] ()
UK Money Backup.mbf -> C:\Documents and Settings\Owner\My Documents\UK Money Backup.mbf -> [2009/06/01 19:38:30 | 06,494,126 | R--- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Owner\NTUSER.DAT -> [2009/06/01 19:15:06 | 10,747,904 | ---- | M] ()
Solipeek.bat -> C:\Documents and Settings\Owner\Desktop\Solipeek.bat -> [2009/06/01 17:01:23 | 00,000,136 | ---- | M] ()
Perflib_Perfdata_e30.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_e30.dat -> [2009/06/01 04:16:42 | 00,016,384 | ---- | M] ()
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2009/06/01 02:42:19 | 36,665,796 | ---- | M] ()
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2009/06/01 02:42:19 | 00,063,617 | ---- | M] ()
Perflib_Perfdata_738.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_738.dat -> [2009/05/31 23:53:00 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_d0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_d0.dat -> [2009/05/31 23:52:46 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_658.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_658.dat -> [2009/05/31 23:52:28 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5d4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5d4.dat -> [2009/05/31 23:52:27 | 00,016,384 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/05/31 23:52:25 | 00,000,006 | -H-- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/05/31 23:52:18 | 00,013,646 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/05/31 23:52:14 | 00,002,048 | --S- | M] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/05/31 23:52:11 | 00,231,984 | ---- | M] ()
ntuser.ini -> C:\Documents and Settings\Owner\ntuser.ini -> [2009/05/31 23:49:46 | 00,000,278 | -HS- | M] ()
dds.scr -> C:\Documents and Settings\Owner\Desktop\dds.scr -> [2009/05/30 22:23:16 | 00,359,883 | ---- | M] ()
cbSetup.exe -> C:\Documents and Settings\Owner\Desktop\cbSetup.exe -> [2009/05/29 22:54:03 | 10,314,752 | ---- | M] (Luis Cobian)
MovinCool.pdf -> C:\Documents and Settings\Owner\Desktop\MovinCool.pdf -> [2009/05/29 11:24:02 | 00,367,453 | ---- | M] ()
PrimoPDFSet.xml -> C:\Documents and Settings\Owner\Application Data\PrimoPDFSet.xml -> [2009/05/28 13:25:23 | 00,006,533 | ---- | M] ()
APUSet.xml -> C:\Documents and Settings\Owner\Application Data\APUSet.xml -> [2009/05/28 13:17:38 | 00,000,310 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/05/25 11:03:24 | 00,053,480 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/05/25 11:02:36 | 00,615,912 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/05/25 11:02:36 | 00,509,872 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/05/25 11:02:36 | 00,097,300 | ---- | M] ()
Perflib_Perfdata_814.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_814.dat -> [2009/05/25 09:56:22 | 00,016,384 | ---- | M] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2009/05/25 09:27:25 | 00,000,376 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/05/25 09:25:49 | 00,000,655 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/05/25 09:11:30 | 00,001,917 | ---- | M] ()
Sales contact management database.mdb -> C:\Documents and Settings\Owner\My Documents\Sales contact management database.mdb -> [2009/05/25 08:33:14 | 01,560,576 | ---- | M] ()
Shortcut to cmd.lnk -> C:\Documents and Settings\Owner\Desktop\Shortcut to cmd.lnk -> [2009/05/24 22:56:36 | 00,000,559 | ---- | M] ()
TweakUiPowertoySetup.exe -> C:\Documents and Settings\Owner\Desktop\TweakUiPowertoySetup.exe -> [2009/05/24 22:50:10 | 00,150,192 | ---- | M] ()
Book1.xls -> C:\Documents and Settings\Owner\My Documents\Book1.xls -> [2009/05/24 19:04:54 | 00,025,088 | ---- | M] ()
mscal_office2003(2).zip -> C:\Documents and Settings\Owner\Desktop\mscal_office2003(2).zip -> [2009/05/24 18:57:49 | 00,093,233 | ---- | M] ()
mscal_office2003.zip -> C:\Documents and Settings\Owner\Desktop\mscal_office2003.zip -> [2009/05/24 18:57:12 | 00,093,233 | ---- | M] ()
browsercrm-5.100.01.tar.gz -> C:\Documents and Settings\Owner\Desktop\browsercrm-5.100.01.tar.gz -> [2009/05/24 02:01:04 | 02,568,639 | ---- | M] ()
browsercrm-5.100.01.zip -> C:\Documents and Settings\Owner\Desktop\browsercrm-5.100.01.zip -> [2009/05/24 01:54:03 | 03,296,165 | ---- | M] ()
browsercrm_datasheet.pdf -> C:\Documents and Settings\Owner\Desktop\browsercrm_datasheet.pdf -> [2009/05/24 01:45:58 | 00,042,031 | ---- | M] ()
browsercrm_technology_platform.pdf -> C:\Documents and Settings\Owner\Desktop\browsercrm_technology_platform.pdf -> [2009/05/24 01:45:44 | 00,049,390 | ---- | M] ()
Calendar.xls -> C:\Documents and Settings\Owner\Desktop\Calendar.xls -> [2009/05/23 16:40:44 | 00,026,112 | ---- | M] ()
HotSync Manager.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk -> [2009/05/23 08:45:57 | 00,001,513 | ---- | M] ()
Palm Desktop.lnk -> C:\Documents and Settings\All Users\Desktop\Palm Desktop.lnk -> [2009/05/23 08:44:58 | 00,001,478 | ---- | M] ()
Enterprise.pdf -> C:\Documents and Settings\Owner\Desktop\Enterprise.pdf -> [2009/05/20 08:09:37 | 00,194,060 | ---- | M] ()
ContactScienceSiteDemo.swf -> C:\Documents and Settings\Owner\Desktop\ContactScienceSiteDemo.swf -> [2009/05/19 15:06:04 | 03,384,622 | ---- | M] ()
Pprostate cancer test.doc -> C:\Documents and Settings\Owner\Desktop\Pprostate cancer test.doc -> [2009/05/19 11:06:59 | 00,026,112 | ---- | M] ()
Mum's Account.xls -> C:\Documents and Settings\Owner\Desktop\Mum's Account.xls -> [2009/05/17 15:50:17 | 00,015,360 | ---- | M] ()
cc_20090517_102647.reg -> C:\Documents and Settings\Owner\My Documents\cc_20090517_102647.reg -> [2009/05/17 10:29:10 | 00,001,236 | ---- | M] ()
desktop.ini -> C:\Documents and Settings\Owner\My Documents\desktop.ini -> [2009/05/16 22:32:59 | 00,000,076 | -HS- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/05/16 22:13:15 | 00,004,646 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/05/16 22:13:15 | 00,004,232 | ---- | M] ()
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2009/05/16 14:00:20 | 00,001,729 | ---- | M] ()
Poulan 1420.pdf -> C:\Documents and Settings\Owner\Desktop\Poulan 1420.pdf -> [2009/05/16 09:40:23 | 00,102,215 | ---- | M] ()
avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/05/15 07:37:35 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> [2009/05/15 07:37:34 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2009/05/15 07:37:33 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtdix.sys -> C:\WINDOWS\System32\drivers\avgtdix.sys -> [2009/05/15 07:36:50 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
access.ctl -> C:\Documents and Settings\Owner\Local Settings\Application Data\access.ctl -> [2009/05/14 21:20:23 | 00,006,144 | -HS- | M] ()
CCleaner.lnk -> C:\Documents and Settings\Owner\Desktop\CCleaner.lnk -> [2009/05/14 11:20:47 | 00,001,548 | ---- | M] ()
Jag Costs.xls -> C:\Documents and Settings\Owner\Desktop\Jag Costs.xls -> [2009/05/13 14:36:39 | 00,014,848 | ---- | M] ()
standardAppdec08.pdf -> C:\Documents and Settings\Owner\Desktop\standardAppdec08.pdf -> [2009/05/09 22:47:28 | 00,178,014 | ---- | M] ()
£2 CReport.pdf -> C:\Documents and Settings\Owner\Desktop\£2 CReport.pdf -> [2009/05/09 22:46:06 | 00,072,587 | ---- | M] ()
spamfighter_web.exe -> C:\Documents and Settings\Owner\Desktop\spamfighter_web.exe -> [2009/05/09 16:25:01 | 01,699,576 | ---- | M] (SPAMfighter ApS)
MRT.exe -> C:\WINDOWS\System32\MRT.exe -> [2009/05/07 08:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation)
Invitation Letter - Mayur Jinr_UK_7 May 2009.pdf -> C:\Documents and Settings\Owner\Desktop\Invitation Letter - Mayur Jinr_UK_7 May 2009.pdf -> [2009/05/07 05:59:20 | 00,162,472 | ---- | M] ()
DMMSignature.JPG -> C:\Documents and Settings\Owner\Desktop\DMMSignature.JPG -> [2009/05/07 05:52:16 | 00,022,218 | ---- | M] ()
STN2SNN.jpg -> C:\Documents and Settings\Owner\Desktop\STN2SNN.jpg -> [2009/05/07 04:17:40 | 00,069,498 | ---- | M] ()
ABF1.ppt -> C:\Documents and Settings\Owner\Desktop\ABF1.ppt -> [2009/05/04 22:17:05 | 02,249,728 | ---- | M] ()
TeamViewer 4.lnk -> C:\Documents and Settings\All Users\Desktop\TeamViewer 4.lnk -> [2009/05/04 08:23:51 | 00,000,879 | ---- | M] ()
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat -> [2008/08/15 03:52:49 | 00,008,206 | ---- | M] ()
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [2008/05/23 13:13:59 | 00,001,372 | ---- | M] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:8A0EA08D2992ECF6
< End of report >


#8 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:06:08 AM

Posted 02 June 2009 - 06:31 AM

Ok Dave,
I still do not see where the setting was changed, but there are a couple of things to look at. First, there is tweakUI on the machine which has the capability of changing some settings. Did you use that program?
CleanMyPC is still resident, I am not a big fan of that.
Some P2P and related items on the machine, use caution with those types of programs.

When did this problem start, and what did you download right before it started?

Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#9 Solihull

Solihull
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 02 June 2009 - 09:13 AM

Hi Harry,

Let me try to answer the questions in the order you ask them:

Q. First, there is tweakUI on the machine which has the capability of changing some settings. Did you use that program?
A. I downloaded it with a view to trying to fix the problem but found it too complex and never did use it.

Q. CleanMyPC is still resident, I am not a big fan of that.
A. Do you think I should remove it?

Q. Some P2P and related items on the machine, use caution with those types of programs.
A. I'm not sure what these are - do I need to do anything with them?

Q. When did this problem start, and what did you download right before it started?
A. It started about 2 weeks ago - I don't recall downloading anything right before it started.

I did get locked into a cyclic process on one of those sites that requires an AVI viewer to be download. On cancel (I'm not downloading anything I don't know to be safe) the whole process of requesting the download be completed simply recycles. I had to switch off the PC to stop it all as I was unable to kill the website or the browser instance. Task manager was unavailable at that time (I was going to use it to kill the process) so I guess on reflection that this may be the route of the problem.

Hope this helps.

Regards
Dave

#10 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:06:08 AM

Posted 03 June 2009 - 06:37 AM

Ok Dave, lets take a look at another registry key. Follow the instructions I gave you for making a .bat file, and name it Solipeek1.bat. Post the results please.
regedit /e peek.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
type peek.txt 
start notepad peek.txt

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#11 Solihull

Solihull
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 03 June 2009 - 07:00 AM

Hi Harry,

Here is the result of running the batch file:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000002
"ShowCompColor"=dword:00000001
"HideFileExt"=dword:00000001
"DontPrettyPath"=dword:00000000
"ShowInfoTip"=dword:00000001
"HideIcons"=dword:00000000
"MapNetDrvBtn"=dword:00000000
"WebView"=dword:00000001
"Filter"=dword:00000000
"SuperHidden"=dword:00000000
"SeparateProcess"=dword:00000000
"ListviewAlphaSelect"=dword:00000000
"ListviewShadow"=dword:00000001
"ListviewWatermark"=dword:00000001
"TaskbarAnimations"=dword:00000001
"StartMenuInit"=dword:00000002
"NoNetCrawling"=dword:00000000
"FolderContentsInfoTip"=dword:00000001
"FriendlyTree"=dword:00000000
"WebViewBarricade"=dword:00000000
"DisableThumbnailCache"=dword:00000000
"ShowSuperHidden"=dword:00000000
"ClassicViewState"=dword:00000000
"PersistBrowsers"=dword:00000000
"StartButtonBalloonTip"=dword:00000002
"Start_ShowNetPlaces_ShouldShow"=dword:00000041
"ServerAdminUI"=dword:00000000
"TaskbarSizeMove"=dword:00000000
"TaskbarGlomming"=dword:00000001
"LoosenRudeAppCheck"=dword:00000001
"Start_ShowNetConn_ShouldShow"=dword:00000042
"Start_LargeMFUIcons"=dword:00000001
"Start_MinMFU"=dword:00000006
"Start_ShowRecentDocs"=dword:00000000
"Start_AutoCascade"=dword:00000001
"Start_NotifyNewApps"=dword:00000001

#12 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:06:08 AM

Posted 05 June 2009 - 07:45 PM

Hey Dave,
I did not forget about you, just a little slow due to time constraints right now.
More instructions to come shortly.

Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#13 Solihull

Solihull
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 05 June 2009 - 09:24 PM

Thanks Harry - No rush!
Your help is much appreciated
:thumbup2:

#14 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:06:08 AM

Posted 07 June 2009 - 07:50 AM

Hey David,
I loaded IE8 on one of the test machines, and I still do not see where ths error is coming from. Lets do this:
Launch Notepad
  • Copy/paste the content of the codebox below into a new text file.
  • Save it as Options.txt on your Desktop and as type"All Files"
RegSearch Options File

[Search]
DisableTaskMgr

[Exclude]

[Options]
Filter=KVDLU
Click here and download regsearch.zip by Bobbi Flekman and Save it to your desktop.
  • Once it has been downloaded, extract the regsearch.zip to your desktop.
  • Click on the regsearch folder icon on your desktop to open the folder.
  • Click regsearch.exe to start the program.
  • Click on "Import" and Select the file "Options.txt" that you created above.
  • Click "OK" and Registry Search will search the Registry and report what it finds.
  • Post the results into your next reply.
Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#15 Solihull

Solihull
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 07 June 2009 - 03:06 PM

Hi Harry,

Here are the results of the registry search:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 07/06/2009 21:03:09 for strings:
; 'disabletaskmgr'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users