Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware?


  • Please log in to reply
3 replies to this topic

#1 mgnor

mgnor

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 11 December 2005 - 12:31 PM

Hi all

I feel that my pc is slow and think it is some spyware. please help.

Logfile of HijackThis v1.99.1
Scan saved at 18:08:14, on 11.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Telenor Sikker Lagring\safestorage.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Documents and Settings\Eier\Skrivebord\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.online.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Telenor Sikker Lagring.lnk = C:\Programfiler\Telenor Sikker Lagring\safestorage.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 14 December 2005 - 04:43 PM

Hi mgnor and Welcome to the Bleeping Computer!

I dont see anything of concern in the HijackThis log.

I need a deeper look inside there to see what I can see,please.


Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart

Restart Normal and Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"


Post back with a fresh HijackThis log and the results of WinPFind and Blacklight.

#3 mgnor

mgnor
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 17 December 2005 - 06:40 AM

Hi.

I have done the things you have told me but i dident get enything whit the blbeta.

Logfile of HijackThis v1.99.1
Scan saved at 12:27:35, on 17.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Documents and Settings\Eier\Skrivebord\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.online.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.icanal.no/spill/commerce/catalo...es/ExentCtl.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe



WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 16.09.2002 13:00:00 41119 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 29.08.2005 13:27:12 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 08.12.2005 16:25:46 2716000 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 08.12.2005 16:25:46 2716000 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.08.2004 00:03:02 704000 C:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 04.09.2001 10:05:32 13107200 C:\WINDOWS\SYSTEM32\oembios.bin
Umonitor 04.08.2004 00:03:22 664064 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 16.09.2002 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 18.04.2004 20:26:08 1301488 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
17.12.2005 11:49:34 S 2048 C:\WINDOWS\bootstat.dat
01.12.2005 19:00:10 H 54156 C:\WINDOWS\QTFont.qfn
02.11.2005 13:35:48 RH 749 C:\WINDOWS\WindowsShell.Manifest
02.11.2005 13:35:58 H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
02.11.2005 13:36:52 HS 67 C:\WINDOWS\Fonts\desktop.ini
02.11.2005 13:35:58 H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
02.11.2005 13:36:26 RHS 747 C:\WINDOWS\pchealth\helpctr\PackageStore\package_1.cab
02.11.2005 13:36:26 RHS 20120 C:\WINDOWS\pchealth\helpctr\PackageStore\package_2.cab
02.11.2005 13:36:26 RHS 245463 C:\WINDOWS\pchealth\helpctr\PackageStore\package_3.cab
02.11.2005 13:37:38 H 225280 C:\WINDOWS\repair\ntuser.dat
02.11.2005 13:35:48 RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
02.11.2005 13:35:58 RH 488 C:\WINDOWS\system32\logonui.exe.manifest
02.11.2005 13:35:48 RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
02.11.2005 13:35:48 RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
02.11.2005 13:35:48 RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
02.11.2005 13:35:58 RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
02.11.2005 13:35:48 RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
01.12.2005 04:46:08 S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
02.12.2005 01:12:44 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
17.12.2005 11:49:56 H 36864 C:\WINDOWS\system32\config\default.LOG
17.12.2005 11:49:54 H 1024 C:\WINDOWS\system32\config\SAM.LOG
17.12.2005 11:49:36 H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
17.12.2005 11:50:18 H 65536 C:\WINDOWS\system32\config\software.LOG
17.12.2005 11:49:40 H 835584 C:\WINDOWS\system32\config\system.LOG
02.11.2005 14:18:26 H 1024 C:\WINDOWS\system32\config\TempKey.LOG
02.11.2005 14:18:30 H 1024 C:\WINDOWS\system32\config\userdiff.LOG
14.12.2005 20:12:42 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
02.11.2005 14:20:40 HS 62 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\desktop.ini
02.11.2005 13:42:30 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\desktop.ini
02.11.2005 13:42:30 HS 113 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\desktop.ini
02.11.2005 13:42:30 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\desktop.ini
02.11.2005 13:42:30 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\desktop.ini
02.11.2005 13:42:30 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\G5YZODYZ\desktop.ini
02.11.2005 13:42:30 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\KH27CDM3\desktop.ini
02.11.2005 13:42:30 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\SHEZO9UF\desktop.ini
02.11.2005 13:42:30 HS 67 C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet Files\Content.IE5\WLAZ81M3\desktop.ini
02.11.2005 14:20:40 HS 62 C:\WINDOWS\system32\config\systemprofile\Programdata\desktop.ini
15.11.2005 01:09:12 S 688 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
14.12.2005 18:55:44 S 22738 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30
05.11.2005 21:58:12 S 558 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
15.11.2005 01:09:12 S 94 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
14.12.2005 18:55:44 S 124 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30
05.11.2005 21:58:12 S 144 C:\WINDOWS\system32\config\systemprofile\Programdata\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
02.11.2005 13:36:02 HS 179 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
02.11.2005 14:20:40 HS 62 C:\WINDOWS\system32\config\systemprofile\Start-meny\desktop.ini
02.11.2005 13:37:36 HS 141 C:\WINDOWS\system32\config\systemprofile\Start-meny\Programmer\desktop.ini
02.11.2005 13:37:36 HS 84 C:\WINDOWS\system32\config\systemprofile\Start-meny\Programmer\Oppstart\desktop.ini
02.11.2005 13:37:36 HS 494 C:\WINDOWS\system32\config\systemprofile\Start-meny\Programmer\Tilbehør\desktop.ini
02.11.2005 13:37:36 HS 299 C:\WINDOWS\system32\config\systemprofile\Start-meny\Programmer\Tilbehør\Tilgjengelighet\desktop.ini
02.11.2005 13:37:36 HS 84 C:\WINDOWS\system32\config\systemprofile\Start-meny\Programmer\Tilbehør\Underholdning\desktop.ini
29.11.2005 21:21:18 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\73d04efc-32d4-44b1-b890-4adb5c037748
29.11.2005 21:21:18 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
02.11.2005 13:42:40 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\8e860d8a-e109-47ee-b70f-20141b8c404a
04.11.2005 19:54:26 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\d5799360-43ae-41d8-a12a-ed4d679ce851
04.11.2005 19:54:26 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
17.12.2005 11:48:26 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 04.08.2004 00:03:40 69120 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 18.06.2004 16:32:34 15684608 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 04.08.2004 00:03:40 551424 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04.08.2004 00:03:40 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04.08.2004 00:03:40 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 00:03:40 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 00:03:40 155648 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 04.08.2004 00:03:40 358912 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 00:03:40 130048 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 00:03:40 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 00:03:40 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 16.09.2002 13:00:00 188416 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 00:03:40 619008 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 16.09.2002 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 00:03:40 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 00:03:40 256512 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 04.08.2004 00:03:40 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04.08.2004 00:03:40 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
19.04.2004 13:52:42 454656 C:\WINDOWS\SYSTEM32\slcpappl.cpl
Microsoft Corporation 04.08.2004 00:03:40 299008 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 16.09.2002 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 00:03:40 93696 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 00:03:40 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.05.2005 04:16:34 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 04.08.2004 00:03:40 69120 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 04.08.2004 00:03:40 551424 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 04.08.2004 00:03:40 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 04.08.2004 00:03:40 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 04.08.2004 00:03:40 155648 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 04.08.2004 00:03:40 358912 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 04.08.2004 00:03:40 130048 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 04.08.2004 00:03:40 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 16.09.2002 13:00:00 188416 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 04.08.2004 00:03:40 619008 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 16.09.2002 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 04.08.2004 00:03:40 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 04.08.2004 00:03:40 256512 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 04.08.2004 00:03:40 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 04.08.2004 00:03:40 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 04.08.2004 00:03:40 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 04.08.2004 00:03:40 299008 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 16.09.2002 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 04.08.2004 00:03:40 93696 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 04.08.2004 00:03:40 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 26.05.2005 04:16:34 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
02.11.2005 13:37:36 HS 84 C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\desktop.ini
05.11.2005 14:49:42 1727 C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
02.11.2005 14:20:40 HS 62 C:\Documents and Settings\All Users\Programdata\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
02.11.2005 13:37:36 HS 84 C:\Documents and Settings\Eier\Start-meny\Programmer\Oppstart\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
02.11.2005 14:20:40 HS 62 C:\Documents and Settings\Eier\Programdata\desktop.ini
26.11.2005 20:32:42 164 C:\Documents and Settings\Eier\Programdata\wklnhst.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\RenegadeContextMenuExt
{3883DC3D-6593-421B-AF0E-6EBA2FCE4081} = C:\Programfiler\Telenor Sikker Lagring\STGSHEXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Startmeny-pinne = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\RenegadeContextMenuExt
{3883DC3D-6593-421B-AF0E-6EBA2FCE4081} = C:\Programfiler\Telenor Sikker Lagring\STGSHEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\programfiler\google\googletoolbar2.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Dagens tips = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Internet Security : C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\programfiler\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koblinger : %SystemRoot%\system32\SHELL32.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Internet Security : C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programfiler\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
SoundMan SOUNDMAN.EXE
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
SunJavaUpdateSched C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
ccApp "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
DJSNetCN C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FELLES~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 17.12.2005 11:56:25


Hope you finde somthing, my pc is so slow when starting up the pc and programs

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 17 December 2005 - 07:32 AM

Not seeing much in the WinPFind Scan.

Lets try this online Scan

Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates


Post the results of the Online Scan in the next reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users