Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Acct Frozen After Trying To Remove Spyquake.


  • Please log in to reply
12 replies to this topic

#1 AJ Bell

AJ Bell

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:10:09 PM

Posted 02 July 2006 - 02:40 PM

Hi, hope you can help. I have 3 accounts on my computer and when I used the Spyquake remover 2 accounts were cleared but the 3rd got messed up. By messed up I mean that: 1, the start menu is gone, 2, the internet can't be accessed and 3, the restore function doesn't work. In the internet security screen it has a big restricted site and that's all. The main reason I want to restore this site as opposed to just creating a new one is that there are outlook file folders that I'd like to have and haven't been able to retrieve them any other way. I appreciate any help. Thanks. A J
Logfile of HijackThis v1.99.1
Scan saved at 3:05:15 PM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:09 PM

Posted 09 July 2006 - 09:35 AM

Hello AJ Bell and welcome to the BC HijackThis forum. 2 questions:

1 - is this a scan from the account that is having the issues?

2 - is this a Gateway computer?

Let's get a fresh HijackThis scan from the account that is affected and we'll go from there.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 AJ Bell

AJ Bell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:10:09 PM

Posted 11 July 2006 - 06:25 AM

OT,
To your questions:
No the log was not from the account having issues because I cannot get that one,
secondly, my computer is an emachine.
Note: concerning the preparation guide to be used before posting a log, I cannot
get this account to perform step 5 - 9. The message I get says "Your current security
settings do not allow this file to be downloaded".
V/R
A J

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:09 PM

Posted 11 July 2006 - 06:00 PM

Hi AJ Bell. We need the log to be made from the account having the problems. If it is run from a different account then the information is naturally different.

How about this. Can you log into the problem account at all? You do not need to download HijackThis while in that account. Simply download it from another account on the machine and then unzip it to a location like C:\ where the affected account can access it and run it. Because the scans from each account are unique to each account we will have to get a scan while using the problematic account.

Also, tell me a little about this acobleep. Is it a user account or an administrator account? If it's a user account, then make it an administrator account. If it's already an administrator account then try making it a user account, saving it and then making it an administrator account again. It kind of sounds like it might just be a policy issue where the account policies need to be reset.

Let me know what happens.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 AJ Bell

AJ Bell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:10:09 PM

Posted 12 July 2006 - 07:11 PM

Hi OT,
Followed your direction and was able to get the logfile of the problem account. The account is an administrator's account. I was able to make it a user account which seemed to make a small difference but the main things that needed to function, i.e. ability to download, get outlook accounts, etc, were still unavailable. When I changed the account back to administrator, the aforementioned changes were gone. Thanks for your help thus far. Hopefully the log will give you the answers to make this machine well.
V/R
A J



Logfile of HijackThis v1.99.1
Scan saved at 7:35:56 PM, on 7/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:09 PM

Posted 15 July 2006 - 11:29 AM

Hi AJ Bell. It looks like we have a couple of items to fix up. I also want to have a file checked out at Jotti's. Please print these directions and then proceed with the following steps in order.

Step #1

Download CCleaner and install it but do not run it yet.

Step #2

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #3

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #4

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Now perform a search for this file and note the location. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.ShowWnd.exe
Go to the Jotti's malware scan page and use the buttons at the top of the page to browse to this file(s) on your hard drive to submit for a scan:ShowWnd.exe
Several scanning engines will be used to check the file for any threats. Please post the results of the scans back here.

Step #5

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with the information from the Jotti scan and details of any problems you encountered performing the above steps and I will review it when it comes in.

Can you also give me a little detail on what is happening with Outlook. I'm not sure I understand what is meant by not being able to get Outlook accounts. Does Outlook start but you cannot open the mail file? Is there any error message? Etc.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 AJ Bell

AJ Bell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:10:09 PM

Posted 22 July 2006 - 08:49 AM

OT, after doing step 2, all the checked files remained except for 2 of them. 2 - Bho: (no name) - {FDD...etc, etc was deleted as was the 016 - DPF: { DBA...etc, etc. I tried to delete the others several times to no avail. I figured to let you know what happened since the other steps seem predicated on this one working. 2ndly Outlook will not start, open or do anything. Message states Cannot start Microsoft Office Outlook. Something else that may help - I can get to the internet site i.e. bc.com but once there I can look at things but not get anything to download or if I do a search - it will let me type the words but will not execute the command. Thanks for your time. A J

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:09 PM

Posted 22 July 2006 - 09:44 AM

Hi AJ Bell. Ok, let's dig into this a little deeper.

Download WinPFind2.zip and unzip it to your Desktop. It will create a folder named WinPFind2. Do NOT run the program directly from the zip file.
  • Open the folder and double-click on winpfind2.exe to start the program.
  • Keep the standard settings and then in the AddOn-Options box click the checkboxes for
    • Policies
    • ZoneMap
    to select them.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Export To Text button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Since the report is quite large it will require multiple posts to show it all. Follow the markers for [Start Post #1], [Start Post #2] and [Start Post #3] to divide the report into 3 separate posts and use the Add Reply button to post the information back here.

I will review the information when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 AJ Bell

AJ Bell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:10:09 PM

Posted 22 July 2006 - 01:15 PM

[Start Post #1]

Processes
Image Name---------------ProcessID--Thread Count--Parent ID--Base Priority--Full Path (Version Info)
alg.exe------------------000468-----0006----------000680-----Normal---------c:\windows\system32\alg.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Date = 08/04/2004 14:00 | Attr = ])
bigfix.exe---------------001104-----0001----------000212-----Normal---------c:\program files\bigfix\bigfix.exe (BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Date = 07/31/2002 19:22 | Attr = ])
cavrid.exe---------------003220-----0003----------000212-----Normal---------c:\program files\ca\etrust ez armor\etrust ez antivirus\cavrid.exe (Computer Associates International, Inc. [Ver = Version 11.0.6.7 | Size = 185456 bytes | Date = 07/10/2006 20:46 | Attr = ])
cavtray.exe--------------004016-----0006----------000212-----Normal---------c:\program files\ca\etrust ez armor\etrust ez antivirus\cavtray.exe (Computer Associates International, Inc. [Ver = Version 11.0.6.7 | Size = 230512 bytes | Date = 07/10/2006 20:46 | Attr = ])
csrss.exe----------------000612-----0014----------000564-----Normal---------\??\c:\windows\system32\csrss.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Date = 08/04/2004 14:00 | Attr = ])
ctfmon.exe---------------002104-----0001----------000212-----Normal---------c:\windows\system32\ctfmon.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Date = 08/04/2004 14:00 | Attr = ])
easyshare.exe------------000660-----0004----------000212-----Normal---------c:\program files\kodak\kodak easyshare software\bin\easyshare.exe (Eastman Kodak Company [Ver = 5, 0, 4, 167 | Size = 757760 bytes | Date = 03/10/2005 09:40 | Attr = ])
explorer.exe-------------000212-----0017----------003456-----Normal---------c:\windows\explorer.exe (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Date = 08/04/2004 14:00 | Attr = ])
hpgs2wnd.exe-------------001176-----0003----------000212-----Normal---------c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe (Hewlett-Packard [Ver = 2,3,0,0\ 162 | Size = 69632 bytes | Date = 04/17/2002 10:42 | Attr = ])
hpgs2wnf.exe-------------003508-----0003----------000844-----Normal---------c:\program files\hewlett-packard\hp share-to-web\hpgs2wnf.exe ( [Ver = 2, 6, 0, 162 | Size = 77824 bytes | Date = 04/17/2002 10:49 | Attr = ])
isafe.exe----------------001608-----0006----------000680-----Normal---------c:\program files\ca\etrust ez armor\etrust ez antivirus\isafe.exe (Computer Associates International, Inc. [Ver = Version 11.0.6.7 | Size = 259184 bytes | Date = 07/10/2006 20:46 | Attr = ])
jusched.exe--------------003340-----0001----------000212-----Normal---------c:\program files\java\jre1.5.0_07\bin\jusched.exe (Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 36975 bytes | Date = 05/03/2006 01:56 | Attr = ])
kodak software updater.exe002268-----0011----------000212-----Normal---------c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe ( [Ver = | Size = 16423 bytes | Date = 02/13/2004 14:12 | Attr = ])
kodakccs.exe-------------001644-----0002----------000680-----Normal---------c:\windows\system32\drivers\kodakccs.exe (Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 322104 bytes | Date = 05/24/2004 12:35 | Attr = ])
lsass.exe----------------000692-----0019----------000636-----Normal---------c:\windows\system32\lsass.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Date = 08/04/2004 14:00 | Attr = ])
mdm.exe------------------001680-----0004----------000680-----Normal---------c:\program files\common files\microsoft shared\vs7debug\mdm.exe (Microsoft Corporation [Ver = 7.00.9466 | Size = 322120 bytes | Date = 06/19/2003 23:25 | Attr = ])
mnyexpr.exe--------------002484-----0001----------000212-----Normal---------c:\program files\microsoft money\system\mnyexpr.exe (Microsoft Corp. [Ver = 12.00.0613 | Size = 200704 bytes | Date = 06/18/2003 21:00 | Attr = ])
msmsgs.exe---------------003736-----0008----------000212-----Normal---------c:\program files\messenger\msmsgs.exe (Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Date = 10/13/2004 11:24 | Attr = ])
nvsvc32.exe--------------001724-----0003----------000680-----Normal---------c:\windows\system32\nvsvc32.exe (NVIDIA Corporation [Ver = 6.14.10.5664 | Size = 77824 bytes | Date = 03/03/2004 19:29 | Attr = ])
pdvdserv.exe-------------000388-----0002----------000212-----Normal---------c:\program files\cyberlink\powerdvd\pdvdserv.exe (Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Date = 11/01/2003 04:42 | Attr = ])
prismxl.sys--------------001752-----0002----------000680-----Normal---------c:\program files\common files\new boundary\prismxl\prismxl.sys (New Boundary Technologies, Inc. [Ver = 5.0 | Size = 65536 bytes | Date = 10/01/2004 09:40 | Attr = ])
qttask.exe---------------001652-----0002----------000212-----Normal---------c:\program files\quicktime\qttask.exe (Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Date = 10/01/2004 11:04 | Attr = ])
services.exe-------------000680-----0015----------000636-----Normal---------c:\windows\system32\services.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Date = 08/04/2004 14:00 | Attr = ])
slserv.exe---------------001808-----0003----------000680-----Normal---------c:\windows\system32\slserv.exe (Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Date = 08/04/2004 02:56 | Attr = ])
smc.exe------------------001060-----0023----------000680-----Normal---------c:\program files\sygate\spf\smc.exe (Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Date = 10/15/2004 18:40 | Attr = ])
smss.exe-----------------000564-----0003----------000004-----Normal---------\systemroot\system32\smss.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Date = 08/04/2004 14:00 | Attr = ])
soundman.exe-------------002536-----0002----------000212-----Normal---------c:\windows\soundman.exe (Realtek Semiconductor Corp. [Ver = 5.1.10 | Size = 57344 bytes | Date = 08/15/2003 09:34 | Attr = ])
spoolsv.exe--------------001468-----0011----------000680-----Normal---------c:\windows\system32\spoolsv.exe (Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Date = 06/10/2005 18:53 | Attr = ])
sstray.exe---------------004056-----0002----------000212-----Normal---------c:\windows\system32\sstray.exe (NVIDIA Corporation [Ver = 1.00.00.0366 | Size = 73728 bytes | Date = 09/03/2003 03:25 | Attr = ])
svchost.exe--------------001224-----0006----------000680-----Normal---------c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
svchost.exe--------------001288-----0018----------000680-----Normal---------c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
svchost.exe--------------001020-----0072----------000680-----Normal---------c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
svchost.exe--------------000924-----0011----------000680-----Normal---------c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
svchost.exe--------------000844-----0016----------000680-----Normal---------c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
svchost.exe--------------001896-----0006----------000680-----Normal---------c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
vetmsg.exe---------------000132-----0007----------000680-----Normal---------c:\program files\ca\etrust ez armor\etrust ez antivirus\vetmsg.exe (Computer Associates International, Inc. [Ver = Version 11.0.6.7 | Size = 201840 bytes | Date = 07/10/2006 20:46 | Attr = ])
wdfmgr.exe---------------001948-----0004----------000680-----Normal---------c:\windows\system32\wdfmgr.exe (Microsoft Corporation [Ver = 5.2.3790.1230 built by: DNSRV(bld4act) | Size = 38912 bytes | Date = 09/22/2004 17:46 | Attr = ])
winlogon.exe-------------000636-----0015----------000564-----High-----------\??\c:\windows\system32\winlogon.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Date = 08/04/2004 14:00 | Attr = ])
winpfind2.exe------------003004-----0001----------000212-----Normal---------c:\documents and settings\carol bell\desktop\winpfind2\winpfind2\winpfind2.exe (OldTimer Tools [Ver = 1.0.0.0 | Size = 381440 bytes | Date = 01/01/2002 00:57 | Attr = ])
wkufind.exe--------------001784-----0001----------000212-----Normal---------c:\program files\common files\microsoft shared\works shared\wkufind.exe (Microsoft® Corporation [Ver = 9.00.0607.0 | Size = 50688 bytes | Date = 06/07/2003 12:32 | Attr = ])
wmiprvse.exe-------------000508-----0007----------000844-----Normal---------c:\windows\system32\wbem\wmiprvse.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 218112 bytes | Date = 08/04/2004 14:00 | Attr = ])
zhotkey.exe--------------000996-----0002----------000212-----Normal---------c:\windows\zhotkey.exe ( [Ver = 3, 0, 0, 7 | Size = 543232 bytes | Date = 05/18/2004 03:30 | Attr = ])

Registry Entries
Key--------------------------------------------------------------------------------------------------------------------- Value (Version Info)
WinPFind2 by OldTimer - Version 1.0.0-----------------------------------------------------------------------------------
Microsoft Windows XP Version = Service Pack 2--------------------------------------------------------------------------
Internet Explorer Version = 6.0.2900.2180------------------------------------------------------------------------------
Internet Explorer Settings----------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page-------------------------------------------------------------- http://www.rr.com/flash/index.cfm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page------------------------------------------------------------- http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Page------------------------------------------------------------ http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Search---------------------------------------------------------- http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page-------------------------------------------------------------- %SystemRoot%\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page-------------------------------------------------------------- http://www.rr.com/flash/index.cfm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page------------------------------------------------------------- http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page-------------------------------------------------------------- C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable------------------------------------------- 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride-----------------------------------------
BHO's-------------------------------------------------------------------------------------------------------------------
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}--- AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Date = 01/12/2006 20:38 | Attr = ])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}--- = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Date = 05/31/2005 00:04 | Attr = ])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}--- SSVHelper Class = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 434279 bytes | Date = 05/03/2006 02:14 | Attr = ])
Internet Explorer Bars, Toolbars and Extensions-------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}-------------------------- &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation [Ver = 6.00.2900.2919 (xpsp_sp2_gdr.060529-0150) | Size = 1494016 bytes | Date = 05/29/2006 10:30 | Attr = ])
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}----------------------------- MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll (Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 69746 bytes | Date = 05/03/2006 02:14 | Attr = ])
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}----------------------------- MenuText: = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll (Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 434279 bytes | Date = 05/03/2006 02:14 | Attr = ])
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{653D93AF-C741-4e5e-8C1B-59BA43F93E16}----------------------------- ButtonText: Panda ActiveScan = http://www.pandasoftware.com/activescan (File not found)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}----------------------------- MenuText: Uninstall BitDefender Online Scanner v8 = (File not found)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}----------------------------- MenuText: = (File not found)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}----------------------------- ButtonText: Research = (File not found)
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}-------------------------- Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) | Size = 1022976 bytes | Date = 05/10/2006 00:23 | Attr = ])
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}-------------------------- Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation [Ver = 6.00.2900.2919 (xpsp_sp2_gdr.060529-0150) | Size = 1494016 bytes | Date = 05/29/2006 10:30 | Attr = ])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}------------------ &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) | Size = 1022976 bytes | Date = 05/10/2006 00:23 | Attr = ])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}------------------ = (File not found)
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}-------------------- &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) | Size = 1022976 bytes | Date = 05/10/2006 00:23 | Attr = ])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}-------------------- &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Date = 03/16/2006 23:03 | Attr = ])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C}-------------------- = (File not found)
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}-------------------- Yahoo! Toolbar = (File not found)
HKCU\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar search--------------------------------------------------- res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML (File not found)
HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel-------------------------------------------- res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation [Ver = 11.0.8033 | Size = 10196752 bytes | Date = 06/23/2006 11:38 | Attr = ])
Approved Shell Extensions (Non-Microsoft only)--------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1CDB2949-8F65-4355-8456-263E7C208A5D}--------- Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation [Ver = 6.14.10.5664 | Size = 454656 bytes | Date = 03/03/2004 19:29 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1CE2AA40-1317-11D3-9922-00104B0AD431}--------- CA_AntiVirus = C:\WINDOWS\avshlext.dll (Computer Associates International, Inc. [Ver = Version 11.0.6.7 | Size = 111728 bytes | Date = 07/10/2006 20:46 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1E9B04FB-F9E5-4718-997B-B8DA88302A47}--------- = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation [Ver = 6.14.10.5664 | Size = 454656 bytes | Date = 03/03/2004 19:29 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1E9B04FB-F9E5-4718-997B-B8DA88302A48}--------- nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation [Ver = 6.14.10.5664 | Size = 454656 bytes | Date = 03/03/2004 19:29 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42071714-76d4-11d1-8b24-00a0c9068ff3}--------- Display Panning CPL Extension = deskpan.dll (File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8}--------- HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 08/04/2004 14:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A4DF5659-0801-4A60-9607-1C48695EFDA9}--------- Share-to-Web Upload Folder = C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL (Hewlett-Packard [Ver = 2, 6, 0, 162 | Size = 147456 bytes | Date = 04/17/2002 10:40 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A70C977A-BF00-412C-90B7-034C51DA2439}--------- DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation [Ver = 6.14.10.5664 | Size = 2904064 bytes | Date = 03/03/2004 19:29 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{acb4a560-3606-11d3-aef4-00104bd0f92d}--------- KodakShellExtension = C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll (Eastman Kodak Company [Ver = 2.0.2300.2 | Size = 381019 bytes | Date = 05/20/2004 09:20 | Attr = ])
ContextMenuHandlers (Non-Microsoft only)--------------------------------------------------------------------------------
HKCR\*\shellex\ContextMenuHandlers\CA_AntiVirus------------------------------------------------------------------------- {1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll (Computer Associates International, Inc. [Ver = Version 11.0.6.7 | Size = 111728 bytes | Date = 07/10/2006 20:46 | Attr = ])
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\CA_AntiVirus--------------------------------------------------- {1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll (Computer Associates International, Inc. [Ver = Version 11.0.6.7 | Size = 111728 bytes | Date = 07/10/2006 20:46 | Attr = ])
ColumnHandlers (Non-Microsoft only)-------------------------------------------------------------------------------------
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}------------------------------ PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Date = 12/14/2004 01:20 | Attr = ])
Registry Run Keys-------------------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CaAvTray------------------------------------------------------------ "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" (Computer Associates International, Inc. [Ver = Version 11.0.6.7 | Size = 230512 bytes | Date = 07/10/2006 20:46 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CAVRID-------------------------------------------------------------- "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" (Computer Associates International, Inc. [Ver = Version 11.0.6.7 | Size = 185456 bytes | Date = 07/10/2006 20:46 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CHotkey------------------------------------------------------------- zHotkey.exe ( [Ver = 3, 0, 0, 7 | Size = 543232 bytes | Date = 05/18/2004 03:30 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Microsoft Works Update Detection------------------------------------ C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation [Ver = 9.00.0607.0 | Size = 50688 bytes | Date = 06/07/2003 12:32 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck----------------------------------------------------- C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Date = 07/09/2001 20:50 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nForce Tray Options------------------------------------------------- sstray.exe /r (NVIDIA Corporation [Ver = 1.00.00.0366 | Size = 73728 bytes | Date = 09/03/2003 03:25 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon--------------------------------------------------------- RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter------------------------------------------------------- RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task------------------------------------------------------ "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Date = 10/01/2004 11:04 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RemoteControl------------------------------------------------------- "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Date = 11/01/2003 04:42 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Share-to-Web Namespace Daemon--------------------------------------- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard [Ver = 2,3,0,0\ 162 | Size = 69632 bytes | Date = 04/17/2002 10:42 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ShowWnd------------------------------------------------------------- ShowWnd.exe ( [Ver = | Size = 36864 bytes | Date = 09/19/2003 18:09 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SmcService---------------------------------------------------------- C:\PROGRA~1\Sygate\SPF\smc.exe -startgui (Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Date = 10/15/2004 18:40 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SoundMan------------------------------------------------------------ SOUNDMAN.EXE (Realtek Semiconductor Corp. [Ver = 5.1.10 | Size = 57344 bytes | Date = 08/15/2003 09:34 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched-------------------------------------------------- C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe (Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 36975 bytes | Date = 05/03/2006 01:56 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\\-------------------------------------------------------------- (File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL--------------------------------------------- Installed = 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI---------------------------------------------- Installed = 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS---------------------------------------------- Installed = 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe---------------------------------------------------------- C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Date = 08/04/2004 14:00 | Attr = ])
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MoneyAgent---------------------------------------------------------- "C:\Program Files\Microsoft Money\System\mnyexpr.exe" (Microsoft Corp. [Ver = 12.00.0613 | Size = 200704 bytes | Date = 06/18/2003 21:00 | Attr = ])
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSMSGS-------------------------------------------------------------- "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Date = 10/13/2004 11:24 | Attr = ])
Startup Lnks------------------------------------------------------------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk--------------------------- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Date = 09/24/2005 01:05 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk---------------------------------------------- C:\Program Files\BigFix\BigFix.exe (BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Date = 07/31/2002 19:22 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini--------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ( [Ver = | Size = 84 bytes | Date = 08/26/2004 20:04 | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk---------------------------- C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe (Eastman Kodak Company [Ver = 5, 0, 4, 167 | Size = 757760 bytes | Date = 03/10/2005 09:40 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk------------------------------ C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ( [Ver = | Size = 16423 bytes | Date = 02/13/2004 14:12 | Attr = ])
Disabled MSConfig Items-------------------------------------------------------------------------------------------------
User Agent Post Platform------------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\SV1--------------------------
AppInit DLLs------------------------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs------------------------------------------------- (File not found)
Image File Execution Options--------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path- Debugger = ntsd -d
Shell Service Object Delay Load-----------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn-------------------------------------- {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Date = 03/16/2006 23:03 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder---------------------------- {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Date = 03/16/2006 23:03 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray------------------------------------- {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Date = 08/04/2004 14:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\UPnPMonitor--------------------------------- {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239616 bytes | Date = 08/04/2004 14:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck------------------------------------ {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Date = 08/04/2004 14:00 | Attr = ])
Shell Execute Hooks-----------------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972}------- URL Exec Hook = shell32.dll (Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Date = 03/16/2006 23:03 | Attr = ])
Shared Task Scheduler---------------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}----- Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) | Size = 1022976 bytes | Date = 05/10/2006 00:23 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030}----- Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) | Size = 1022976 bytes | Date = 05/10/2006 00:23 | Attr = ])
Winlogon----------------------------------------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit---------------------------------------------------- C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Date = 08/04/2004 14:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell------------------------------------------------------- Explorer.exe (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Date = 08/04/2004 14:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System------------------------------------------------------ (File not found)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain------------------------------------------ crypt32.dll (Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Date = 08/04/2004 14:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet---------------------------------------------- cryptnet.dll (Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Date = 08/04/2004 14:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll------------------------------------------------ cscdll.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Date = 08/04/2004 14:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp-------------------------------------------- wlnotify.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 14:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule---------------------------------------------- wlnotify.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 14:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy---------------------------------------------- sclgntfy.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Date = 08/04/2004 14:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn---------------------------------------------- WlNotify.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 14:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv----------------------------------------------- wlnotify.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 14:00 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon---------------------------------------------- WgaLogon.dll (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 702768 bytes | Date = 06/19/2006 15:20 | Attr = ])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon--------------------------------------------- wlnotify.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 14:00 | Attr = ])
DNS Name Servers--------------------------------------------------------------------------------------------------------
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7F88C218-6A04-401A-A4CB-769D3621EBF9}--------------- (Realtek RTL8139 Family PCI Fast Ethernet NIC)
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E161EB27-1021-4CF1-9EAE-F4FA0CBFA621}--------------- (NVIDIA nForce MCP Networking Controller)
Winsock2 Catalogs (Non-Microsoft only)----------------------------------------------------------------------------------
Protocol Handlers (Non-Microsoft only)----------------------------------------------------------------------------------
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ipp----------------------------------------------------------------------------- (File not found)
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp------------------------------------------------------------------------- (File not found)
Protocol Filters (Non-Microsoft only)-----------------------------------------------------------------------------------

#10 AJ Bell

AJ Bell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:10:09 PM

Posted 22 July 2006 - 01:17 PM

[Start Post #2]

Services
Name--------------------------------------------------------Internal Name------------Startup Type---State-----Service Type--------------------------------------Path (Version Info)
Alerter-----------------------------------------------------Alerter------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Application Layer Gateway Service---------------------------ALG----------------------On Demand------Running---Win32, running in it's own process----------------C:\WINDOWS\System32\alg.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Date = 08/04/2004 14:00 | Attr = ])
Windows Audio-----------------------------------------------AudioSrv-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Background Intelligent Transfer Service---------------------BITS---------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Computer Browser--------------------------------------------Browser------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
CAISafe-----------------------------------------------------CAISafe------------------Automatic------Running---Win32, running in it's own process----------------C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe (Computer Associates International, Inc. [Ver = Version 11.0.6.7 | Size = 259184 bytes | Date = 07/10/2006 20:46 | Attr = ])
Cryptographic Services--------------------------------------CryptSvc-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
DCOM Server Process Launcher--------------------------------DcomLaunch---------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost -k DcomLaunch (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
DHCP Client-------------------------------------------------Dhcp---------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
DNS Client--------------------------------------------------Dnscache-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k NetworkService (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Error Reporting Service-------------------------------------ERSvc--------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Event Log---------------------------------------------------Eventlog-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\services.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Date = 08/04/2004 14:00 | Attr = ])
COM+ Event System-------------------------------------------EventSystem--------------On Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Fast User Switching Compatibility---------------------------FastUserSwitchingCompatibilityOn Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Help and Support--------------------------------------------helpsvc------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
HID Input Service-------------------------------------------HidServ------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Kodak Camera Connection Software----------------------------KodakCCS-----------------Automatic------Running---Win32, running in it's own process----------------C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 322104 bytes | Date = 05/24/2004 12:35 | Attr = ])
Server------------------------------------------------------lanmanserver-------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Workstation-------------------------------------------------lanmanworkstation--------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
TCP/IP NetBIOS Helper---------------------------------------LmHosts------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Machine Debug Manager---------------------------------------MDM----------------------Automatic------Running---Win32, running in it's own process----------------"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (Microsoft Corporation [Ver = 7.00.9466 | Size = 322120 bytes | Date = 06/19/2003 23:25 | Attr = ])
Network Connections-----------------------------------------Netman-------------------On Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Network Location Awareness (NLA)----------------------------Nla----------------------On Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
NVIDIA Display Driver Service-------------------------------NVSvc--------------------Automatic------Running---Win32, running in it's own process----------------C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation [Ver = 6.14.10.5664 | Size = 77824 bytes | Date = 03/03/2004 19:29 | Attr = ])
Plug and Play-----------------------------------------------PlugPlay-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\services.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Date = 08/04/2004 14:00 | Attr = ])
IPSEC Services----------------------------------------------PolicyAgent--------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\lsass.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Date = 08/04/2004 14:00 | Attr = ])
PrismXL-----------------------------------------------------PrismXL------------------Automatic------Running---Win32, running in it's own process----------------C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc. [Ver = 5.0 | Size = 65536 bytes | Date = 10/01/2004 09:40 | Attr = ])
Protected Storage-------------------------------------------ProtectedStorage---------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\lsass.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Date = 08/04/2004 14:00 | Attr = ])
Remote Access Connection Manager----------------------------RasMan-------------------On Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Remote Procedure Call (RPC)---------------------------------RpcSs--------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost -k rpcss (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Security Accounts Manager-----------------------------------SamSs--------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\lsass.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Date = 08/04/2004 14:00 | Attr = ])
Task Scheduler----------------------------------------------Schedule-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Secondary Logon---------------------------------------------seclogon-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
System Event Notification-----------------------------------SENS---------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Windows Firewall/Internet Connection Sharing (ICS)----------SharedAccess-------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Shell Hardware Detection------------------------------------ShellHWDetection---------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
SmartLinkService--------------------------------------------SLService----------------Automatic------Running---Win32, running in it's own process----------------slserv.exe (Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Date = 08/04/2004 02:56 | Attr = ])
Sygate Personal Firewall------------------------------------SmcService---------------Automatic------Running---Win32, running in it's own process----------------C:\Program Files\Sygate\SPF\smc.exe (Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Date = 10/15/2004 18:40 | Attr = ])
Print Spooler-----------------------------------------------Spooler------------------Automatic------Running---Win32, running in it's own process----------------C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Date = 06/10/2005 18:53 | Attr = ])
System Restore Service--------------------------------------srservice----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
SSDP Discovery Service--------------------------------------SSDPSRV------------------On Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Windows Image Acquisition (WIA)-----------------------------stisvc-------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k imgsvc (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Telephony---------------------------------------------------TapiSrv------------------On Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Terminal Services-------------------------------------------TermService--------------On Demand------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost -k DComLaunch (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Themes------------------------------------------------------Themes-------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Distributed Link Tracking Client----------------------------TrkWks-------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Windows User Mode Driver Framework--------------------------UMWdf--------------------Automatic------Running---Win32, running in it's own process----------------C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation [Ver = 5.2.3790.1230 built by: DNSRV(bld4act) | Size = 38912 bytes | Date = 09/22/2004 17:46 | Attr = ])
VET Message Service-----------------------------------------VETMSGNT-----------------Automatic------Running---Win32, running in it's own process----------------C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe (Computer Associates International, Inc. [Ver = Version 11.0.6.7 | Size = 201840 bytes | Date = 07/10/2006 20:46 | Attr = ])
Windows Time------------------------------------------------W32Time------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
WebClient---------------------------------------------------WebClient----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Windows Management Instrumentation--------------------------winmgmt------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Security Center---------------------------------------------wscsvc-------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Automatic Updates-------------------------------------------wuauserv-----------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])
Wireless Zero Configuration---------------------------------WZCSVC-------------------Automatic------Running---Win32, running in a shared process----------------C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 14:00 | Attr = ])

Files
Full Path--------------------------------------------------------------------------------------------------------------- Details
AllUsers ApplicationData Folder-----------------------------------------------------------------------------------------
C:\Documents and Settings\All Users\Application Data\desktop.ini-------------------------------------------------------- ( [Ver = | Size = 62 bytes | Date = 08/26/2004 12:54 | Attr = HS])
CurrentUser ApplicationData Folder--------------------------------------------------------------------------------------
C:\Documents and Settings\Carol Bell\Application Data\Microsoft Excel.ADR----------------------------------------------- ( [Ver = | Size = 38330 bytes | Date = 04/15/2005 22:23 | Attr = ])
DPF files---------------------------------------------------------------------------------------------------------------
Hosts file = 734 bytes. Reading all entries.---------------------------------------------------------------------------- C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright © 1993-1999 Microsoft Corp.-------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.-----------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------
# This file contains the mappings of IP addresses to host names. Each---------------------------------------------------
# entry should be kept on an individual line. The IP address should-----------------------------------------------------
# be placed in the first column followed by the corresponding host name.------------------------------------------------
# The IP address and the host name should be separated by at least one--------------------------------------------------
# space.----------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------
# Additionally, comments (such as these) may be inserted on individual--------------------------------------------------
# lines or following the machine name denoted by a '#' symbol.----------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------
# For example:----------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------
# 102.54.94.97 rhino.acme.com # source server---------------------------------------------------------
# 38.25.63.10 x.acme.com # x client host---------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------
127.0.0.1 localhost-----------------------------------------------------------------------------------------------

#11 AJ Bell

AJ Bell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:10:09 PM

Posted 22 July 2006 - 01:19 PM

[Start Post #3]

AddOn's
File or Key------------------------------------------------------------------------------------------------------------- Info or Value
>>>>Output for AddOn file Policies.def<<<<------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies----------------------------------------------------------------- Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies-----------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer--------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoActiveDesktopChanges-------------------------------- 0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext-------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID-------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700}--------------- 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum---------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}----------------- 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}----------------- 1073741857
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1}----------------- 32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings---------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system----------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername--------------------------------- 0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption--------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon------------------------------------ 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon-------------------------------------- 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr------------------------------------------ 0
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies----------------------------------------------------------------- Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies-----------------------------------------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer--------------------------------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun------------------------------------ 145
>>>>Output for AddOn file ZoneMap.def<<<<-------------------------------------------------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults------------------------------- No SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults-------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\-----------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\http------------------------- 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\https------------------------ 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\ftp-------------------------- 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\file------------------------- 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\@ivt------------------------- 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\shell------------------------ 0
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults------------------------------- No SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults-------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\-----------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\http------------------------- 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\https------------------------ 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\ftp-------------------------- 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\file------------------------- 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\@ivt------------------------- 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\\shell------------------------ 0

#12 AJ Bell

AJ Bell
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:10:09 PM

Posted 22 July 2006 - 01:24 PM

Greetings OT,
Hope I've supplied what you needed.
Have a good day,
A J

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:09 PM

Posted 23 July 2006 - 12:43 PM

Hi AJ Bell. Everything looks fine in the WinPFind2 log so I believe we are done with that. Let's try fixing Outlook next.

Start by renaming the current Outlook pst file. It should be located at:

C:\Documents and Settings\<user name>\Local Settings\Application Data\Microsoft\Outlook

The default name is Outlook.pst. Rename it to something like OutlookBak.pst.

Start Outlook again and it should create a new pst file. If this works then you can import all of the data from the original file by following these directions: http://support.microsoft.com/default.aspx?...kb;en-us;287070

If that does not work then the profile itself might be corrupt and we will need to create a new profile.

Let me know what happens.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users