Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected,but Not Sure Where Or How- Bsod


  • This topic is locked This topic is locked
8 replies to this topic

#1 graveangel

graveangel

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:01:25 AM

Posted 03 July 2006 - 02:21 PM

Hi,

I think im infected, pretty sure in fact, but im surprised to say the least.

My system was cleaned only a few weeks back, totally clear of malware,but now somthing has started happening.

It started last week,i ran all of my scanners and only one came up with a problem, which was spybot. It surprised me because since it had been cleaned, all scans had come up clear.

What Spybot found was 'Smitfraud-C', it produced the result as a registry key,and reported it was successful in deletion. I scanned again,and nothing was found.

Then last night,i was browsing the BC forums when, Blue screen of death appears and shuts down the laptop. Ive ran scans again today with Anti-virus-Netguard, Ewido, Ad-Aware, Defender, Panda online active scan, Kaspersky on-line scan and Spybot, and the only one which found anything was again, Spybot. This time it found somthing called 'Swizzor', and i have no idea what this is, and again Spybot reports that it has deleted it.

However,the CPU usage is hovering up and down mainly around the 100% mark, now im sure thats not normal.And only 30mins ago, the Laptop shut down again with the BSOD.

Im not sure what this thing is or where its hiding,or even how its got on there considering ive only browsed a few sights,all trustworthy and safe.

PLEASE HELP
Thank you!


Logfile of HijackThis v1.99.1
Scan saved at 20:20:13, on 03/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Visual IP InSight\UK\ARMon32a.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Apoint\Apvfb.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SONY\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris Organ\Desktop\Hi Jack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.whsmithonline.co.uk/redir.asp?page=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Lee's Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [RemoveCpl] "RemoveCpl.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] "ICO.EXE"
O4 - HKLM\..\Run: [HKSERV.EXE] "C:\Program Files\Sony\HotKey Utility\HKserv.exe"
O4 - HKLM\..\Run: [CARPService] "carpserv.exe"
O4 - HKLM\..\Run: [bcmwltry] "bcmwltry.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATIModeChange] "Ati2mdxx.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon"
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [CmUsbAudio] RunDll32 cmcnfg2.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.whsmithonline.co.uk/redir.asp?page=home
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: Visual IP InSight Client (UK) (InverseLaunchIPI_WOL:WOLUK) - Visual Networks - C:\Program Files\Visual IP InSight\UK\LaunchIPI.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\SONY\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe


My OS is XP Home
Im also running Spywareguard and Sygate firewall, and all software is up to date

Thanks very much for your time

Edited by graveangel, 03 July 2006 - 02:24 PM.

....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:25 PM

Posted 09 July 2006 - 12:17 PM

Hello graveangel and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.

Let's do a couple of things and see what we come up with.

First, go into the Task Manager (press Ctrl-Alt-Del and select Task Manager) and click on the Processes tab. Click the column heading for CPU to sort items by cpu usage. Let me know what process is taking the most cpu cycles.

Next, download WinPFind2.zip and unzip it to the Desktop. Do NOT run the program directly from the zip file.
  • Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.
  • In the File Options group click the Select All button.
  • In the AddOn-Options box click the checkbox for
    • BotCheck_Subs
    to select it.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Export To Text button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Copy and paste the contents of the winpfind2.txt file back here and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 graveangel

graveangel
  • Topic Starter

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:01:25 AM

Posted 09 July 2006 - 10:10 PM

Hello OT, and thanks for getting back to me.

Just to let you know a couple of other things,i had the BSOD again today,the first time since the last post. I disabled auto restart on system failure so i could get the result it was displying and this was it:

***STOP:0x0000007F(0x00000008,0x80042000,0x000000000,0x000000000)

Also,my firewall (Sygate) has been been popping up lately informing me of certain programs trying to access the internet.They are legit programmes that i recognise,but i have never been asked since the first time of using for permission to access the internet. One being my AV and ive just had another one,apparently from my AV called Alps Pointing-device Driver for Windows. Its a little strange to be honest!

I checked as you requested and the System Idle Process is the one using the most CPU,its averaging between 80 and the high 90's consistently rising up and down that area, but it takes up the least memory usage using just 16k. There are others rising up and down,a small mixture,but the highest ive just seen one go on the CPU cycle is 14,but they move so quick i cant tell which it was due to them rising and falling.

Here is the results of the scan, i did as said and unchecked wordwrap. It is posted over more than one post as the file was a little too big. Thanks OT! :thumbsup:

Logfile created on: 07/10/2006 03:49
WinPFind2 - PreRelease 1.3.2 Folder = C:\Documents and Settings\Chris Organ\Desktop\WinPFind2\
Microsoft Windows XP (Version = Service Pack 2)
Internet Explorer (Version - 6.0.2900.2180)


Processes
Image Name ProcessID Thread Count Parent ID Base Priority Full Path Version Info
alg.exe 002812 0005 001216 Normal c:\windows\system32\alg.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 44544 bytes])
aolacsd.exe 000796 0009 001216 Normal c:\progra~1\common~1\aol\acs\aolacsd.exe (America Online, Inc. [Ver = 2.0.20.1.UK.223 / Size = 1135728 bytes])
apntex.exe 001928 0002 001888 Normal c:\program files\apoint\apntex.exe (Alps Electric Co., Ltd. [Ver = 5.0.1.15 / Size = 45056 bytes])
apoint.exe 002976 0001 001972 Normal c:\program files\apoint\apoint.exe (Alps Electric Co., Ltd. [Ver = 5.5.7.126 / Size = 114688 bytes])
apvfb.exe 001752 0001 002976 Normal c:\program files\apoint\apvfb.exe (ALPS [Ver = 5.5.3.10 / Size = 167936 bytes])
armon32a.exe 001020 0002 000988 Normal c:\program files\visual ip insight\uk\armon32a.exe (Visual Networks [Ver = 4.3.2.69 / Size = 71680 bytes])
ati2evxx.exe 000808 0004 001216 Normal c:\windows\system32\ati2evxx.exe ( [Ver = / Size = 254037 bytes])
atiptaxx.exe 002772 0002 001972 Normal c:\program files\ati technologies\ati control panel\atiptaxx.exe (ATI Technologies, Inc. [Ver = 6.14.10.5006 / Size = 323584 bytes])
bcmwltry.exe 002700 0001 001972 Normal c:\windows\system32\bcmwltry.exe (Belkin Corporation [Ver = 3.10.36.0_27 / Size = 274432 bytes])
btwdins.exe 000880 0004 001216 Normal c:\program files\belkin\bluetooth software\bin\btwdins.exe (Broadcom Corporation [Ver = 3.0.1.912 / Size = 163840 bytes])
carpserv.exe 002588 0001 001972 Normal c:\windows\system32\carpserv.exe (Conexant Systems, Inc. [Ver = 6.01.20 / Size = 4608 bytes])
cidaemon.exe 001616 0002 000904 Idle c:\windows\system32\cidaemon.exe (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 8192 bytes])
cisvc.exe 000904 0008 001216 Normal c:\windows\system32\cisvc.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 5632 bytes])
csrss.exe 001148 0011 001100 Normal \??\c:\windows\system32\csrss.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 6144 bytes])
dragdrop.exe 000236 0004 001972 Normal c:\program files\drag'n drop cd+dvd\binfiles\dragdrop.exe ( [Ver = 3, 0, 0, 0 / Size = 1171456 bytes])
drgtodsc.exe 003544 0001 001972 Normal c:\program files\roxio\easy cd creator 6\dragtodisc\drgtodsc.exe (Roxio [Ver = 6.2.0.134 / Size = 868352 bytes])
dslagent.exe 003396 0001 001972 Normal c:\program files\bt voyager 105 adsl modem\dslagent.exe ( [Ver = / Size = 16384 bytes])
dvpapi.exe 000932 0004 001216 Normal c:\program files\common files\command software\dvpapi.exe (Command Software Systems, Inc. [Ver = 4,93,3,51102 / Size = 142416 bytes])
ewido.exe 003996 0013 001972 Normal c:\program files\ewido anti-spyware 4.0\ewido.exe (Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 / Size = 6283264 bytes])
explorer.exe 001972 0014 001928 Normal c:\windows\explorer.exe (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) / Size = 1032192 bytes])
ezsp_px.exe 002256 0001 001972 Normal c:\windows\system32\ezsp_px.exe (Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 / Size = 40960 bytes])
firefox.exe 001812 0011 001972 Normal c:\program files\mozilla firefox\firefox.exe (Mozilla Corporation [Ver = 1.8.0.4: 2006050817 / Size = 7177325 bytes])
fts.exe 003404 0001 001972 Normal c:\program files\voyagertest\fts.exe (Friendly Technologies [Ver = 1, 0, 2, 2 / Size = 72192 bytes])
fws.exe 001696 0003 001216 Normal c:\program files\ntl\ntl netguard\fws.exe (Radialpoint Inc. [Ver = 5.2.0.45264 / Size = 274432 bytes])
googledesktop.exe 000420 0002 001972 Normal c:\program files\google\google desktop search\googledesktop.exe ( [Ver = / Size = 118784 bytes])
googledesktopcrawl.exe 002452 0004 000420 Normal c:\program files\google\google desktop search\googledesktopcrawl.exe ( [Ver = / Size = 129536 bytes])
googledesktopindex.exe 003260 0003 000420 Normal c:\program files\google\google desktop search\googledesktopindex.exe ( [Ver = / Size = 380928 bytes])
guard.exe 000972 0008 001216 Normal c:\program files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 / Size = 172032 bytes])
hkserv.exe 002440 0003 001972 Normal c:\program files\sony\hotkey utility\hkserv.exe (Sony Corporation [Ver = 3.2.0.4010 / Size = 81920 bytes])
hkwnd.exe 003136 0002 002440 Normal c:\program files\sony\hotkey utility\hkwnd.exe (Sony Corporation [Ver = 3.2.0.3280 / Size = 266240 bytes])
ico.exe 002272 0001 001972 Normal c:\windows\system32\ico.exe (Primax Electronics Ltd. [Ver = 1, 0, 0, 8 / Size = 45056 bytes])
lsass.exe 001228 0019 001172 Normal c:\windows\system32\lsass.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 13312 bytes])
msascui.exe 003100 0019 001972 Normal c:\program files\windows defender\msascui.exe (Microsoft Corporation [Ver = 1.1.1347.0 / Size = 777424 bytes])
msmpeng.exe 001604 0015 001216 Normal c:\program files\windows defender\msmpeng.exe (Microsoft Corporation [Ver = 1.1.1347.0 / Size = 14032 bytes])
mspmspsv.exe 001892 0002 001216 Normal c:\windows\system32\mspmspsv.exe (Microsoft Corporation [Ver = 7.01.00.3055 / Size = 53248 bytes])
photoappsrv.exe 001844 0009 001216 Normal c:\program files\sony\photo server\appsrv\photoappsrv.exe (Sony Corporation [Ver = 2, 5, 1,06240 / Size = 860160 bytes])
rps.exe 002732 0040 001972 Normal c:\program files\ntl\ntl netguard\rps.exe (ntl [Ver = 5.2.0.45264 / Size = 229376 bytes])
rundll32.exe 003892 0004 001972 Normal c:\windows\system32\rundll32.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 33280 bytes])
rundll32.exe 003724 0001 001972 Normal c:\windows\system32\rundll32.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 33280 bytes])
services.exe 001216 0016 001172 Normal c:\windows\system32\services.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 108032 bytes])
smc.exe 001816 0027 001216 Normal c:\program files\sygate\spf\smc.exe (Sygate Technologies, Inc. [Ver = 5.6.00.2808 / Size = 2577632 bytes])
smss.exe 001100 0003 000004 Normal \systemroot\system32\smss.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 50688 bytes])
snmp.exe 001132 0005 001216 Normal c:\windows\system32\snmp.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 32768 bytes])
spoolsv.exe 000524 0011 001216 Normal c:\windows\system32\spoolsv.exe (Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) / Size = 57856 bytes])
sssvr.exe 001748 0008 001216 Normal c:\program files\sony\vaio media music server\sssvr.exe (Sony Corporation [Ver = 2.5.00.15184 / Size = 536648 bytes])
sv_httpd.exe 000380 0003 001216 Normal c:\program files\common files\sony shared\vaio media platform\sv_httpd.exe (Sony Corporation [Ver = 2.5.01.06030 / Size = 57344 bytes])
sv_httpd.exe 001032 0003 001216 Normal c:\program files\common files\sony shared\vaio media platform\sv_httpd.exe (Sony Corporation [Ver = 2.5.01.06030 / Size = 57344 bytes])
svchost.exe 001460 0010 001216 Normal c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
svchost.exe 001648 0078 001216 Normal c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
svchost.exe 001380 0020 001216 Normal c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
svchost.exe 002028 0006 001216 Normal c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
svchost.exe 001388 0006 001216 Normal c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
svchost.exe 000868 0003 001216 Normal c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
svchost.exe 000212 0015 001216 Normal c:\windows\system32\svchost.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
tcpsvcs.exe 001052 0002 001216 Normal c:\windows\system32\tcpsvcs.exe (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 19456 bytes])
teatimer.exe 002360 0003 001972 Idle c:\program files\spybot - search & destroy\teatimer.exe (Safer Networking Limited [Ver = 1, 4, 0, 2 / Size = 1415824 bytes])
upnpframework.exe 001136 0011 001216 Normal c:\program files\common files\sony shared\vaio media platform\upnpframework.exe (Sony Corporation [Ver = 3.0.01.16070 / Size = 675840 bytes])
upnpframework.exe 000688 0009 001216 Normal c:\program files\common files\sony shared\vaio media platform\upnpframework.exe (Sony Corporation [Ver = 3.0.01.16070 / Size = 675840 bytes])
wdfmgr.exe 001680 0004 001216 Normal c:\windows\system32\wdfmgr.exe (Microsoft Corporation [Ver = 5.2.3790.1230 built by: DNSRV(bld4act) / Size = 38912 bytes])
winlogon.exe 001172 0016 001100 High \??\c:\windows\system32\winlogon.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 502272 bytes])
winpfind2.exe 003316 0001 001972 Normal c:\documents and settings\chris organ\desktop\winpfind2\winpfind2.exe (OldTimer Tools [Ver = 1.3.2.0 / Size = 380928 bytes])
wmiprvse.exe 002156 0006 001380 Normal c:\windows\system32\wbem\wmiprvse.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 218112 bytes])
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#4 graveangel

graveangel
  • Topic Starter

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:01:25 AM

Posted 09 July 2006 - 10:12 PM

Registry Entries
Key Value Version Info
WinPFind2 - PreRelease 1.3.2
Microsoft Windows XP Version = Service Pack 2
Internet Explorer Version = 6.0.2900.2180
Internet Explorer Settings
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page http://www.msn.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Page http://www.whsmithonline.co.uk/redir.asp?page=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Search http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page C:\WINDOWS\SYSTEM32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page http://www.msn.com/
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page C:\WINDOWS\SYSTEM32\blank.htm
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride 127.0.0.1
BHO's
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. [Ver = 2005, 11, 4, 1 / Size = 399352 bytes])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated [Ver = 6.0.1.2003110300 / Size = 54248 bytes])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A} PopKill Class = C:\Program Files\ntl\ntl Netguard\pkR.dll (Radialpoint Inc. [Ver = 5.2.0.45264 / Size = 57344 bytes])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited [Ver = 1, 4, 0, 0 / Size = 853672 bytes])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304} ZKBho Class = C:\Program Files\ntl\ntl Netguard\FBHR.dll (Radialpoint Inc. [Ver = 5.2.0.45264 / Size = 135168 bytes])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. [Ver = 5.0.60.5 / Size = 184423 bytes])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c1ce531-09e9-4fc5-9803-1c2956615786} IeCaptureBho Object = C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll ( [Ver = / Size = 72704 bytes])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4} ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation [Ver = 01.02.3000.1001 / Size = 155648 bytes])
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation [Ver = 01.02.5000.1021 / Size = 282624 bytes])
Internet Explorer Bars, Toolbars and Extensions
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation [Ver = 6.00.2900.2919 (xpsp_sp2_gdr.060529-0150) / Size = 1494016 bytes])
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation [Ver = 6.00.2900.2919 (xpsp_sp2_gdr.060529-0150) / Size = 1494016 bytes])
HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} MSN = C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation [Ver = 01.02.5000.1021 / Size = 282624 bytes])
HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. [Ver = 2005, 11, 4, 1 / Size = 399352 bytes])
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc. [Ver = 5.0.60.5 / Size = 69746 bytes])
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText: = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. [Ver = 5.0.60.5 / Size = 184423 bytes])
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} ButtonText: @btrez.dll,-4015 = C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm (File not found)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} ButtonText: Real.com = (File not found)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation [Ver = 4.7.3001 / Size = 1694208 bytes])
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = (File not found)
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) / Size = 8452096 bytes])
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation [Ver = 6.00.2900.2919 (xpsp_sp2_gdr.060529-0150) / Size = 1494016 bytes])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) / Size = 1022976 bytes])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} = (File not found)
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} = (File not found)
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = (File not found)
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) / Size = 1022976 bytes])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) / Size = 8452096 bytes])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (File not found)
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = (File not found)
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} MSN = C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation [Ver = 01.02.5000.1021 / Size = 282624 bytes])
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. [Ver = 2005, 11, 4, 1 / Size = 399352 bytes])
HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Google Search res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html (File not found)
HKCU\Software\Microsoft\Internet Explorer\MenuExt\Backward &Links res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html (File not found)
HKCU\Software\Microsoft\Internet Explorer\MenuExt\Cac&hed Snapshot of Page res://C:\Program Files\Google\googletoolbar.dll/cmcache.html (File not found)
HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 (Microsoft Corporation [Ver = 10.0.6789 / Size = 9358016 bytes])
HKCU\Software\Microsoft\Internet Explorer\MenuExt\Send To &Bluetooth C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ( [Ver = / Size = 1320 bytes])
HKCU\Software\Microsoft\Internet Explorer\MenuExt\Si&milar Pages res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html (File not found)
HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate into English res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html (File not found)
Approved Shell Extensions (Non-Microsoft only)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42071714-76d4-11d1-8b24-00a0c9068ff3} Display Panning CPL Extension = deskpan.dll (File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E44E225-A408-11CF-B581-008029601108} Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll (Roxio [Ver = 6.2.0.134 / Size = 262144 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6af09ec9-b429-11d4-a1fb-0090960218cb} My Bluetooth Places = C:\WINDOWS\system32\btneighborhood.dll (Broadcom Corporation [Ver = 3.0.1.912 / Size = 1011789 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8} HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc. [Ver = 5.1.2600.0 / Size = 44544 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8D1636FD-CA49-4b4e-90E4-0A20E03A15E8} JetFlExt = C:\Program Files\JetAudio\JetFlExt.dll (JetAudio, Inc. [Ver = 5, 0, 0, 3110 / Size = 36864 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC} My Media = C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll (Roxio, Inc. [Ver = 1.1.277 / Size = 1191936 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79304-84BE-11CE-9641-444553540000} WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. [Ver = 4.1 (32-bit) / Size = 5120 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79305-84BE-11CE-9641-444553540000} WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. [Ver = 4.1 (32-bit) / Size = 5120 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79306-84BE-11CE-9641-444553540000} WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. [Ver = 4.1 (32-bit) / Size = 5120 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79307-84BE-11CE-9641-444553540000} WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. [Ver = 4.1 (32-bit) / Size = 5120 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} RealOne Player Context Menu Class = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. [Ver = 1.0.1.2021 / Size = 49198 bytes])
ContextMenuHandlers (Non-Microsoft only)
HKCR\*\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B} = C:\Program Files\ntl\ntl Netguard\AVCntxtR.dll (Radialpoint Inc. [Ver = 5.2.0.45264 / Size = 90112 bytes])
HKCR\*\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 / Size = 94208 bytes])
HKCR\*\shellex\ContextMenuHandlers\Trojan Remover {52B87208-9CCF-42C9-B88E-069281105805} = (File not found)
HKCR\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. [Ver = 4.1 (32-bit) / Size = 5120 bytes])
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B} = C:\Program Files\ntl\ntl Netguard\AVCntxtR.dll (Radialpoint Inc. [Ver = 5.2.0.45264 / Size = 90112 bytes])
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ContMenu {EBDF1F20-C829-11D1-8233-0020AF3E97A6} = (File not found)
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\jetAudio {8D1636FD-CA49-4b4e-90E4-0A20E03A15E8} = C:\Program Files\JetAudio\JetFlExt.dll (JetAudio, Inc. [Ver = 5, 0, 0, 3110 / Size = 36864 bytes])
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Trojan Remover {52B87208-9CCF-42C9-B88E-069281105805} = (File not found)
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. [Ver = 4.1 (32-bit) / Size = 5120 bytes])
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B} = C:\Program Files\ntl\ntl Netguard\AVCntxtR.dll (Radialpoint Inc. [Ver = 5.2.0.45264 / Size = 90112 bytes])
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ContMenu {EBDF1F20-C829-11D1-8233-0020AF3E97A6} = (File not found)
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 / Size = 94208 bytes])
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\jetAudio {8D1636FD-CA49-4b4e-90E4-0A20E03A15E8} = C:\Program Files\JetAudio\JetFlExt.dll (JetAudio, Inc. [Ver = 5, 0, 0, 3110 / Size = 36864 bytes])
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. [Ver = 4.1 (32-bit) / Size = 5120 bytes])
ColumnHandlers (Non-Microsoft only)
Registry Run Keys
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\!ewido "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized (Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 / Size = 6283264 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\%FP%Friendly fts.exe "C:\Program Files\VoyagerTest\fts.exe" (Friendly Technologies [Ver = 1, 0, 2, 2 / Size = 72192 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Apoint "C:\Program Files\Apoint\Apoint.exe" (Alps Electric Co., Ltd. [Ver = 5.5.7.126 / Size = 114688 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ATIModeChange "Ati2mdxx.exe" (ATI Technologies, Inc. [Ver = 4.13.3 / Size = 28672 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ATIPTA "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc. [Ver = 6.14.10.5006 / Size = 323584 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\bcmwltry "bcmwltry.exe" (Belkin Corporation [Ver = 3.10.36.0_27 / Size = 274432 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 33280 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CARPService "carpserv.exe" (Conexant Systems, Inc. [Ver = 6.01.20 / Size = 4608 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CmUsbAudio RunDll32 cmcnfg2.cpl,CMICtrlWnd (File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Drag'n Drop CD+DVD C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp ( [Ver = 3, 0, 0, 0 / Size = 1171456 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DSLAGENTEXE "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" ( [Ver = / Size = 16384 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DSLSTATEXE "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon" (GlobespanVirata, Inc. [Ver = 4.0.7 / Size = 1658965 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ezShieldProtector for Px C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 / Size = 40960 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\HKSERV.EXE "C:\Program Files\Sony\HotKey Utility\HKserv.exe" (Sony Corporation [Ver = 3.2.0.4010 / Size = 81920 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck %systemroot%\system32\dumprep 0 -k (File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Mouse Suite 98 Daemon "ICO.EXE" (Primax Electronics Ltd. [Ver = 1, 0, 0, 8 / Size = 45056 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ntl Netguard "C:\Program Files\ntl\ntl Netguard\RPS.exe" (ntl [Ver = 5.2.0.45264 / Size = 229376 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RemoveCpl "RemoveCpl.exe" ( [Ver = / Size = 24576 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RoxioDragToDisc "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" (Roxio [Ver = 6.2.0.134 / Size = 868352 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RoxioEngineUtility "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" (Roxio [Ver = 6.1.0.7 / Size = 65536 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SmcService C:\PROGRA~1\Sygate\SPF\smc.exe -startgui (Sygate Technologies, Inc. [Ver = 5.6.00.2808 / Size = 2577632 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation [Ver = 1.1.1347.0 / Size = 777424 bytes])
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google Desktop Search "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup ( [Ver = / Size = 118784 bytes])
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited [Ver = 1, 4, 0, 2 / Size = 1415824 bytes])
Startup Lnks
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ( [Ver = / Size = 84 bytes])
C:\Documents and Settings\Chris Organ\Start Menu\Programs\Startup\desktop.ini C:\Documents and Settings\Chris Organ\Start Menu\Programs\Startup\desktop.ini ( [Ver = / Size = 84 bytes])
Disabled MSConfig Items
User Agent Post Platform
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\SV1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\WHSmith Online V1.14 IEAKWHSmith Online
AppInit DLLs
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs (File not found)
Image File Execution Options
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d
Shell Service Object Delay Load
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) / Size = 8452096 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) / Size = 8452096 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 121856 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 239616 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) / Size = 276480 bytes])
Shell Execute Hooks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} Microsoft AntiMalware ShellExecuteHook = C:\PROGRA~1\WINDOW~4\MpShHook.dll (Microsoft Corporation [Ver = 1.1.1347.0 / Size = 81616 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 / Size = 73728 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} URL Exec Hook = shell32.dll (Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) / Size = 8452096 bytes])
Shared Task Scheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{16875E09-927B-4494-82BD-158A1CD46BA0} = (File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} = (File not found)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) / Size = 1022976 bytes])
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030} Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) / Size = 1022976 bytes])
Winlogon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 24576 bytes])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Explorer.exe (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) / Size = 1032192 bytes])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System (File not found)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain crypt32.dll (Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 597504 bytes])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet cryptnet.dll (Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 63488 bytes])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll cscdll.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 101888 bytes])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp wlnotify.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 92672 bytes])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule wlnotify.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 92672 bytes])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy sclgntfy.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 20992 bytes])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn WlNotify.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 92672 bytes])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv wlnotify.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 92672 bytes])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon WgaLogon.dll (Microsoft Corporation [Ver = 1.5.0540.0 / Size = 702768 bytes])
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon wlnotify.dll (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 92672 bytes])
DNS Name Servers
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1B97A584-FDF4-4441-B4B9-C2E1FFAA6724} ()
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3579FFEF-1802-449C-A662-E3783A2E5761} ()
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{688FFA17-F0C7-4287-9CC6-8F6C40DA4CA6} (GlobeSpan USB ADSL LAN Modem)
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B91CE8EB-964D-42F0-87B1-69699B9B9AC9} (1394 Net Adapter)
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BFDF73E4-3E16-4AF8-AF82-7DA07EFF7790} (Realtek RTL8139/810x Family Fast Ethernet NIC)
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EE47CD9A-AEA9-434B-851E-D687732925BD} (Belkin Wireless 54Mbps Notebook Adapter)
Winsock2 Catalogs (Non-Microsoft only)
Protocol Handlers (Non-Microsoft only)
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ipp (File not found)
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp (File not found)
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\widimg C:\WINDOWS\system32\btxppanel.dll (Broadcom Corporation [Ver = 3.0.1.912 / Size = 110592 bytes])
Protocol Filters (Non-Microsoft only)
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#5 graveangel

graveangel
  • Topic Starter

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:01:25 AM

Posted 09 July 2006 - 10:14 PM

Services
Name Internal Name Startup Type State Service Type Path Version Info
IPv6 Helper Service 6to4 Automatic Running Win32, running in a shared process C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Application Layer Gateway Service ALG On Demand Running Win32, running in it's own process C:\WINDOWS\System32\alg.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 44544 bytes])
AOL Connectivity Service AOL ACS Automatic Running Win32, running in it's own process C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (America Online, Inc. [Ver = 2.0.20.1.UK.223 / Size = 1135728 bytes])
Ati HotKey Poller Ati HotKey Poller Automatic Running Win32, running in it's own process C:\WINDOWS\System32\Ati2evxx.exe ( [Ver = / Size = 254037 bytes])
Windows Audio AudioSrv Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Computer Browser Browser Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Bluetooth Support Service BthServ Automatic Running Win32, running in a shared process C:\WINDOWS\system32\svchost.exe -k bthsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Bluetooth Service btwdins Automatic Running Win32, running in it's own process C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation [Ver = 3.0.1.912 / Size = 163840 bytes])
Indexing Service cisvc Automatic Running Win32, running in a shared process C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 5632 bytes])
Cryptographic Services CryptSvc Automatic Running Win32, running in a shared process C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
DCOM Server Process Launcher DcomLaunch Automatic Running Win32, running in a shared process C:\WINDOWS\system32\svchost -k DcomLaunch (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
DHCP Client Dhcp Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
DNS Client Dnscache Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k NetworkService (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
DvpApi dvpapi Automatic Running Win32, running in it's own process "C:\Program Files\Common Files\Command Software\dvpapi.exe" (Command Software Systems, Inc. [Ver = 4,93,3,51102 / Size = 142416 bytes])
Error Reporting Service ERSvc Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Event Log Eventlog Automatic Running Win32, running in a shared process C:\WINDOWS\system32\services.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 108032 bytes])
COM+ Event System EventSystem On Demand Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
ewido anti-spyware 4.0 guard ewido anti-spyware 4.0 guardAutomatic Running Win32, running in it's own process C:\Program Files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 / Size = 172032 bytes])
Fast User Switching Compatibility FastUserSwitchingCompatibilityOn Demand Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Radialpoint Service FWS Automatic Running Win32, running in it's own process C:\Program Files\ntl\ntl Netguard\fws.exe (Radialpoint Inc. [Ver = 5.2.0.45264 / Size = 274432 bytes])
Help and Support helpsvc Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
RIP Listener Iprip Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Server lanmanserver Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Workstation lanmanworkstation Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
TCP/IP NetBIOS Helper LmHosts Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Network Connections Netman On Demand Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Network Location Awareness (NLA) Nla On Demand Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Plug and Play PlugPlay Automatic Running Win32, running in a shared process C:\WINDOWS\system32\services.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 108032 bytes])
IPSEC Services PolicyAgent Automatic Running Win32, running in a shared process C:\WINDOWS\System32\lsass.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 13312 bytes])
Protected Storage ProtectedStorage Automatic Running Win32, running in a shared process C:\WINDOWS\system32\lsass.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 13312 bytes])
Remote Access Connection Manager RasMan On Demand Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Remote Procedure Call (RPC) RpcSs Automatic Running Win32, running in a shared process C:\WINDOWS\system32\svchost -k rpcss (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Security Accounts Manager SamSs Automatic Running Win32, running in a shared process C:\WINDOWS\system32\lsass.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 13312 bytes])
Task Scheduler Schedule Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Secondary Logon seclogon Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
System Event Notification SENS Automatic Running Win32, running in a shared process C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Windows Firewall/Internet Connection Sharing (ICS) SharedAccess Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Shell Hardware Detection ShellHWDetection Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Simple TCP/IP Services SimpTcp Automatic Running Win32, running in a shared process C:\WINDOWS\System32\tcpsvcs.exe (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 19456 bytes])
Sygate Personal Firewall SmcService Automatic Running Win32, running in it's own process C:\Program Files\Sygate\SPF\smc.exe (Sygate Technologies, Inc. [Ver = 5.6.00.2808 / Size = 2577632 bytes])
SNMP Service SNMP Automatic Running Win32, running in it's own process C:\WINDOWS\System32\snmp.exe (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 32768 bytes])
Print Spooler Spooler Automatic Running Win32, running in it's own process C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) / Size = 57856 bytes])
System Restore Service srservice Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
SSDP Discovery Service SSDPSRV On Demand Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Windows Image Acquisition (WIA) stisvc Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k imgsvc (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Telephony TapiSrv On Demand Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Terminal Services TermService On Demand Running Win32, running in a shared process C:\WINDOWS\System32\svchost -k DComLaunch (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Themes Themes Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Distributed Link Tracking Client TrkWks Automatic Running Win32, running in a shared process C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Windows User Mode Driver Framework UMWdf Automatic Running Win32, running in it's own process C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation [Ver = 5.2.3790.1230 built by: DNSRV(bld4act) / Size = 38912 bytes])
VAIO Media Music Server VAIOMediaPlatform-MusicServer-AppServerAutomatic Running Win32, running in it's own process "C:\Program Files\SONY\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server" (Sony Corporation [Ver = 2.5.00.15184 / Size = 536648 bytes])
VAIO Media Music Server (HTTP) VAIOMediaPlatform-MusicServer-HTTPAutomatic Running Win32, running in a shared process "C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP" (Sony Corporation [Ver = 2.5.01.06030 / Size = 57344 bytes])
VAIO Media Music Server (UPnP) VAIOMediaPlatform-MusicServer-UPnPAutomatic Running Win32, running in it's own process C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe (Sony Corporation [Ver = 3.0.01.16070 / Size = 675840 bytes])
VAIO Media Photo Server VAIOMediaPlatform-PhotoServer-AppServerAutomatic Running Win32, running in it's own process C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe (Sony Corporation [Ver = 2, 5, 1,06240 / Size = 860160 bytes])
VAIO Media Photo Server (HTTP) VAIOMediaPlatform-PhotoServer-HTTPAutomatic Running Win32, running in a shared process "C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP" (Sony Corporation [Ver = 2.5.01.06030 / Size = 57344 bytes])
VAIO Media Photo Server (UPnP) VAIOMediaPlatform-PhotoServer-UPnPAutomatic Running Win32, running in it's own process C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe (Sony Corporation [Ver = 3.0.01.16070 / Size = 675840 bytes])
Windows Time W32Time Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
WebClient WebClient Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Windows Defender Service WinDefend Automatic Running Win32, running in it's own process "C:\Program Files\Windows Defender\MsMpEng.exe" (Microsoft Corporation [Ver = 1.1.1347.0 / Size = 14032 bytes])
Windows Management Instrumentation winmgmt Automatic Running Win32, running in a shared process C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
WMDM PMSP Service WMDM PMSP Service Automatic Running Win32, running in it's own process C:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation [Ver = 7.01.00.3055 / Size = 53248 bytes])
Security Center wscsvc Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Automatic Updates wuauserv Automatic Running Win32, running in a shared process C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])
Wireless Zero Configuration WZCSVC Automatic Running Win32, running in a shared process C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 14336 bytes])

Files
Full Path Details
%SystemDrive%
%ProgramFilesDir%
C:\Program Files\Firefox Setup 1.0.exe UPX! Mozilla [Ver = 3, 12, 0, 0 / Size = 4918270 bytes] 02/20/2005 01:39
C:\Program Files\PokerStarsInstallPM.exe .aspack [Ver = / Size = 2788240 bytes] 07/05/2005 00:04
%WinDir%
%System%
C:\WINDOWS\SYSTEM32\dfrg.msc AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 [Ver = / Size = 41397 bytes] 08/29/2002 13:00
C:\WINDOWS\SYSTEM32\LegitCheckControl.dll RIMAPPTECHNOLOGIES Microsoft Corporation [Ver = 1.5.0540.0 / Size = 571184 bytes] 06/19/2006 16:19
C:\WINDOWS\SYSTEM32\MRT.exe (PeCompact2) Microsoft Corporation [Ver = 1.17.1478.0 / Size = 5967776 bytes] 06/09/2006 02:19
C:\WINDOWS\SYSTEM32\MRT.exe (ASPack) Microsoft Corporation [Ver = 1.17.1478.0 / Size = 5967776 bytes] 06/09/2006 02:19
C:\WINDOWS\SYSTEM32\ntdll.dll .aspack Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 708096 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\rasdlg.dll \DuMonitor SendMessage(WM_RASEVENT) doneMicrosoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 657920 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\wbdbase.deu msubjsuchsullsupeswinsyncszens [Ver = / Size = 1309184 bytes] 08/29/2002 13:00
C:\WINDOWS\SYSTEM32\WgaTray.exe RIMAPPTECHNOLOGIES Microsoft Corporation [Ver = 1.5.0540.0 / Size = 304944 bytes] 06/19/2006 16:19
%System%\Drivers folder and sub-folders
C:\WINDOWS\SYSTEM32\drivers\css-dvp.sys .aspack Command Software Systems, Inc. [Ver = 4,93,7,60117 / Size = 783984 bytes] 01/20/2006 14:40 R
C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys V90NEC, --------ERROR--------- occured in adaptechoSmart Link [Ver = 3.80.01MC15 / Size = 1309184 bytes] 08/03/2004 22:41
%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\bootstat.dat [Ver = / Size = 2048 bytes] 07/10/2006 03:01 S
C:\WINDOWS\QTFont.qfn [Ver = / Size = 54156 bytes] 07/09/2006 14:51 H
C:\WINDOWS\Resources\Themes\GraphiteD\Icons\Thumbs.db [Ver = / Size = 31232 bytes] 06/27/2006 04:14 HS
C:\WINDOWS\system32\Thumbs.db [Ver = / Size = 19456 bytes] 06/28/2006 16:38 HS
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat [Ver = / Size = 13309 bytes] 05/14/2006 11:21 S
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat [Ver = / Size = 23751 bytes] 05/29/2006 17:16 S
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat [Ver = / Size = 10925 bytes] 05/18/2006 08:15 S
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat [Ver = / Size = 11043 bytes] 06/01/2006 21:28 S
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WGA.cat [Ver = / Size = 7160 bytes] 05/17/2006 11:24 S
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat [Ver = / Size = 7160 bytes] 06/19/2006 16:20 S
C:\WINDOWS\system32\config\DEFAULT.LOG [Ver = / Size = 1024 bytes] 07/10/2006 03:02 H
C:\WINDOWS\system32\config\SAM.LOG [Ver = / Size = 1024 bytes] 07/10/2006 03:01 H
C:\WINDOWS\system32\config\SECURITY.LOG [Ver = / Size = 1024 bytes] 07/10/2006 03:11 H
C:\WINDOWS\system32\config\SOFTWARE.LOG [Ver = / Size = 1024 bytes] 07/10/2006 03:41 H
C:\WINDOWS\system32\config\SYSTEM.LOG [Ver = / Size = 1024 bytes] 07/10/2006 03:03 H
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG [Ver = / Size = 1024 bytes] 07/09/2006 01:56 H
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 [Ver = / Size = 688 bytes] 05/13/2006 19:18 S
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1 [Ver = / Size = 70226 bytes] 06/30/2006 15:26 S
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 [Ver = / Size = 94 bytes] 05/13/2006 19:18 S
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1 [Ver = / Size = 128 bytes] 06/30/2006 15:26 S
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\5ff09d70-d9cc-4c0b-ba40-b362a748d6ae [Ver = / Size = 388 bytes] 06/28/2006 14:21 HS
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred [Ver = / Size = 24 bytes] 06/28/2006 14:21 HS
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\009aac9f-d18d-4979-b8f2-99bf69d7919a [Ver = / Size = 388 bytes] 06/26/2006 02:53 HS
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred [Ver = / Size = 24 bytes] 06/26/2006 02:53 HS
C:\WINDOWS\Tasks\MP Scheduled Scan.job [Ver = / Size = 330 bytes] 07/10/2006 03:04 H
C:\WINDOWS\Tasks\SA.DAT [Ver = / Size = 6 bytes] 07/10/2006 03:01 H
CPL files
C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 68608 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 549888 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\bcmwlcpl.cpl Belkiin Corporation [Ver = 3.10.36.0_27 / Size = 364544 bytes] 01/13/2003 11:25
C:\WINDOWS\SYSTEM32\btcpl.cpl Broadcom Corporation [Ver = 3.0.1.912 / Size = 266299 bytes] 10/01/2004 15:40
C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 110592 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 135168 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 80384 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 155136 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) / Size = 358400 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 129536 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 380416 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 68608 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\jpicpl32.cpl Sun Microsystems, Inc. [Ver = 5.0.60.5 / Size = 49265 bytes] 11/10/2005 14:03
C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation [Ver = 5.1.2403.1 / Size = 187904 bytes] 08/29/2002 13:00
C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 618496 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 35840 bytes] 08/29/2002 13:00
C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 25600 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) / Size = 257024 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) / Size = 32768 bytes] 08/04/2004 00:56
C:\WINDOWS\SYSTEM32\plotman.cpl Autodesk, Inc. [Ver = 7.1.15.30 / Size = 454718 bytes] 04/23/2001 01:35
C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) / Size = 114688 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\QuickTime.cpl Apple Computer, Inc. [Ver = 6.5 / Size = 323072 bytes] 01/06/2004 16:02
C:\WINDOWS\SYSTEM32\SNSetup.cpl Sony Corporation [Ver = 3.0.0.8061 / Size = 53248 bytes] 08/06/2002 17:00
C:\WINDOWS\SYSTEM32\styleman.cpl Autodesk, Inc. [Ver = 7.1.15.30 / Size = 454719 bytes] 04/23/2001 01:35
C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 298496 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 28160 bytes] 08/29/2002 13:00
C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 94208 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\UILib.cpl Sony Corporation [Ver = 2.1.00.12040 / Size = 151552 bytes] 12/04/1999 04:11
C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 148480 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) / Size = 174360 bytes] 05/26/2005 04:16
C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 68608 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 549888 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 110592 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\desk.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 135168 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 80384 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 155136 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) / Size = 358400 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\intl.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 129536 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 380416 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 68608 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation [Ver = 5.1.2403.1 / Size = 187904 bytes] 08/29/2002 13:00
C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 618496 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 35840 bytes] 08/29/2002 13:00
C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 25600 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) / Size = 257024 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) / Size = 32768 bytes] 08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) / Size = 114688 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl Microsoft Corporation [Ver = 5.1.4111.00 (xpsp_sp2_rtm.040803-2158) / Size = 155648 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 298496 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) / Size = 28160 bytes] 08/29/2002 13:00
C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 94208 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) / Size = 148480 bytes]08/04/2004 00:56
C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) / Size = 174360 bytes] 05/26/2005 04:16
AllUsers Startup Folder
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini [Ver = / Size = 84 bytes] 03/29/2004 18:37 HS
AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini [Ver = / Size = 62 bytes] 03/29/2004 19:24 HS
C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt [Ver = / Size = 11 bytes] 11/02/2005 22:12
C:\Documents and Settings\All Users\Application Data\WhiteCap Prefs (jetAudio).txt [Ver = / Size = 370 bytes] 09/10/2004 21:33
C:\Documents and Settings\All Users\Application Data\WhiteCap Prefs (Windows Media Player).txt [Ver = / Size = 385 bytes] 09/19/2004 15:55
CurrentUser Startup Folder
C:\Documents and Settings\Chris Organ\Start Menu\Programs\Startup\desktop.ini [Ver = / Size = 84 bytes] 03/29/2004 18:37 HS
CurrentUser ApplicationData Folder
C:\Documents and Settings\Chris Organ\Application Data\desktop.ini [Ver = / Size = 62 bytes] 03/29/2004 19:24 HS
C:\Documents and Settings\Chris Organ\Application Data\GDIPFONTCACHEV1.DAT [Ver = / Size = 91592 bytes] 06/05/2006 15:49
DPF files
{33564D57-0000-0010-8000-00AA00389B71} - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
DirectAnimation Java Classes - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab
Hosts file = 732 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost

Edited by graveangel, 09 July 2006 - 10:19 PM.

....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#6 graveangel

graveangel
  • Topic Starter

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:01:25 AM

Posted 09 July 2006 - 10:20 PM

AddOn's
File or Key Info or Value
>>>>Output for AddOn file BotCheck_Subs.def<<<<
HKLM\SOFTWARE\Microsoft\Ole Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Ole
HKLM\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission 
HKLM\SOFTWARE\Microsoft\Ole\\EnableDCOM Y
HKLM\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction 
HKLM\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction 
HKLM\SOFTWARE\Microsoft\Ole\AppCompat
HKLM\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList
HKLM\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} 1
HKLM\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} 1
HKLM\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} 1
HKLM\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} 1
HKLM\SOFTWARE\Microsoft\Ole\NONREDIST
HKLM\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll
HKLM\SOFTWARE\Microsoft\Security Center Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Security Center
HKLM\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify 0
HKLM\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify 0
HKLM\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify 0
HKLM\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride 0
HKLM\SOFTWARE\Microsoft\Security Center\\FirewallOverride 0
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring 1
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall
HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found.
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found.
HKLM\SYSTEM\CurrentControlSet\Control\Lsa Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages msv1_0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages wdigest
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid 1228
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages scecli
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder Windows NT Access Provider
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath %SystemRoot%\system32\ntmarta.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Audit
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Data
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern Sű=9e21e19d
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\GBG
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup 5Zv
0t
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\JD
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup N}Ng
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec 0
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Skew1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix H3BYd
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SSO
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL http://www.passport.com
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time pE
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name Digest
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment Digest SSPI Authentication Package
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities 16464
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId 65535
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize 65535
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type 49
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name DPA
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment DPA Security Package
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities 55
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId 17
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize 768
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time


HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type 49
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name MSN
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment MSN Security Package
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities 55
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId 18
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize 768
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type 49
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type 32
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start 2
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl 1
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName Windows Firewall/Internet Connection Sharing (ICS)
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService WinMgmt
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName LocalSystem
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch 8046
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll %SystemRoot%\System32\ipnathlp.dll
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
Key not found
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Security
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security 
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade 1
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{688FFA17-F0C7-4287-9CC6-8F6C40DA4CA6} 1
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{5774A091-8994-4533-BB58-FE7D9377950B} 1
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{DD8E14BD-574F-4B68-808E-6BDBECD574CC} 1
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{B91CE8EB-964D-42F0-87B1-69699B9B9AC9} 1
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{41A85497-4938-4DAC-B9E1-75B3B789DBAB} 1
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{EE47CD9A-AEA9-434B-851E-D687732925BD} 1
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{37A539EF-E4A5-4EC6-8253-06D080F6BE63} 1
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{777C9DB0-BB05-4F00-A5BC-81A7FFECD97B} 1
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 Root\LEGACY_SHAREDACCESS\0000
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count 1
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance 1
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\Type 32
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\Start 2
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl 1
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath %systemroot%\system32\svchost.exe -k netsvcs
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName Automatic Updates
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName LocalSystem
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\\Description Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll C:\WINDOWS\system32\wuauserv.dll
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Security
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security 
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Enum
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 Root\LEGACY_WUAUSERV\0000
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count 1
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance 1
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry not found.
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry Include SUBKEYS
HKLM\SYSTEM\ControlSet001\Services\RemoteRegistry not found.
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr not found.
HKLM\SYSTEM\ControlSet001\Services\TlntSvr Include SUBKEYS
HKLM\SYSTEM\ControlSet001\Services\TlntSvr not found.
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable 0
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial 0
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\NoNetAutodial 
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings Include SUBKEYS
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable 0
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial 0
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\\NoNetAutodial 
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:25 PM

Posted 11 July 2006 - 05:32 PM

Hi graveangel. That all looks Ok. I don't see any signs of any viruses or malware in that log either.

The System Idle Process should be the one at the highest level for the cpu in Taskmanager. This means that the system is doing nothing and is just waiting for something to do.

The stop message that you received can be caused by a few different things (both hardware or system drivers). See this MS article: http://support.microsoft.com/kb/137539/

Barring a hardware problem, the most likely issue is a kernel stack error. This can occur if the kernel stack is too small and various applications that use kernel-mode I/O drivers make a request for disk I/O. Either the XP forum or the hardware forum might be able to assist in that analysis. I would start by reviewing any driver updates, program updates or new program installations made recently that interact with the disk drive (like anti-virus scanners, spyware scanners, disk drivers, disk utilities etc). If there is anything that has been updated or installed recently then that would be the place to start the investigation.

As far as malware goes, your system is clean.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 graveangel

graveangel
  • Topic Starter

  • Members
  • 399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham England Home to the Hood of Robin
  • Local time:01:25 AM

Posted 11 July 2006 - 07:53 PM

Hi OT,
Many many thanks for looking at my log, i feel a little bad that you have had to look all the way through it to find its clean, but then again, that at least makes me happy knowing it is.Again, thank you! :thumbsup:

To my knowledge, i cant think of anything that has been installed recently,apart from AV and AS updates, but i have a feeling WGA may have been installed before this started.

Also,like i said earlier, Sygate has been acting a little strange,so maybe a clean install may be needed,it could be that!

I will look into any software updates and see what happens.

Thanks for your time and info OldTimer, its appreciated!

Have a great day!
:flowers:
....And on the 8th day God said, "When my children are intelligent, and create the Computer, for my sake may they never screw around with the registry or subscribe to AOL"Posted Image

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:25 PM

Posted 15 July 2006 - 10:33 AM

Not a problem graveangel. That's what we are here for.

Now that we have ruled out malware I will close this topic. If you have any new malware issues in the future please start a new topic.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users