Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Pc


  • Please log in to reply
5 replies to this topic

#1 msiz

msiz

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 23 September 2006 - 06:19 AM

hi

I originally posted in the XP forum and have now been advised to post here!

My PC is running very slowly and IE is crashing on a regular basis.

I am running XP Pro, have 8.52GB free space, 768MB RAM, run anti virus software daily.

I have followed all your instructions before posting here.

Hope this is enough info!


msiz :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 12:06:22, on 09/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\alg.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Bit Lord 1.1\BitLord.exe
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - % (file missing)

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:19 PM

Posted 28 September 2006 - 05:18 PM

Hello msiz and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.

It appears that a couple of services might be missing the files to run them. Let's try a different scanner and see what it shows us.

Download WinPFind2.zip and unzip it to your Desktop. It will create a folder named WinPFind2. Do NOT run the program directly from the zip file.
  • Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.
  • In the Other Options group click the Show All checkboxes for both Processes and Services.
  • In the AddOn-Options group click the checkboxes for
    • HKCU_IEDesktop.def
    • Jobs.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button to post the information back here and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 msiz

msiz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 29 September 2006 - 03:46 AM

Hi OldTimer
here is my log
thanks a lot
msiz :thumbsup:

Logfile created on: 09/29/2006 09:40
WinPFind2 by OldTimer - Version 1.0.10 Folder = C:\Documents and Settings\LSmith\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< All Processes >
\systemroot\system32\smss.exe - (Microsoft Corporation )
\??\c:\winnt\system32\csrss.exe - (Microsoft Corporation )
\??\c:\winnt\system32\winlogon.exe - (Microsoft Corporation )
c:\winnt\system32\services.exe - (Microsoft Corporation )
c:\winnt\system32\lsass.exe - (Microsoft Corporation )
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST -K DCOMLAUNCH] - (Microsoft Corporation )
(DcomLaunch) C:\WINNT\system32\rpcss.dll - (Microsoft Corporation )
(TermService) C:\WINNT\System32\termsrv.dll - (Microsoft Corporation )
(TermService) C:\WINNT\System32\termsrv.dll - (Microsoft Corporation )
(TermService) C:\WINNT\System32\termsrv.dll - (Microsoft Corporation )
(IAS) - (File not found))
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST -K RPCSS] - (Microsoft Corporation )
(RpcSs) C:\WINNT\system32\rpcss.dll - (Microsoft Corporation )
(IAS) - (File not found))
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS] - (Microsoft Corporation )
(AppMgmt) C:\WINNT\System32\appmgmts.dll - (Microsoft Corporation )
(AudioSrv) C:\WINNT\System32\audiosrv.dll - (Microsoft Corporation )
(BITS) C:\WINNT\System32\qmgr.dll - (Microsoft Corporation )
(BITS) C:\WINNT\System32\qmgr.dll - (Microsoft Corporation )
(Browser) C:\WINNT\System32\browser.dll - (Microsoft Corporation )
(CryptSvc) C:\WINNT\System32\cryptsvc.dll - (Microsoft Corporation )
(Dhcp) C:\WINNT\System32\dhcpcsvc.dll - (Microsoft Corporation )
(dmserver) C:\WINNT\System32\dmserver.dll - (Microsoft Corp. )
(ERSvc) C:\WINNT\System32\ersvc.dll - (Microsoft Corporation )
(EventSystem) C:\WINNT\System32\es.dll - (Microsoft Corporation )
(FastUserSwitchingCompatibility) C:\WINNT\System32\shsvcs.dll - (Microsoft Corporation )
(helpsvc) %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (File not found))
(HidServ) C:\WINNT\System32\hidserv.dll - (File not found))
(lanmanserver) C:\WINNT\System32\srvsvc.dll - (Microsoft Corporation )
(lanmanworkstation) C:\WINNT\System32\wkssvc.dll - (Microsoft Corporation )
(Messenger) C:\WINNT\System32\msgsvc.dll - (Microsoft Corporation )
(Netman) C:\WINNT\System32\netman.dll - (Microsoft Corporation )
(Nla) C:\WINNT\System32\mswsock.dll - (Microsoft Corporation )
(NtmsSvc) C:\WINNT\system32\ntmssvc.dll - (Microsoft Corporation )
(RasAuto) C:\WINNT\System32\rasauto.dll - (Microsoft Corporation )
(RasMan) C:\WINNT\System32\rasmans.dll - (Microsoft Corporation )
(RemoteAccess) C:\WINNT\System32\mprdim.dll - (Microsoft Corporation )
(Schedule) C:\WINNT\system32\schedsvc.dll - (Microsoft Corporation )
(seclogon) C:\WINNT\System32\seclogon.dll - (Microsoft Corporation )
(SENS) C:\WINNT\system32\sens.dll - (Microsoft Corporation )
(SharedAccess) C:\WINNT\System32\ipnathlp.dll - (Microsoft Corporation )
(ShellHWDetection) C:\WINNT\System32\shsvcs.dll - (Microsoft Corporation )
(srservice) C:\WINNT\System32\srsvc.dll - (Microsoft Corporation )
(TapiSrv) C:\WINNT\System32\tapisrv.dll - (Microsoft Corporation )
(Themes) C:\WINNT\System32\shsvcs.dll - (Microsoft Corporation )
(TrkWks) C:\WINNT\system32\trkwks.dll - (Microsoft Corporation )
(W32Time) C:\WINNT\System32\w32time.dll - (Microsoft Corporation )
(winmgmt) C:\WINNT\system32\wbem\WMIsvc.dll - (Microsoft Corporation )
(Wmi) C:\WINNT\System32\advapi32.dll - (Microsoft Corporation )
(wscsvc) C:\WINNT\system32\wscsvc.dll - (Microsoft Corporation )
(wuauserv) C:\WINNT\system32\wuauserv.dll - (Microsoft Corporation )
(xmlprov) C:\WINNT\System32\xmlprov.dll - (Microsoft Corporation )
(IAS) - (File not found))
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] - (Microsoft Corporation )
(Dnscache) C:\WINNT\System32\dnsrslvr.dll - (Microsoft Corporation )
(IAS) - (File not found))
c:\winnt\system32\spoolsv.exe - (Microsoft Corporation )
c:\progra~1\grisoft\avgfre~1\avgamsvr.exe - (GRISOFT, s.r.o. )
c:\progra~1\grisoft\avgfre~1\avgupsvc.exe - (GRISOFT, s.r.o. )
c:\program files\common files\lightscribe\lssrvc.exe - (Hewlett-Packard Company )
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] - (Microsoft Corporation )
(Alerter) C:\WINNT\system32\alrsvc.dll - (Microsoft Corporation )
(LmHosts) C:\WINNT\System32\lmhsvc.dll - (Microsoft Corporation )
(RemoteRegistry) C:\WINNT\system32\regsvc.dll - (Microsoft Corporation )
(SSDPSRV) C:\WINNT\System32\ssdpsrv.dll - (Microsoft Corporation )
(upnphost) C:\WINNT\System32\upnphost.dll - (Microsoft Corporation )
(WebClient) C:\WINNT\System32\webclnt.dll - (Microsoft Corporation )
(IAS) - (File not found))
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST.EXE -K IMGSVC] - (Microsoft Corporation )
(StiSvc) C:\WINNT\system32\wiaservc.dll - (Microsoft Corporation )
(IAS) - (File not found))
c:\winnt\system32\wdfmgr.exe - (Microsoft Corporation )
c:\winnt\system32\alg.exe - (Microsoft Corporation )
c:\winnt\explorer.exe - (Microsoft Corporation )
c:\progra~1\grisoft\avgfre~1\avgcc.exe - (GRISOFT, s.r.o. )
c:\program files\quicktime\qttask.exe - (Apple Computer, Inc. )
c:\program files\spyware doctor\swdoctor.exe - (PCTools )
c:\program files\common files\ahead\lib\nmbgmonitor.exe - (Nero AG )
c:\progra~1\micros~2\office10\outlook.exe - (Microsoft Corporation )
c:\winnt\system32\zonelabs\vsmon.exe - (Zone Labs, LLC )
c:\progra~1\zonela~1\zoneal~1\zlclient.exe - (Zone Labs, LLC )
c:\program files\msn messenger\msnmsgr.exe - (Microsoft Corporation )
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST.EXE -K USNSVC] - (Microsoft Corporation )
(usnsvc) C:\Program Files\MSN Messenger\usnsvc.dll - (Microsoft Corporation )
(IAS) - (File not found))
c:\program files\internet explorer\iexplore.exe - (Microsoft Corporation )
c:\documents and settings\LSmith\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.google.co.uk/
HKLM->Main\\Search Bar - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKLM->Main\\Search Page - http://www.google.co.uk
HKLM->Main\\Local Page - C:\WINNT\SYSTEM32\blank.htm
HKCU->Main\\Start Page - http://www.google.co.uk/
HKCU->Main\\Search Page - http://www.google.co.uk
HKCU->Main\\Local Page - \blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM->Search\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\Shdocvw.dll (Microsoft Corporation )
HKCU->URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc. )
HKCU->Internet Settings\\ProxyEnable - 0

[>> BHO's <<]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc. )
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{53707962-6F74-2D53-2644-206D7942484F} - Reg Data missing or invalid = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited )
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - PCTools Site Guard = C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll (PC Tools )
{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation )
{B56A7D7D-6927-48C8-A975-17DF180C71AC} - PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll (GuideWorks Pty. Ltd. )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\Shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{32683183-48a0-441b-a342-7c2a440a9478} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\Shdocvw.dll (Microsoft Corporation )
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\system32\Shdocvw.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\Shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc. )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\Browseui.dll (Microsoft Corporation )
ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc. )
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\Browseui.dll (Microsoft Corporation )
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc. )
WebBrowser\\{6A048BB7-E017-4326-B207-AA996C77BBCB} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc. )
WebBrowser\\{F3DF2532-A2CC-48D8-8643-A033AE4FC313} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))

[HKCU-> Internet Explorer CmdMapping]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8192 - Reg Data missing or invalid
NextId - 8193

[HKLM-> Internet Explorer Extensions]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - ButtonText: Spyware Doctor = Reg Data missing or invalid (File not found))

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
- CorelDRAW Shell Extension Component = Reg Data missing or invalid (File not found))
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} - TuneUp Shredder Shell Context Menu Extension = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH )
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data missing or invalid (File not found))
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found))
{1AEB1360-5AFC-11D0-B806-00C04FD706EC} - Office Graphics Filters Thumbnail Extractor = Reg Data missing or invalid (File not found))
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} - dBpowerAMP Music Converter = Reg Data missing or invalid (File not found))
{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = Reg Data missing or invalid (File not found))
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} - My Labtec Pictures = C:\Program Files\Logitech\Video\Namespc2.dll (Labtec Inc. )
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = Reg Data missing or invalid (File not found))
{500202A0-731E-11D0-B829-00C04FD706EC} - LNK file thumbnail interface delegator = Reg Data missing or invalid (File not found))
{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc. )
{5E44E225-A408-11CF-B581-008029601108} - Adaptec DirectCD Shell Extension = C:\PROGRA~1\Adaptec\EASYCD~1\DirectCD\Shellex.dll (Roxio )
{6A3D59F7-C0FF-4DDF-B8C9-6F92D32DF281} - = Reg Data missing or invalid (File not found))
{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} - MediaFace extension = C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll (Fellowes, Inc. )
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found))
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found))
{7B167993-3D4A-486B-8120-F8303C093724} - = Reg Data missing or invalid (File not found))
{7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - Pa&nicware Pop-Up Stopper = C:\Program Files\Panicware\Pop-Up Stopper\pstopper.dll (Panicware, Inc. )
{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found))
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINNT\System32\hticons.dll (Hilgraeve, Inc. )
{8BEBB290-52D0-11D0-B7F4-00C04FD706EC} - Thumbnails = Reg Data missing or invalid (File not found))
{8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - Pop-Up Stopper &Companion = C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll (Panicware, Inc. )
{9D9FC11C-9379-4E9A-B342-D568FCED8477} - = Reg Data missing or invalid (File not found))
{9DED7A30-D572-4D21-8D82-6945EA697400} - Macromedia FlashPaper Context Menu = C:\Program Files\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll ( )
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
{AC54FB61-7D59-49A9-BA7C-C36E084D547E} - Mp3/Tag Studio shell extension = Reg Data missing or invalid (File not found))
{AC54FB61-7D59-49A9-BA7C-C36E084D547E} (HKCU CLSID) - Mp3/Tag Studio shell extension = C:\WINNT\system32\mp3tsshx.dll ( )
{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = Reg Data missing or invalid (File not found))
{C14F7681-33D8-11D3-A09B-00500402F30B} - AvxShellEx = Reg Data missing or invalid (File not found))
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = Reg Data missing or invalid (File not found))
{fe1290f0-cfbd-11cf-a330-00aa00c16e65} - Directory Namespace = Reg Data missing or invalid (File not found))
{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Music Converter 1 = Reg Data missing or invalid (File not found))

[HKCU-> Approved Shell Extensions]
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} - Web Folders = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL (Microsoft Corporation )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - Reg Data missing or invalid = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG )
* - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
* - Macromedia.FlashPaper.ContextMenu - {9DED7A30-D572-4D21-8D82-6945EA697400} = C:\Program Files\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll ( )
* - MediaFaceExtension - {6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} = C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll (Fellowes, Inc. )
* - TuneUp Shredder - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = C:\Program Files\TuneUp Utilities 2006\sdshelex.dll (TuneUp Software GmbH )
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
* - Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc. )
Directory - MediaFaceExtension - {6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} = C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll (Fellowes, Inc. )
Directory - TuneUp Shredder - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = C:\Program Files\TuneUp Utilities 2006\sdshelex.dll (TuneUp Software GmbH )
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - Reg Data missing or invalid = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG )
Folder - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]
Folder - {7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalColumnHandler Class = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG )
Folder - {7f9609be-af9a-11d1-83e0-00c04fb6e984} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINNT\System32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o. )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\Zone Labs Client - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG )
HKCU->Run\\Spyware Doctor - "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (PCTools )

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]
AppInit_DLL - (File not found))

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINNT\System32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\Browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\Browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;

[PendingFileRenameOperations]
Session Manager\\PendingFileRenameOperations - \??\C:\DOCUME~1\LINZIS~1\LOCALS~1\Temp\vsutil.dll;

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]
StartUpFolder\C:^Documents and Settings^LSmith^Start Menu^Programs^Startup^Ovulation Calendar.lnk - Ovulation Calendar = Reg Data missing or invalid (File not found))

[>> User Agent Post Platform <<]
sv1 -

[>> Winlogon <<]
HMLM->UserInit - C:\WINNT\system32\Userinit.exe, (Microsoft Corporation )
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found))
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{017AB601-2BCB-4B68-A4D9-7E24F83B54E1} - (SiS 900 PCI Fast Ethernet Adapter)
{1A70EBD3-89ED-40B4-AC85-F6D6B30DBF60} - ()

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found))
msdaipp - (File not found))

[>> Protocol Filters (Non-Microsoft only) <<]

< All Services >
Application Layer Gateway Service (ALG) - C:\WINNT\System32\alg.exe (Microsoft Corporation ) [On Demand - Running - Win32, running in it's own process]
Windows Audio (AudioSrv) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
AVG7 Alert Manager Server (Avg7Alrt) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
AVG7 Update Service (Avg7UpdSvc) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
Background Intelligent Transfer Service (BITS) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Computer Browser (Browser) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Cryptographic Services (CryptSvc) - C:\WINNT\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
DCOM Server Process Launcher (DcomLaunch) - C:\WINNT\system32\svchost -k DcomLaunch (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
DHCP Client (Dhcp) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
DNS Client (Dnscache) - C:\WINNT\System32\svchost.exe -k NetworkService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Event Log (Eventlog) - C:\WINNT\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
COM+ Event System (EventSystem) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Help and Support (helpsvc) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Server (lanmanserver) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Workstation (lanmanworkstation) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
LightScribeService Direct Disc Labeling Service (LightScribeService) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (Hewlett-Packard Company ) [Automatic - Running - Win32, running in it's own process]
Network Connections (Netman) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Network Location Awareness (NLA) (Nla) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Plug and Play (PlugPlay) - C:\WINNT\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
IPSEC Services (PolicyAgent) - C:\WINNT\System32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Protected Storage (ProtectedStorage) - C:\WINNT\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Remote Access Connection Manager (RasMan) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Remote Registry (RemoteRegistry) - C:\WINNT\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Remote Procedure Call (RPC) (RpcSs) - C:\WINNT\system32\svchost -k rpcss (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Security Accounts Manager (SamSs) - C:\WINNT\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Task Scheduler (Schedule) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
System Event Notification (SENS) - C:\WINNT\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Shell Hardware Detection (ShellHWDetection) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Print Spooler (Spooler) - C:\WINNT\system32\spoolsv.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
System Restore Service (srservice) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Windows Image Acquisition (WIA) (StiSvc) - C:\WINNT\System32\svchost.exe -k imgsvc (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Telephony (TapiSrv) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Terminal Services (TermService) - C:\WINNT\System32\svchost -k DComLaunch (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Themes (Themes) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Windows User Mode Driver Framework (UMWdf) - C:\WINNT\system32\wdfmgr.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
Messenger Sharing USN Journal Reader service (usnsvc) - C:\WINNT\system32\svchost.exe -k usnsvc (Microsoft Corporation ) [On Demand - Running - Win32, running in it's own process]
Windows Management Instrumentation (winmgmt) - C:\WINNT\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Automatic Updates (wuauserv) - C:\WINNT\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]

< Files >

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Date = 09/23/2005 22:05 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation [Ver = 10.0.2609 | Size = 83360 bytes | Date = 02/13/2001 09:01 | Attr = ])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\LSmith\Start Menu\Programs\Startup
C:\Documents and Settings\LSmith\Start Menu\Programs\Startup\Reboot.exe - ( [Ver = 1.0.1.9 | Size = 432128 bytes | Date = 08/20/2002 07:26 | Attr = ])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Wininit.ini: Line 1 - [Rename]
Wininit.ini: Line 2 - NUL=
Wininit.ini: Line 3 - NUL=
Wininit.ini: Line 4 - NUL=
Wininit.ini: Line 5 - NUL=

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 05/06/2004 17:03 | Attr = HS])
C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt - ( [Ver = | Size = 11 bytes | Date = 05/26/2004 10:08 | Attr = ])
C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt - ( [Ver = | Size = 11 bytes | Date = 03/28/2005 17:28 | Attr = ])

CurrentUser ApplicationData Folder
C:\Documents and Settings\LSmith\Application Data\.zreglib - ( [Ver = | Size = 40 bytes | Date = 09/28/2006 18:28 | Attr = HS])
C:\Documents and Settings\LSmith\Application Data\dm.ini - ( [Ver = | Size = 0 bytes | Date = 09/22/2006 12:52 | Attr = ])
C:\Documents and Settings\LSmith\Application Data\GDIPFONTCACHEV1.DAT - ( [Ver = | Size = 69064 bytes | Date = 09/11/2006 21:38 | Attr = ])

Program Files Folder
C:\Program Files\about - ( [Ver = | Size = 256 bytes | Date = 12/19/2003 04:02 | Attr = ])
C:\Program Files\BOOTCAT.BIN - ( [Ver = | Size = 2048 bytes | Date = 08/18/2004 16:00 | Attr = H ])
C:\Program Files\cd-mp3-burner.exe - (MP3DO Software, Inc. [Ver = | Size = 1499015 bytes | Date = 05/07/2005 23:02 | Attr = ])
C:\Program Files\COPYING - ( [Ver = | Size = 25292 bytes | Date = 11/24/1999 12:40 | Attr = ])
C:\Program Files\CurrentCfg.tpr - ( [Ver = | Size = 7672 bytes | Date = 04/05/2005 17:47 | Attr = ])
C:\Program Files\desktop.ini - ( [Ver = | Size = 271 bytes | Date = 09/12/2003 11:42 | Attr = HS])
C:\Program Files\folder.htt - ( [Ver = | Size = 21952 bytes | Date = 09/12/2003 11:42 | Attr = H ])
C:\Program Files\HijackThis.exe - (Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Date = 05/07/2005 11:07 | Attr = ])
C:\Program Files\lame-3.96.1.zip - ( [Ver = | Size = 614943 bytes | Date = 05/07/2005 18:50 | Attr = ])
C:\Program Files\lame.exe - ( [Ver = | Size = 202240 bytes | Date = 07/29/2004 02:19 | Attr = ])
C:\Program Files\lame_enc.dll - ( [Ver = | Size = 175104 bytes | Date = 07/29/2004 02:19 | Attr = ])
C:\Program Files\LR128Q.cat - ( [Ver = | Size = 9458 bytes | Date = 03/03/2004 05:11 | Attr = R ])
C:\Program Files\LR128Q.INF - ( [Ver = | Size = 23017 bytes | Date = 12/23/2004 09:23 | Attr = R ])
C:\Program Files\P3Package.dll - ( [Ver = | Size = 135255 bytes | Date = 10/25/2004 18:10 | Attr = ])
C:\Program Files\P4Package.dll - ( [Ver = | Size = 147543 bytes | Date = 10/25/2004 18:10 | Attr = ])
C:\Program Files\psa2se_us.exe - (Adobe Systems, Inc. [Ver = 2.00.000 | Size = 6262872 bytes | Date = 02/15/2004 13:30 | Attr = ])
C:\Program Files\Resample.dll - (Pegasys [Ver = 1.1.0.3 | Size = 155648 bytes | Date = 10/25/2004 18:10 | Attr = ])
C:\Program Files\Setup.exe - ( [Ver = 1, 0, 0, 0 | Size = 765952 bytes | Date = 12/23/2004 09:09 | Attr = R ])
C:\Program Files\ssg.nfo - ( [Ver = | Size = 5088 bytes | Date = 01/28/2004 20:37 | Attr = ])
C:\Program Files\USAGE - ( [Ver = | Size = 30053 bytes | Date = 03/23/2004 05:57 | Attr = ])
C:\Program Files\usbVM31b.sys - (Creative Technology Ltd. [Ver = 1.00.01.00 | Size = 90534 bytes | Date = 03/03/2004 05:11 | Attr = R ])
C:\Program Files\usb_uns.ex_ - ( [Ver = | Size = 77453 bytes | Date = 12/23/2004 09:34 | Attr = R ])
C:\Program Files\VM31bPrp.Ax - (VM [Ver = 4.2.815.31 | Size = 159822 bytes | Date = 03/03/2004 05:11 | Attr = R ])
C:\Program Files\VM31bSTI.dll - (VM [Ver = 4.2.1.21 | Size = 61440 bytes | Date = 03/03/2004 05:11 | Attr = R ])
C:\Program Files\VM31bTWN.DS - (VM [Ver = 4.2.1.21 | Size = 73728 bytes | Date = 03/03/2004 05:11 | Attr = R ])
C:\Program Files\VM31bTXP.DS - (VM [Ver = 4.2.1.21 | Size = 86016 bytes | Date = 03/03/2004 05:11 | Attr = R ])
C:\Program Files\winamp509_full_silvertide_emusic-8basic.exe - ( [Ver = | Size = 8530568 bytes | Date = 05/07/2005 22:58 | Attr = ])

Common Files Folder

DPF files
{00000055-9980-0010-8000-00AA00389B71} - - CodeBase = http://codecs.microsoft.com/codecs/i386/fhg.CAB
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINNT\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase =

Hosts file = 716 bytes. Reading all entries. C:\WINNT\System32\drivers\etc\Hosts
# Copyright © 1993-1999 Microsoft Corp. -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# For example: -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
127.0.0.1 localhost -
-

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 1
Desktop\Components\0 -
Desktop\Components\0\\Source - http://us.f1.yahoofs.com/users/1d587e9/bc/...cR_OO_A2uYWBawO
Desktop\Components\0\\SubscribedURL - http://us.f1.yahoofs.com/users/1d587e9/bc/...cR_OO_A2uYWBawO
Desktop\Components\0\\FriendlyName -
Desktop\Components\0\\Flags - 1
Desktop\Components\0\\Position - 2C 00 00 00 64 01 00 00 D0 00 00 00 68 01 00 00 0E 01 00 00 E8 03 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 01 00 00 40
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 64 01 00 00 D0 00 00 00 68 01 00 00 0E 01 00 00 01 00 00 40
Desktop\Components\0\\RestoredStateInfo - 5B 61 E8 77 F8 68 E8 77 FF FF FF FF 2C 5D F6 06 EA 1C 34 70 40 B5 AD 03
Desktop\Components\1 -
Desktop\Components\1\\Source - About:Home
Desktop\Components\1\\SubscribedURL - About:Home
Desktop\Components\1\\FriendlyName - My Current Home Page
Desktop\Components\1\\Flags - 2
Desktop\Components\1\\Position - 2C 00 00 00 A0 00 00 00 00 00 00 00 80 02 00 00 3A 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\1\\CurrentState - 04 00 00 40
Desktop\Components\1\\OriginalStateInfo - 18 00 00 00 A0 00 00 00 00 00 00 00 80 02 00 00 3A 02 00 00 04 00 00 40
Desktop\Components\1\\RestoredStateInfo - 18 00 00 00 A0 00 00 00 00 00 00 00 80 02 00 00 3A 02 00 00 01 00 00 00
Desktop\General -
Desktop\General\\WallpaperFileTime - 00 00 00 00 00 00 00 00
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 2
Desktop\General\\BackupWallpaper -
Desktop\General\\WallpaperLocalFileTime - 00 68 C4 61 08 00 00 00
Desktop\General\\Wallpaper -
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 20 03 00 00 3A 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\Components -
Desktop\SafeMode\Components\\DeskHtmlVersion - 272
Desktop\SafeMode\Components\\DeskHtmlMinorVersion - 3
Desktop\SafeMode\Components\\Settings - 1
Desktop\SafeMode\Components\\GeneralFlags - 0
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Jobs.def<<<<

DIR - C:\WINNT\tasks\*.* - Parameters = Include SubFolders
C:\WINNT\tasks\1-Click Maintenance.job - ( [Ver = | Size = 402 bytes | Date = 09/28/2006 16:15 | Attr = ])
C:\WINNT\tasks\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 12/07/1999 05:00 | Attr = RH ])
C:\WINNT\tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 09/28/2006 18:26 | Attr = H ])
C:\WINNT\tasks\XoftSpy.job - ( [Ver = | Size = 360 bytes | Date = 09/28/2006 17:00 | Attr = ])

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\ActiveDesktop -
policies\ActiveDesktop\AdminComponent -
policies\Explorer -
policies\Explorer\\LinkResolveIgnoreLinkInfo - 0
policies\Explorer\\NoResolveSearch - 1
policies\Explorer\\NoResolveTrack - 0
policies\Explorer\Run -
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\\NoResolveTrack - 1
policies\Explorer -
policies\Explorer\\CDRAutoRun - 0
policies\Explorer\\NoStartMenuPinnedList - 1
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\Explorer\\NoActiveDesktop - 0
policies\Explorer\\NoCDBurning - 0
policies\Explorer\\NoRecentDocsHistory - 1
policies\Explorer\\ClearRecentDocsOnExit - 0
policies\Explorer\Run -
policies\NonEnum -
policies\System -
policies\Uninstall -

>>>>Output for AddOn file SID_Run_Policies.def<<<<

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -
Run\\internat.exe - internat.exe
Run\\Yahoo! Pager - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
Run\\AVG7_Run - C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run -
Run\\internat.exe - internat.exe
Run\\Yahoo! Pager - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
Run\\AVG7_Run - C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 91 00 00 00
Policies\Explorer\\CDRAutoRun - 0

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 91 00 00 00
Policies\Explorer\\CDRAutoRun - 0

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:19 PM

Posted 30 September 2006 - 08:12 AM

Hi msiz. I do not see any signs of viruses or malware in the WinPFind2 log either so I do not think we are dealing with any infections here.

Let's try this. Click Start->Run and type sfc /scannow into the editbox and then click Ok. This will run the System File Checker utility to verify that all of the needed system files are present and undamaged. Have your XP CD available because if it cannot find a file it will get the file off from the CD.

Once done, go to the Microsoft Update site and get all of the available critical updates since the sfc utility could overwrite some of them.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 msiz

msiz
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 02 October 2006 - 01:42 PM

hi OT

did this and still nothing's changed

msiz :thumbsup:

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:19 PM

Posted 03 October 2006 - 05:46 PM

Hi msiz. I believe the problem to be in a corrupted registry. Looking at the post in the XP forum shows various locations where the information is incomplete and/or missing.

Try a System Restore to a point prior to when the issue started occuring.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users