Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

10 Iexplorers.exe, Only One Explorer Opened.


  • Please log in to reply
24 replies to this topic

#1 Lauren_Marie

Lauren_Marie

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 27 September 2006 - 10:20 AM

I am having a big problem with my computer. If I have an internet explorer window open, and then I close it, it never really removes from my Task manager.

I have over 52 processes running and it is slowing down my computer.

I have 1.256 RAM
and 250gb hard drive that is only 30% filled. There is no reason why my computer should be running so slow

Just to speed up time, since I know you are going to ask it, here is my highjack this log.

Logfile of HijackThis v1.99.1
Scan saved at 11:18:03 AM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Ewido\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
F:\Zone Alarm\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
F:\JUNK\DesktopX\dxwidget.exe
F:\JUNK\DesktopX\dxwidget.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Documents and Settings\Lauren Marie\My Documents\Unzipped\hijackthis[1]\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Zone Alarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Silica Calender.lnk = F:\JUNK\DesktopX\Widgets\Silica Calendar.exe
O4 - Startup: Silica Weather.lnk = F:\JUNK\DesktopX\Widgets\Silica Weather.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\AIM95_c0\aim.exe (file missing)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://rimmel.ai-media.com/save/makeover.cab
O16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) - http://www.shockwave.com/content/dinerdash...ic.1.0.0.92.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Ewido\ewido anti-spyware 4.0\guard.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 27 September 2006 - 03:59 PM

Hi Lauren_Marie and Welcome to the Bleeping Computer!

Please download Combofix to your desktop.
http://download.bleepingcomputer.com/sUBs/combofix.exe

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt


Please run the Bit Defender Online Scan
http://www.bitdefender.com/scan8/ie.html

You must use Internet Explorer for this scanner.

Install the ActiveX and Click on "Click here to Scan"

Allow it to update and Scan the Machine.

It should disinfect or delete whatever it finds that is infected.

Save the report in generates in a text format please and post it back here with the log from ComboFix.

Edited by Cretemonster, 27 September 2006 - 03:59 PM.


#3 Lauren_Marie

Lauren_Marie
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  

Posted 27 September 2006 - 04:38 PM

COMBOFIX
Lauren Marie - 06-09-27 17:20:58.59
ComboFix 06.09.07 - Running from: C:\Documents and Settings\Lauren Marie\My Documents\Unzipped\hijackthis[1]

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Lauren Marie\Application Data\YSTEM~1
C:\QooBox\Purity\Documents and Settings\Lauren Marie\Application Data\YSTEM~1\YSTEM~1
C:\QooBox\Purity\Program Files\YSTEM~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-27 to 2006-09-27 ))))))))))))))))))))))))))))))))))


2006-09-24 01:25 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2006-09-24 01:25 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2006-09-17 03:18 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-09-10 23:46 90,112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-09-10 23:46 856,064 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-09-10 23:46 620,180 --a------ C:\WINDOWS\system32\divx.dll
2006-09-10 23:46 594,450 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-09-10 23:46 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-09-10 23:46 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-09-10 23:46 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-09-10 23:46 200,704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-09-10 23:46 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2006-09-10 23:46 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-27 02:04 -------- d-------- C:\Program Files\AIM
2006-09-25 15:08 -------- d-------- C:\Program Files\AntiVir PersonalEdition Classic
2006-09-18 02:01 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-18 02:00 -------- d-------- C:\Program Files\MSN Games
2006-09-17 03:18 -------- d-------- C:\Program Files\Stardock
2006-09-17 03:18 -------- d-------- C:\Program Files\Common Files\stardock
2006-09-17 03:18 -------- d-------- C:\Program Files\Common Files
2006-09-14 12:59 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-14 12:59 -------- d-------- C:\Program Files\AOL
2006-09-14 12:41 -------- d-------- C:\Program Files\AOD
2006-09-13 02:04 -------- d-------- C:\Program Files\MSN Messenger
2006-09-10 23:46 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-09-08 01:04 -------- d-------- C:\Program Files\Google
2006-09-07 09:00 -------- d-------- C:\Program Files\XoftSpy
2006-09-05 15:45 -------- d-------- C:\Program Files\Java
2006-09-05 15:42 -------- d-------- C:\Program Files\Lavasoft
2006-09-05 15:42 -------- d-------- C:\Documents and Settings\Lauren Marie\Application Data\Lavasoft
2006-09-02 23:37 -------- d-------- C:\Program Files\Viewpoint
2006-09-01 09:32 -------- d-------- C:\Program Files\MetaStream
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-11 20:51 -------- d-------- C:\Program Files\Internet Explorer
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Zone Labs Client"="\"F:\\Zone Alarm\\ZoneAlarm\\zlclient.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"viewmgr"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"SpecifyDefaultButtons"=dword:00000000
"Btn_Search"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,9c,00,00,00,00,00,00,00,64,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"location"="Common Startup"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
"location"="Common Startup"
"item"="Image Transfer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="c:\\PROGRA~1\\MICROS~3\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Lauren Marie^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Lauren Marie^Start Menu^Programs^Startup^Aero Gmail.lnk]
"path"="C:\\Documents and Settings\\Lauren Marie\\Start Menu\\Programs\\Startup\\Aero Gmail.lnk"
"backup"="C:\\WINDOWS\\pss\\Aero Gmail.lnkStartup"
"location"="Startup"
"command"="F:\\JUNK\\DesktopX\\Widgets\\AEROGM~1.EXE "
"item"="Aero Gmail"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Lauren Marie^Start Menu^Programs^Startup^Palfun.lnk]
"location"="Startup"
"item"="Palfun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Lauren Marie^Start Menu^Programs^Startup^Stickies.lnk]
"path"="C:\\Documents and Settings\\Lauren Marie\\Start Menu\\Programs\\Startup\\Stickies.lnk"
"backup"="C:\\WINDOWS\\pss\\Stickies.lnkStartup"
"location"="Startup"
"command"="F:\\JUNK\\DesktopX\\Widgets\\STICKY~1.EXE "
"item"="Stickies"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Fast Start]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOL"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Free Download Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fdm"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="point32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KAVPersonal50]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kav"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Matrox Powerdesk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDesk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\PDesk\\PDesk.exe /Autolaunch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\outlook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="outlook"
"hkey"="HKLM"
"command"="c:\\Program Files\\Microsoft Office\\Office\\OUTLOOK.EXE /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SmcService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smc"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\viewmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="\"F:\\Zone Alarm\\ZoneAlarm\\zlclient.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"AOL TopSpeedMonitor"=dword:00000002
"Norton AntiVirus Server"=dword:00000002
"kavsvc"=dword:00000003
"DefWatch"=dword:00000002
"Brother XP spl Service"=dword:00000002
"AOLService"=dword:00000002
"AOL ACS"=dword:00000002
"Adobe LM Service"=dword:00000003
"WinDefend"=dword:00000002

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient


Completion time: Wed 09/27/2006 17:22:12.73
ComboFix.txt
ComboFix2.txt


BITDEFENDER!

COMING AFTER THIS ITS TAKING A LONG TIME!

#4 Lauren_Marie

Lauren_Marie
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 27 September 2006 - 06:01 PM

BitDefender found nothing.

#5 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 27 September 2006 - 06:17 PM

We must keep searching!


Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click blbeta.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

#6 Lauren_Marie

Lauren_Marie
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 27 September 2006 - 09:02 PM

I click it, and it opens and closes, It wont let me do anything.

#7 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 28 September 2006 - 12:28 PM

Hmmm,this could get interesting.


Download WinPFind2.zip and unzip it to your Desktop. It will create a folder named WinPFind2. Do NOT run the program directly from the zip file.
  • Open the folder and double-click on winpfind2.exe to start the program.
  • Click on the Services tab.
  • From the two drop down boxes next to Filter list:, on the left one choose List all type of services and on the right one choose List all services.
  • Click on the Configuration tab.
  • Keep the standard settings and then in the AddOn-Options box click the checkboxes for
    • HKCU_IEDesktop.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Under File Options click Select All
  • Under Other Options put a check to both Show All boxes
  • Please maximize the window in order to be able to view the Status Bar where you can see the progress of the scan.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it and then please post that report into this topic. After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.


#8 Lauren_Marie

Lauren_Marie
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  

Posted 28 September 2006 - 04:28 PM

Logfile created on: 09/28/2006 17:26
WinPFind2 by OldTimer - Version 1.0.10 Folder = G:\My Documents 2\Junk\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< All Processes >
\systemroot\system32\smss.exe - (Microsoft Corporation )
\??\c:\windows\system32\winlogon.exe - (Microsoft Corporation )
c:\windows\system32\services.exe - (Microsoft Corporation )
c:\windows\system32\lsass.exe - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] - (Microsoft Corporation )
(DcomLaunch) C:\WINDOWS\system32\rpcss.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] - (Microsoft Corporation )
(AppMgmt) C:\WINDOWS\System32\appmgmts.dll - (Microsoft Corporation )
(AudioSrv) C:\WINDOWS\System32\audiosrv.dll - (Microsoft Corporation )
(BITS) C:\WINDOWS\System32\qmgr.dll - (Microsoft Corporation )
(Browser) C:\WINDOWS\System32\browser.dll - (Microsoft Corporation )
(CryptSvc) C:\WINDOWS\System32\cryptsvc.dll - (Microsoft Corporation )
(Dhcp) C:\WINDOWS\System32\dhcpcsvc.dll - (Microsoft Corporation )
(dmserver) C:\WINDOWS\System32\dmserver.dll - (Microsoft Corp. )
(ERSvc) C:\WINDOWS\System32\ersvc.dll - (Microsoft Corporation )
(EventSystem) C:\WINDOWS\System32\es.dll - (Microsoft Corporation )
(FastUserSwitchingCompatibility) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(helpsvc) %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (File not found))
(HidServ) C:\WINDOWS\System32\hidserv.dll - (File not found))
(lanmanserver) C:\WINDOWS\System32\srvsvc.dll - (Microsoft Corporation )
(lanmanworkstation) C:\WINDOWS\System32\wkssvc.dll - (Microsoft Corporation )
(Messenger) C:\WINDOWS\System32\msgsvc.dll - (Microsoft Corporation )
(Netman) C:\WINDOWS\System32\netman.dll - (Microsoft Corporation )
(Nla) C:\WINDOWS\System32\mswsock.dll - (Microsoft Corporation )
(NtmsSvc) C:\WINDOWS\system32\ntmssvc.dll - (Microsoft Corporation )
(RasAuto) C:\WINDOWS\System32\rasauto.dll - (Microsoft Corporation )
(RasMan) C:\WINDOWS\System32\rasmans.dll - (Microsoft Corporation )
(RemoteAccess) C:\WINDOWS\System32\mprdim.dll - (Microsoft Corporation )
(Schedule) C:\WINDOWS\system32\schedsvc.dll - (Microsoft Corporation )
(seclogon) C:\WINDOWS\System32\seclogon.dll - (Microsoft Corporation )
(SENS) C:\WINDOWS\system32\sens.dll - (Microsoft Corporation )
(SharedAccess) C:\WINDOWS\System32\ipnathlp.dll - (Microsoft Corporation )
(ShellHWDetection) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(srservice) C:\WINDOWS\System32\srsvc.dll - (Microsoft Corporation )
(TapiSrv) C:\WINDOWS\System32\tapisrv.dll - (Microsoft Corporation )
(Themes) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(TrkWks) C:\WINDOWS\system32\trkwks.dll - (Microsoft Corporation )
(W32Time) C:\WINDOWS\System32\w32time.dll - (Microsoft Corporation )
(winmgmt) C:\WINDOWS\system32\wbem\WMIsvc.dll - (Microsoft Corporation )
(WmdmPmSN) C:\WINDOWS\system32\MsPMSNSv.dll - (Microsoft Corporation )
(Wmi) C:\WINDOWS\System32\advapi32.dll - (Microsoft Corporation )
(wscsvc) C:\WINDOWS\system32\wscsvc.dll - (Microsoft Corporation )
(wuauserv) C:\WINDOWS\system32\wuauserv.dll - (Microsoft Corporation )
(WZCSVC) C:\WINDOWS\System32\wzcsvc.dll - (Microsoft Corporation )
(xmlprov) C:\WINDOWS\System32\xmlprov.dll - (Microsoft Corporation )
c:\windows\system32\zonelabs\vsmon.exe - (Zone Labs, LLC )
c:\progra~1\common~1\stardock\sdmcp.exe - (Stardock )
c:\windows\explorer.exe - (Microsoft Corporation )
c:\windows\system32\spoolsv.exe - (Microsoft Corporation )
c:\program files\google\gmail notifier\gnotify.exe - (Google Inc. )
c:\program files\antivir personaledition classic\avgnt.exe - (Avira GmbH )
f:\zone alarm\zonealarm\zlclient.exe - (Zone Labs, LLC )
c:\program files\java\jre1.5.0_03\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\program files\lavasoft\ad-aware se professional\ad-watch.exe - (Lavasoft Sweden )
c:\program files\google\googletoolbarnotifier\1.0.720.3640\googletoolbarnotifier.exe - (Google Inc. )
c:\program files\antivir personaledition classic\sched.exe - (Avira GmbH )
c:\program files\antivir personaledition classic\avguard.exe - (AVIRA GmbH )
f:\ewido\ewido anti-spyware 4.0\guard.exe - (Anti-Malware Development a.s. )
c:\windows\system32\inetsrv\inetinfo.exe - (Microsoft Corporation )
c:\program files\common files\microsoft shared\vs7debug\mdm.exe - (Microsoft Corporation )
c:\windows\system32\mgabg.exe - (Matrox Graphics Inc. )
c:\windows\system32\snmp.exe - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] - (Microsoft Corporation )
(stisvc) C:\WINDOWS\system32\wiaservc.dll - (Microsoft Corporation )
c:\program files\aim\aim.exe - (America Online, Inc. )
c:\program files\internet explorer\iexplore.exe - (Microsoft Corporation )
c:\program files\internet explorer\iexplore.exe - (Microsoft Corporation )
g:\my documents 2\junk\winpfind2\winpfind2.exe - (OldTimer Tools )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page -
HKLM->Main\\Search Page -
HKLM->Main\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM->Main\\Local Page - c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
HKCU->Main\\Start Page - about:blank
HKCU->Main\\Search Bar - http://www.google.com/ie
HKCU->Main\\Search Page - http://www.google.com
HKCU->Main\\Local Page - c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM->Search\\SearchAssistant - http://www.google.com/ie
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride - <local>

[>> BHO's <<]
{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar2.dll (Google Inc. )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKCU-> Internet Explorer Bars]
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc. )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc. )
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc. )
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} - &Links = %SystemRoot%\system32\ieframe.dll (File not found))

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8199 - Reg Data missing or invalid
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - 8192 - Reg Data missing or invalid
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - 8198 - Reg Data missing or invalid
{85d1f590-48f4-11d9-9669-0800200c9a66} - 8206 - Uninstall BitDefender Online Scanner v8
{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8203 - Reg Data missing or invalid
{A75C6120-9B36-11d4-A3F0-009027427750} - 8196 - Reg Data missing or invalid
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8193 - Reg Data missing or invalid
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - 8200 - Reg Data missing or invalid
{CD03D14B-0EF6-4f5a-BB81-1ECAFFC676AF} - 8204 - Reg Data missing or invalid
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8194 - Reg Data missing or invalid
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8197 - Reg Data missing or invalid
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8195 - Reg Data missing or invalid
NextId - 8207

[HKLM-> Internet Explorer Extensions]
{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = Reg Data missing or invalid (File not found))
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc. )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{05CCDAB3-BCB4-4C55-8470-108064CE689D} - = Reg Data missing or invalid (File not found))
{1C1EDB47-CE22-4bbb-B608-77B48F83C823} - IE Fade Task = %SystemRoot%\system32\ieframe.dll (File not found))
{3028902F-6374-48b2-8DC6-9725E775B926} - IE AutoComplete = %SystemRoot%\system32\ieframe.dll (File not found))
{330417E8-EF62-4047-82BE-D8305CEFF572} - AMEncShlExt extension = Reg Data missing or invalid (File not found))
{42042206-2D85-11D3-8CFF-005004838597} - Microsoft Office HTML Icon Handler = Reg Data missing or invalid (File not found))
{43886CD5-6529-41c4-A707-7B3C92C05E68} - IE Navigation Bar = %SystemRoot%\system32\ieframe.dll (File not found))
{44C76ECD-F7FA-411c-9929-1B77BA77F524} - IE Menu Site = %SystemRoot%\system32\ieframe.dll (File not found))
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH )
{4A741382-48B4-11d2-AD84-00A024D24BF3} - Matrox PowerDesk Properties = C:\WINDOWS\system32\PDesk\PDPAGES.DLL (Matrox Graphics Inc. )
{4B78D326-D922-44f9-AF2A-07805C2A3560} - IE Menu Band = %SystemRoot%\system32\ieframe.dll (File not found))
{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} - IE Tracking Shell Menu = %SystemRoot%\system32\ieframe.dll (File not found))
{6CF48EF8-44CD-45d2-8832-A16EA016311B} - IE IShellFolderBand = %SystemRoot%\system32\ieframe.dll (File not found))
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. )
{F2CF5485-4E02-4f68-819C-B92DE9277049} - &Links = %SystemRoot%\system32\ieframe.dll (File not found))

[HKCU-> Approved Shell Extensions]
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} - Web Folders = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL (Microsoft Corporation )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - Easy CD Ripper - {8331A1DE-43C5-4F79-A2AE-0E656856B193} = Reg Data missing or invalid (File not found))
* - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = F:\Ewido\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
* - Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH )
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
* - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
Directory - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = F:\Ewido\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Directory - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
Folder - LDVPMenu - {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll (Symantec Corporation )
Folder - MP3ToWave - {DC6FA7E0-6666-11D5-8CE2-444553540000} = Reg Data missing or invalid (File not found))
Folder - Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH )
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]
Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\System32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\{0228e555-4f9c-4e35-a3ec-b109a192b4c2} - c:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc. )
HKLM->Run\\avgnt - "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe (Sun Microsystems, Inc. )
HKLM->Run\\Zone Labs Client - "F:\Zone Alarm\ZoneAlarm\zlclient.exe" (Zone Labs, LLC )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\AWMON - "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" (Lavasoft Sweden )
HKCU->Run\\swg - C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (Google Inc. )
HKCU->Run\\viewmgr - (File not found))

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = F:\Ewido\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s. )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]

[PendingFileRenameOperations]

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]
Services - Adobe LM Service
Services - AOL ACS
Services - AOL TopSpeedMonitor
Services - AOLService
Services - Brother XP spl Service
Services - DefWatch
Services - kavsvc
Services - Norton AntiVirus Server
Services - WinDefend
StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - Adobe Gamma Loader = C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE (Adobe Systems, Inc. )
StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Adobe Reader Speed Launch = C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE (Adobe Systems Incorporated )
StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk - America Online 9.0 Tray Icon = Reg Data missing or invalid (File not found))
StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk - Image Transfer = Reg Data missing or invalid (File not found))
StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - Microsoft Office = c:\PROGRA~1\MICROS~3\Office\OSA9.EXE -b -l (Microsoft Corporation )
StartUpFolder\C:^Documents and Settings^Lauren Marie^Start Menu^Programs^Startup^Adobe Gamma.lnk - Adobe Gamma = C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE (Adobe Systems, Inc. )
StartUpFolder\C:^Documents and Settings^Lauren Marie^Start Menu^Programs^Startup^Aero Gmail.lnk - Aero Gmail = F:\JUNK\DesktopX\Widgets\AEROGM~1.EXE ( )
StartUpFolder\C:^Documents and Settings^Lauren Marie^Start Menu^Programs^Startup^Palfun.lnk - Palfun = Reg Data missing or invalid (File not found))
StartUpFolder\C:^Documents and Settings^Lauren Marie^Start Menu^Programs^Startup^Silica Calender.lnk - Silica Calender = F:\JUNK\DesktopX\Widgets\SILICA~2.EXE ( )
StartUpFolder\C:^Documents and Settings^Lauren Marie^Start Menu^Programs^Startup^Silica Weather.lnk - Silica Weather = F:\JUNK\DesktopX\Widgets\SI39E3~1.EXE ( )
StartUpFolder\C:^Documents and Settings^Lauren Marie^Start Menu^Programs^Startup^Stickies.lnk - Stickies = F:\JUNK\DesktopX\Widgets\STICKY~1.EXE ( )
StartUpReg\AOL Fast Start - AOL = Reg Data missing or invalid (File not found))
StartUpReg\AOL Spyware Protection - AOLSP Scheduler = "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" ( )
StartUpReg\AOLDialer - AOLDial = Reg Data missing or invalid (File not found))
StartUpReg\ctfmon.exe - ctfmon = C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation )
StartUpReg\Free Download Manager - fdm = Reg Data missing or invalid (File not found))
StartUpReg\HostManager - AOLSoftware = Reg Data missing or invalid (File not found))
StartUpReg\IntelliPoint - point32 = "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation )
StartUpReg\KAVPersonal50 - kav = Reg Data missing or invalid (File not found))
StartUpReg\Matrox Powerdesk - PDesk = C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch (Matrox Graphics Inc. )
StartUpReg\mmtask - mmtask = "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" (Musicmatch Inc. )
StartUpReg\MsnMsgr - msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation )
StartUpReg\outlook - outlook = c:\Program Files\Microsoft Office\Office\OUTLOOK.EXE /auto (Microsoft Corporation )
StartUpReg\QuickTime Task - qttask = "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
StartUpReg\RealTray - RealPlay = Reg Data missing or invalid (File not found))
StartUpReg\SmcService - smc = Reg Data missing or invalid (File not found))
StartUpReg\SunJavaUpdateSched - jusched = C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe (Sun Microsystems, Inc. )
StartUpReg\viewmgr - = (File not found))
StartUpReg\Yahoo! Pager - ypager = "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet ( )
StartUpReg\Zone Labs Client - zlclient = "F:\Zone Alarm\ZoneAlarm\zlclient.exe" (Zone Labs, LLC )

[>> User Agent Post Platform <<]
{2C580956-D642-9529-8473-1D5EA41D187B} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))

[>> Winlogon <<]
HMLM->UserInit - userinit.exe (Microsoft Corporation )
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found))
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll (Stardock )
Notify\NavLogon - C:\WINDOWS\System32\NavLogon.dll ( )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{A38A0E81-456E-46D2-9969-DE25F9E1F90E} - (3Com Gigabit LOM (3C940))
{CF78D7B9-F5C0-4C1D-838B-5F950BCA62ED} - (Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller)
{FEF6F23E-CA48-48FE-8226-35552072558E} - ()

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found))
msdaipp - (File not found))

[>> Protocol Filters (Non-Microsoft only) <<]

< All Services >
Abiosdsk (Abiosdsk) - (File not found)) [Disabled - Stopped - Kernel driver]
abp480n5 (abp480n5) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft ACPI Driver (ACPI) - \SystemRoot\System32\DRIVERS\ACPI.sys (Microsoft Corporation ) [ - Running - Kernel driver]
ACPIEC (ACPIEC) - (File not found)) [Disabled - Stopped - Kernel driver]
Adobe LM Service (Adobe LM Service) - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (Adobe Systems ) [On Demand - Stopped - Win32, running in it's own process]
adpu160m (adpu160m) - (File not found)) [Disabled - Stopped - Kernel driver]
aeaudio (aeaudio) - system32\drivers\aeaudio.sys (Andrea Electronics Corporation ) [On Demand - Running - Kernel driver]
Microsoft Kernel Acoustic Echo Canceller (aec) - system32\drivers\aec.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
AFD Networking Support Environment (AFD) - \SystemRoot\System32\drivers\afd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Intel AGP Bus Filter (agp440) - \SystemRoot\System32\DRIVERS\agp440.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Aha154x (Aha154x) - (File not found)) [Disabled - Stopped - Kernel driver]
aic78u2 (aic78u2) - (File not found)) [Disabled - Stopped - Kernel driver]
aic78xx (aic78xx) - (File not found)) [Disabled - Stopped - Kernel driver]
Alerter (Alerter) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Application Layer Gateway Service (ALG) - C:\WINDOWS\System32\alg.exe (Microsoft Corporation ) [On Demand - Running - Win32, running in it's own process]
AliIde (AliIde) - (File not found)) [Disabled - Stopped - Kernel driver]
amsint (amsint) - (File not found)) [Disabled - Stopped - Kernel driver]
AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH ) [Automatic - Running - Win32, running in it's own process]
AntiVir PersonalEdition Classic Guard (AntiVirService) - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (AVIRA GmbH ) [Automatic - Running - Win32, running in it's own process]
AOL Spyware Protection Service (AOLService) - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe ( ) [Disabled - Stopped - Win32, running in it's own process]
Application Management (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
asc (asc) - (File not found)) [Disabled - Stopped - Kernel driver]
asc3350p (asc3350p) - (File not found)) [Disabled - Stopped - Kernel driver]
asc3550 (asc3550) - (File not found)) [Disabled - Stopped - Kernel driver]
ASPI32 (ASPI32) - (File not found)) [ - Stopped - Kernel driver]
RAS Asynchronous Media Driver (AsyncMac) - System32\DRIVERS\asyncmac.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Standard IDE/ESDI Hard Disk Controller (atapi) - \SystemRoot\System32\DRIVERS\atapi.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Atdisk (Atdisk) - (File not found)) [Disabled - Stopped - Kernel driver]
ATM ARP Client Protocol (Atmarpc) - System32\DRIVERS\atmarpc.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Audio Stub Driver (audstub) - System32\DRIVERS\audstub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Antivirus Filter Driver (AvFlt) - \SystemRoot\system32\drivers\av5flt.sys (File not found)) [On Demand - Stopped - Filesystem driver]
avgio (avgio) - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys (H+BEDV Datentechnik GmbH ) [ - Running - Kernel driver]
avgntflt (avgntflt) - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys (AVIRA GmbH ) [On Demand - Running - Filesystem driver]
Beep (Beep) - (File not found)) [ - Running - Kernel driver]
Background Intelligent Transfer Service (BITS) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
BrSplService (Brother XP spl Service) - C:\WINDOWS\System32\brsvc01a.exe (brother Industries Ltd ) [Disabled - Stopped - Win32, running in it's own process]
Computer Browser (Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
cbidf2k (cbidf2k) - (File not found)) [Disabled - Stopped - Kernel driver]
Closed Caption Decoder (CCDECODE) - System32\DRIVERS\CCDECODE.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
cd20xrnt (cd20xrnt) - (File not found)) [Disabled - Stopped - Kernel driver]
Cdaudio (Cdaudio) - (File not found)) [ - Stopped - Kernel driver]
Cdfs (Cdfs) - (File not found)) [Disabled - Running - Filesystem driver]
CD-ROM Driver (Cdrom) - System32\DRIVERS\cdrom.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Changer (Changer) - (File not found)) [ - Stopped - Kernel driver]
Indexing Service (CiSvc) - C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in it's own process]
CmdIde (CmdIde) - (File not found)) [Disabled - Stopped - Kernel driver]
COM+ System Application (COMSysApp) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Cpqarray (Cpqarray) - (File not found)) [Disabled - Stopped - Kernel driver]
Cryptographic Services (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
dac960nt (dac960nt) - (File not found)) [Disabled - Stopped - Kernel driver]
DCOM Server Process Launcher (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
DHCP Client (Dhcp) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Disk Driver (Disk) - \SystemRoot\System32\DRIVERS\disk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Logical Disk Manager Administrative Service (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com (Microsoft Corp., Veritas Software ) [On Demand - Stopped - Win32, running in a shared process]
dmboot (dmboot) - System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software ) [Disabled - Stopped - Kernel driver]
Logical Disk Manager Driver (dmio) - \SystemRoot\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software ) [ - Running - Kernel driver]
dmload (dmload) - \SystemRoot\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software. ) [ - Running - Kernel driver]
Logical Disk Manager (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Microsoft Kernel DLS Syntheiszer (DMusic) - system32\drivers\DMusic.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
DNS Client (Dnscache) - C:\WINDOWS\System32\svchost.exe -k NetworkService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
dpti2o (dpti2o) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft Kernel DRM Audio Descrambler (drmkaud) - system32\drivers\drmkaud.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
EagleNT (EagleNT) - (File not found)) [On Demand - Stopped - Kernel driver]
3Com 3C2000x EtherLink XL Adapter (EL2000) - System32\DRIVERS\EL2K_XP.sys (3Com Corporation ) [On Demand - Stopped - Kernel driver]
Error Reporting Service (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Event Log (Eventlog) - C:\WINDOWS\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
COM+ Event System (EventSystem) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
ewido anti-spyware 4.0 driver (ewido anti-spyware 4.0 driver) - \??\F:\Ewido\ewido anti-spyware 4.0\guard.sys ( ) [ - Running - Kernel driver]
ewido anti-spyware 4.0 guard (ewido anti-spyware 4.0 guard) - F:\Ewido\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
Fastfat (Fastfat) - (File not found)) [Disabled - Running - Filesystem driver]
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Floppy Disk Controller Driver (Fdc) - System32\DRIVERS\fdc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Fips (Fips) - (File not found)) [ - Running - Kernel driver]
Floppy Disk Driver (Flpydisk) - System32\DRIVERS\flpydisk.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
FltMgr (FltMgr) - \SystemRoot\system32\drivers\fltmgr.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Volume Manager Driver (Ftdisk) - \SystemRoot\System32\DRIVERS\ftdisk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
G200 (G200) - system32\DRIVERS\g200mini.sys (Matrox Graphics Inc. ) [On Demand - Running - Kernel driver]
Generic Packet Classifier (Gpc) - System32\DRIVERS\msgpc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Help and Support (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Human Interface Device Access (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
hpn (hpn) - (File not found)) [Disabled - Stopped - Kernel driver]
HTTP (HTTP) - System32\Drivers\HTTP.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
i2omgmt (i2omgmt) - (File not found)) [ - Stopped - Kernel driver]
i2omp (i2omp) - (File not found)) [Disabled - Stopped - Kernel driver]
i8042 Keyboard and PS/2 Mouse Port Driver (i8042prt) - System32\DRIVERS\i8042prt.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IIS Admin (IISADMIN) - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
CD-Burning Filter Driver (Imapi) - System32\DRIVERS\imapi.sys (Microsoft Corporation ) [ - Stopped - Kernel driver]
IMAPI CD-Burning COM Service (ImapiService) - C:\WINDOWS\System32\imapi.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
ini910u (ini910u) - (File not found)) [Disabled - Stopped - Kernel driver]
IntelIde (IntelIde) - (File not found)) [Disabled - Stopped - Kernel driver]
Intel Processor Driver (intelppm) - System32\DRIVERS\intelppm.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IPv6 Windows Firewall Driver (Ip6Fw) - system32\drivers\ip6fw.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP Traffic Filter Driver (IpFilterDriver) - System32\DRIVERS\ipfltdrv.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP in IP Tunnel Driver (IpInIp) - System32\DRIVERS\ipinip.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP Network Address Translator (IpNat) - System32\DRIVERS\ipnat.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
IPSEC driver (IPSec) - System32\DRIVERS\ipsec.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IR Enumerator Service (IRENUM) - System32\DRIVERS\irenum.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
PnP ISA/EISA Bus Driver (isapnp) - \SystemRoot\System32\DRIVERS\isapnp.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Jukebox (Jukebox) - system32\DRIVERS\ctpdusb2.sys (Creative Technology Ltd. ) [On Demand - Stopped - Kernel driver]
Keyboard Class Driver (Kbdclass) - System32\DRIVERS\kbdclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Microsoft Kernel Wave Audio Mixer (kmixer) - system32\drivers\kmixer.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
KSecDD (KSecDD) - (File not found)) [ - Running - Kernel driver]
Server (lanmanserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Workstation (lanmanworkstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
lbrtfdc (lbrtfdc) - (File not found)) [ - Stopped - Kernel driver]
TCP/IP NetBIOS Helper (LmHosts) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Machine Debug Manager (MDM) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
Messenger (Messenger) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
MGABGEXE (MGABGEXE) - C:\WINDOWS\system32\mgabg.exe (Matrox Graphics Inc. ) [Automatic - Running - Win32, running in it's own process]
mnmdd (mnmdd) - (File not found)) [ - Running - Kernel driver]
NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\System32\mnmsrvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Modem (Modem) - (File not found)) [On Demand - Stopped - Kernel driver]
Mouse Class Driver (Mouclass) - System32\DRIVERS\mouclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Mount Point Manager (MountMgr) - (File not found)) [ - Running - Kernel driver]
mraid35x (mraid35x) - (File not found)) [Disabled - Stopped - Kernel driver]
WebDav Client Redirector (MRxDAV) - System32\DRIVERS\mrxdav.sys (Microsoft Corporation ) [On Demand - Running - Filesystem driver]
MRXSMB (MRxSmb) - System32\DRIVERS\mrxsmb.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\System32\msdtc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Msfs (Msfs) - (File not found)) [ - Running - Filesystem driver]
Windows Installer (MSIServer) - C:\WINDOWS\System32\msiexec.exe /V (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Microsoft Streaming Service Proxy (MSKSSRV) - system32\drivers\MSKSSRV.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Clock Proxy (MSPCLOCK) - system32\drivers\MSPCLOCK.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Quality Manager Proxy (MSPQM) - system32\drivers\MSPQM.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft System Management BIOS Driver (mssmbios) - System32\DRIVERS\mssmbios.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft Streaming Tee/Sink-to-Sink Converter (MSTEE) - system32\drivers\MSTEE.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Mup (Mup) - (File not found)) [ - Running - Filesystem driver]
NABTS/FEC VBI Codec (NABTSFEC) - System32\DRIVERS\NABTSFEC.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
NDIS System Driver (NDIS) - (File not found)) [ - Running - Kernel driver]
Microsoft TV/Video Connection (NdisIP) - System32\DRIVERS\NdisIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Remote Access NDIS TAPI Driver (NdisTapi) - System32\DRIVERS\ndistapi.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
NDIS Usermode I/O Protocol (Ndisuio) - System32\DRIVERS\ndisuio.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Remote Access NDIS WAN Driver (NdisWan) - System32\DRIVERS\ndiswan.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
NDIS Proxy (NDProxy) - (File not found)) [On Demand - Running - Kernel driver]
NetBIOS Interface (NetBIOS) - System32\DRIVERS\netbios.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
NetBios over Tcpip (NetBT) - System32\DRIVERS\netbt.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Network DDE (NetDDE) - C:\WINDOWS\system32\netdde.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Network DDE DSDM (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Net Logon (Netlogon) - C:\WINDOWS\System32\lsass.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Network Connections (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Network Location Awareness (NLA) (Nla) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Npfs (Npfs) - (File not found)) [ - Running - Filesystem driver]
Ntfs (Ntfs) - (File not found)) [Disabled - Running - Filesystem driver]
NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\System32\lsass.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Removable Storage (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Null (Null) - (File not found)) [ - Running - Kernel driver]
IPX Traffic Filter Driver (NwlnkFlt) - System32\DRIVERS\nwlnkflt.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IPX Traffic Forwarder Driver (NwlnkFwd) - System32\DRIVERS\nwlnkfwd.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Office Source Engine (ose) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
PS2 EyeToy SLEH-00031 Webcam (ovt519) - System32\Drivers\ov519vid.sys (File not found)) [On Demand - Stopped - Kernel driver]
Parallel port driver (Parport) - System32\DRIVERS\parport.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Partition Manager (PartMgr) - (File not found)) [ - Running - Kernel driver]
ParVdm (ParVdm) - (File not found)) [Automatic - Running - Kernel driver]
PCI Bus Driver (PCI) - \SystemRoot\System32\DRIVERS\pci.sys (Microsoft Corporation ) [ - Running - Kernel driver]
PCIDump (PCIDump) - (File not found)) [ - Stopped - Kernel driver]
PCIIde (PCIIde) - \SystemRoot\System32\DRIVERS\pciide.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Pcmcia (Pcmcia) - (File not found)) [Disabled - Stopped - Kernel driver]
PDCOMP (PDCOMP) - (File not found)) [On Demand - Stopped - Kernel driver]
PDFRAME (PDFRAME) - (File not found)) [On Demand - Stopped - Kernel driver]
PDRELI (PDRELI) - (File not found)) [On Demand - Stopped - Kernel driver]
PDRFRAME (PDRFRAME) - (File not found)) [On Demand - Stopped - Kernel driver]
perc2 (perc2) - (File not found)) [Disabled - Stopped - Kernel driver]
perc2hib (perc2hib) - (File not found)) [Disabled - Stopped - Kernel driver]
Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Microsoft IntelliPoint Filter Driver (Point32) - System32\DRIVERS\point32.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
IPSEC Services (PolicyAgent) - C:\WINDOWS\System32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
WAN Miniport (PPTP) (PptpMiniport) - System32\DRIVERS\raspptp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Processor Driver (Processor) - System32\DRIVERS\processr.sys (Microsoft Corporation ) [ - Stopped - Kernel driver]
Protected Storage (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
QoS Packet Scheduler (PSched) - System32\DRIVERS\psched.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Direct Parallel Link Driver (Ptilink) - System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc. ) [On Demand - Running - Kernel driver]
PxHelp20 (PxHelp20) - \SystemRoot\System32\DRIVERS\PxHelp20.sys (Sonic Solutions ) [ - Running - Kernel driver]
ql1080 (ql1080) - (File not found)) [Disabled - Stopped - Kernel driver]
Ql10wnt (Ql10wnt) - (File not found)) [Disabled - Stopped - Kernel driver]
ql12160 (ql12160) - (File not found)) [Disabled - Stopped - Kernel driver]
ql1240 (ql1240) - (File not found)) [Disabled - Stopped - Kernel driver]
ql1280 (ql1280) - (File not found)) [Disabled - Stopped - Kernel driver]
Remote Access Auto Connection Driver (RasAcd) - System32\DRIVERS\rasacd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Remote Access Auto Connection Manager (RasAuto) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
WAN Miniport (L2TP) (Rasl2tp) - System32\DRIVERS\rasl2tp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Remote Access Connection Manager (RasMan) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Remote Access PPPOE Driver (RasPppoe) - System32\DRIVERS\raspppoe.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Direct Parallel (Raspti) - System32\DRIVERS\raspti.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Rdbss (Rdbss) - System32\DRIVERS\rdbss.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
RDPCDD (RDPCDD) - System32\DRIVERS\RDPCDD.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Terminal Server Device Redirector Driver (rdpdr) - System32\DRIVERS\rdpdr.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
RDPWD (RDPWD) - (File not found)) [On Demand - Stopped - Kernel driver]
Remote Desktop Help Session Manager (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Digital CD Audio Playback Filter Driver (redbook) - System32\DRIVERS\redbook.sys (Microsoft Corporation ) [ - Stopped - Kernel driver]
Routing and Remote Access (RemoteAccess) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Remote Registry (RemoteRegistry) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Remote Procedure Call (RPC) Locator (RpcLocator) - C:\WINDOWS\System32\locator.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Remote Procedure Call (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
QoS RSVP (RSVP) - C:\WINDOWS\System32\rsvp.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Security Accounts Manager (SamSs) - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Smart Card (SCardSvr) - C:\WINDOWS\System32\SCardSvr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Task Scheduler (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Secdrv (Secdrv) - System32\DRIVERS\secdrv.sys ( ) [On Demand - Stopped - Kernel driver]
Secondary Logon (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
System Event Notification (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Serenum Filter Driver (serenum) - System32\DRIVERS\serenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Serial port driver (Serial) - System32\DRIVERS\serial.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Sfloppy (Sfloppy) - (File not found)) [ - Stopped - Kernel driver]
Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Shell Hardware Detection (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Simbad (Simbad) - (File not found)) [Disabled - Stopped - Kernel driver]
BDA Slip De-Framer (SLIP) - System32\DRIVERS\SLIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
smwdm (smwdm) - system32\drivers\smwdm.sys (Analog Devices, Inc. ) [On Demand - Running - Kernel driver]
SNMP Service (SNMP) - C:\WINDOWS\System32\snmp.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
SNMP Trap Service (SNMPTRAP) - C:\WINDOWS\System32\snmptrap.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Sony USB Filter Driver (SONYPVU1) (SONYPVU1) - System32\DRIVERS\SONYPVU1.SYS (Sony Corporation ) [On Demand - Stopped - Kernel driver]
Sparrow (Sparrow) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft Kernel Audio Splitter (splitter) - system32\drivers\splitter.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
System Restore Filter Driver (sr) - \SystemRoot\System32\DRIVERS\sr.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
srescan (srescan) - \SystemRoot\system32\ZoneLabs\srescan.sys (Zone Labs, LLC ) [ - Running - Kernel driver]
System Restore Service (srservice) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Srv (Srv) - System32\DRIVERS\srv.sys (Microsoft Corporation ) [On Demand - Running - Filesystem driver]
SSDP Discovery Service (SSDPSRV) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\System32\svchost.exe -k imgsvc (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
BDA IPSink (streamip) - System32\DRIVERS\StreamIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Software Bus Driver (swenum) - System32\DRIVERS\swenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft Kernel GS Wavetable Synthesizer (swmidi) - system32\drivers\swmidi.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\System32\dllhost.exe /Processid:{97549877-AD6D-40E6-B856-E4C5478F9226} (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
symc810 (symc810) - (File not found)) [Disabled - Stopped - Kernel driver]
symc8xx (symc8xx) - (File not found)) [Disabled - Stopped - Kernel driver]
sym_hi (sym_hi) - (File not found)) [Disabled - Stopped - Kernel driver]
sym_u3 (sym_u3) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft Kernel System Audio Device (sysaudio) - system32\drivers\sysaudio.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Performance Logs and Alerts (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Telephony (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
TCP/IP Protocol Driver (Tcpip) - System32\DRIVERS\tcpip.sys (Microsoft Corporation ) [ - Running - Kernel driver]
TDPIPE (TDPIPE) - (File not found)) [On Demand - Stopped - Kernel driver]
TDTCP (TDTCP) - (File not found)) [On Demand - Stopped - Kernel driver]
Terminal Device Driver (TermDD) - System32\DRIVERS\termdd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Terminal Services (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Themes (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Telnet (TlntSvr) - C:\WINDOWS\System32\tlntsvr.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in it's own process]
TosIde (TosIde) - (File not found)) [Disabled - Stopped - Kernel driver]
Distributed Link Tracking Client (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
TSP (TSP) - (File not found)) [On Demand - Stopped - Kernel driver]
Udfs (Udfs) - (File not found)) [Disabled - Stopped - Filesystem driver]
ultra (ultra) - (File not found)) [Disabled - Stopped - Kernel driver]
Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
Microcode Update Driver (Update) - System32\DRIVERS\update.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Universal Plug and Play Device Host (upnphost) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Uninterruptible Power Supply (UPS) - C:\WINDOWS\System32\ups.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
USB Audio Driver (WDM) (usbaudio) - system32\drivers\usbaudio.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft USB Generic Parent Driver (usbccgp) - System32\DRIVERS\usbccgp.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver (usbehci) - System32\DRIVERS\usbehci.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft USB Standard Hub Driver (usbhub) - System32\DRIVERS\usbhub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
USB Scanner Driver (usbscan) - system32\DRIVERS\usbscan.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
USB Mass Storage

#9 Lauren_Marie

Lauren_Marie
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 28 September 2006 - 04:30 PM

USB Mass Storage Driver (USBSTOR) - System32\DRIVERS\USBSTOR.SYS (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft USB Universal Host Controller Miniport Driver (usbuhci) - System32\DRIVERS\usbuhci.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
User Privilege Service (usprserv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
VGA Display Controller. (VgaSave) - \SystemRoot\System32\drivers\vga.sys (Microsoft Corporation ) [ - Running - Kernel driver]
ViaIde (ViaIde) - (File not found)) [Disabled - Stopped - Kernel driver]
VolSnap (VolSnap) - (File not found)) [ - Running - Kernel driver]
vsdatant (vsdatant) - System32\vsdatant.sys (Zone Labs, LLC ) [ - Running - Kernel driver]
TrueVector Internet Monitor (vsmon) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (Zone Labs, LLC ) [Automatic - Running - Win32, running in it's own process]
Volume Shadow Copy (VSS) - C:\WINDOWS\System32\vssvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Windows Time (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
World Wide Web Publishing (W3SVC) - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Remote Access IP ARP Driver (Wanarp) - System32\DRIVERS\wanarp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
WAN Miniport (ATW) (wanatw) - System32\DRIVERS\wanatw4.sys (America Online, Inc. ) [On Demand - Stopped - Kernel driver]
WDICA (WDICA) - (File not found)) [On Demand - Stopped - Kernel driver]
Microsoft WINMM WDM Audio Compatibility Driver (wdmaud) - system32\drivers\wdmaud.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
WebClient (WebClient) - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
wg4n (wg4n) - \SystemRoot\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc. ) [Automatic - Running - Kernel driver]
wg5n (wg5n) - \SystemRoot\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc. ) [Automatic - Running - Kernel driver]
wg6n (wg6n) - \SystemRoot\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc. ) [Automatic - Running - Kernel driver]
Windows Management Instrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Portable Media Serial Number Service (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Windows Management Instrumentation Driver Extensions (Wmi) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
WMI Performance Adapter (WmiApSrv) - C:\WINDOWS\System32\wbem\wmiapsrv.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Windows Socket 2.0 Non-IFS Service Provider Support Environment (WS2IFSL) - \SystemRoot\System32\drivers\ws2ifsl.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Security Center (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
World Standard Teletext Codec (WSTCODEC) - System32\DRIVERS\WSTCODEC.SYS (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Automatic Updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Wireless Zero Configuration (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Network Provisioning Service (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwxp) - system32\DRIVERS\yk51x86.sys (Marvell ) [On Demand - Running - Kernel driver]

< Files >

%SystemDrive%
C:\ComboFix.txt - KavSvc ( [Ver = | Size = 14680 bytes | Date = 09/27/2006 17:22 | Attr = ])
C:\ComboFix2.txt - KavSvc ( [Ver = | Size = 12121 bytes | Date = 09/07/2006 21:32 | Attr = ])

%ProgramFilesDir%

%WinDir%
C:\WINDOWS\Dotest.exe - PEC2 (Sonbry Marketing International 813-661-4530 Contact John Bryson [Ver = 1.00.0019 | Size = 365056 bytes | Date = 05/25/2002 17:28 | Attr = ])
C:\WINDOWS\iis6.log - KavSvc ( [Ver = | Size = 1664220 bytes | Date = 09/27/2006 02:00 | Attr = ])
C:\WINDOWS\LPT$VPN.955 - PECompact2 ( [Ver = | Size = 9563466 bytes | Date = 08/14/2004 13:26 | Attr = ])
C:\WINDOWS\VPTNFILE.955 - PECompact2 ( [Ver = | Size = 9563466 bytes | Date = 08/14/2004 13:26 | Attr = ])
C:\WINDOWS\vsapi32.dll - UPX! (Trend Micro Inc. [Ver = 7.000-1004 | Size = 1036800 bytes | Date = 08/14/2004 13:26 | Attr = ])
C:\WINDOWS\vsapi32.dll - aspack (Trend Micro Inc. [Ver = 7.000-1004 | Size = 1036800 bytes | Date = 08/14/2004 13:26 | Attr = ])

%System%
C:\WINDOWS\SYSTEM32\atrc8parb.ini - SAHAgent ( [Ver = | Size = 1347 bytes | Date = 04/11/2005 00:52 | Attr = ])
C:\WINDOWS\SYSTEM32\cpuinf32.dll - UPX! ( [Ver = | Size = 9216 bytes | Date = 09/17/2001 13:20 | Attr = ])
C:\WINDOWS\SYSTEM32\dfrg.msc - PEC2 ( [Ver = | Size = 41397 bytes | Date = 08/29/2002 10:00 | Attr = ])
C:\WINDOWS\SYSTEM32\divx.dll - PEC2 (DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Date = 07/03/2006 23:40 | Attr = ])
C:\WINDOWS\SYSTEM32\divx.dll - PECompact2 (DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Date = 07/03/2006 23:40 | Attr = ])
C:\WINDOWS\SYSTEM32\hqrhil7kg.ini - SAHAgent ( [Ver = | Size = 36 bytes | Date = 03/21/2005 10:28 | Attr = ])
C:\WINDOWS\SYSTEM32\LegitCheckControl.dll - PTech (Microsoft Corporation [Ver = 1.5.0530.0 | Size = 579888 bytes | Date = 05/17/2006 11:23 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - PECompact2 (Microsoft Corporation [Ver = 1.20.1625.0 | Size = 8960936 bytes | Date = 09/11/2006 10:37 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.20.1625.0 | Size = 8960936 bytes | Date = 09/11/2006 10:37 | Attr = ])
C:\WINDOWS\SYSTEM32\ntbackup.exe - WSUD (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\ntdll.dll - aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\rasdlg.dll - Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 08/29/2002 10:00 | Attr = ])

%System%\Drivers folder and sub-folders
C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys - PTech (Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Date = 08/04/2004 01:41 | Attr = ])

%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\Thumbs.db - ( [Ver = | Size = 7168 bytes | Date = 09/24/2006 19:00 | Attr = HS])
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a358e55d7450678a52d29ee572992237\BIT1.tmp - ( [Ver = | Size = 3444136 bytes | Date = 08/11/2006 20:20 | Attr = H ])
C:\WINDOWS\system32\vsconfig.xml - ( [Ver = | Size = 48882 bytes | Date = 09/28/2006 16:07 | Attr = H ])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat - ( [Ver = | Size = 11749 bytes | Date = 08/21/2006 09:00 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat - ( [Ver = | Size = 8847 bytes | Date = 09/18/2006 10:40 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/14/2006 20:38 | Attr = H ])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\800f9fe8-3b9c-4c4c-aa68-a5ab45c67396 - ( [Ver = | Size = 388 bytes | Date = 08/14/2006 23:15 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred - ( [Ver = | Size = 24 bytes | Date = 08/14/2006 23:16 | Attr = HS])
C:\WINDOWS\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 09/28/2006 16:06 | Attr = H ])
CPL files -
C:\WINDOWS\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 49265 bytes | Date = 04/13/2005 03:48 | Attr = ])
C:\WINDOWS\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/29/2002 10:00 | Attr = ])
C:\WINDOWS\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/29/2002 10:00 | Attr = ])
C:\WINDOWS\SYSTEM32\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\nwc.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 08/29/2002 10:00 | Attr = ])
C:\WINDOWS\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\QuickTime.cpl - (Apple Computer, Inc. [Ver = 6.5.1 | Size = 323072 bytes | Date = 04/08/2004 14:12 | Attr = ])
C:\WINDOWS\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/29/2002 10:00 | Attr = ])
C:\WINDOWS\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 04:16 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/29/2002 10:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/29/2002 10:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 08/29/2002 10:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/04/2004 03:56 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/29/2002 10:00 | Attr = ])

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 01/09/2004 01:16 | Attr = HS])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Lauren Marie\Start Menu\Programs\Startup
C:\Documents and Settings\Lauren Marie\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 01/09/2004 01:16 | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Wininit.ini: Line 1 - [rename]
Wininit.ini: Line 2 - NUL=InitTermMutex658
Config.nt: Line 1 - REM Windows MS-DOS Startup File
Config.nt: Line 2 - REM
Config.nt: Line 3 - REM CONFIG.SYS vs CONFIG.NT
Config.nt: Line 4 - REM CONFIG.SYS is not used to initialize the MS-DOS environment.
Config.nt: Line 5 - REM CONFIG.NT is used to initialize the MS-DOS environment unless a
Config.nt: Line 6 - REM different startup file is specified in an application's PIF.
Config.nt: Line 7 - REM
Config.nt: Line 8 - REM ECHOCONFIG
Config.nt: Line 9 - REM By default, no information is displayed when the MS-DOS environment
Config.nt: Line 10 - REM is initialized. To display CONFIG.NT/AUTOEXEC.NT information, add
Config.nt: Line 11 - REM the command echoconfig to CONFIG.NT or other startup file.
Config.nt: Line 12 - REM
Config.nt: Line 13 - REM NTCMDPROMPT
Config.nt: Line 14 - REM When you return to the command prompt from a TSR or while running an
Config.nt: Line 15 - REM MS-DOS-based application, Windows runs COMMAND.COM. This allows the
Config.nt: Line 16 - REM TSR to remain active. To run CMD.EXE, the Windows command prompt,
Config.nt: Line 17 - REM rather than COMMAND.COM, add the command ntcmdprompt to CONFIG.NT or
Config.nt: Line 18 - REM other startup file.
Config.nt: Line 19 - REM
Config.nt: Line 20 - REM DOSONLY
Config.nt: Line 21 - REM By default, you can start any type of application when running
Config.nt: Line 22 - REM COMMAND.COM. If you start an application other than an MS-DOS-based
Config.nt: Line 23 - REM application, any running TSR may be disrupted. To ensure that only
Config.nt: Line 24 - REM MS-DOS-based applications can be started, add the command dosonly to
Config.nt: Line 25 - REM CONFIG.NT or other startup file.
Config.nt: Line 26 - REM
Config.nt: Line 27 - REM EMM
Config.nt: Line 28 - REM You can use EMM command line to configure EMM(Expanded Memory Manager).
Config.nt: Line 29 - REM The syntax is:
Config.nt: Line 30 - REM
Config.nt: Line 31 - REM EMM = [A=AltRegSets] [B=BaseSegment] [RAM]
Config.nt: Line 32 - REM
Config.nt: Line 33 - REM AltRegSets
Config.nt: Line 34 - REM specifies the total Alternative Mapping Register Sets you
Config.nt: Line 35 - REM want the system to support. 1 <= AltRegSets <= 255. The
Config.nt: Line 36 - REM default value is 8.
Config.nt: Line 37 - REM BaseSegment
Config.nt: Line 38 - REM specifies the starting segment address in the Dos conventional
Config.nt: Line 39 - REM memory you want the system to allocate for EMM page frames.
Config.nt: Line 40 - REM The value must be given in Hexdecimal.
Config.nt: Line 41 - REM 0x1000 <= BaseSegment <= 0x4000. The value is rounded down to
Config.nt: Line 42 - REM 16KB boundary. The default value is 0x4000
Config.nt: Line 43 - REM RAM
Config.nt: Line 44 - REM specifies that the system should only allocate 64Kb address
Config.nt: Line 45 - REM space from the Upper Memory Block(UMB) area for EMM page frames
Config.nt: Line 46 - REM and leave the rests(if available) to be used by DOS to support
Config.nt: Line 47 - REM loadhigh and devicehigh commands. The system, by default, would
Config.nt: Line 48 - REM allocate all possible and available UMB for page frames.
Config.nt: Line 49 - REM
Config.nt: Line 50 - REM The EMM size is determined by pif file(either the one associated
Config.nt: Line 51 - REM with your application or _default.pif). If the size from PIF file
Config.nt: Line 52 - REM is zero, EMM will be disabled and the EMM line will be ignored.
Config.nt: Line 53 - REM
Config.nt: Line 54 - dos=high, umb
Config.nt: Line 55 - device=%SystemRoot%\system32\himem.sys
Config.nt: Line 56 - files=40
AutoExec.nt: Line 1 - @echo off
AutoExec.nt: Line 3 - REM AUTOEXEC.BAT is not used to initialize the MS-DOS environment.
AutoExec.nt: Line 4 - REM AUTOEXEC.NT is used to initialize the MS-DOS environment unless a
AutoExec.nt: Line 5 - REM different startup file is specified in an application's PIF.
AutoExec.nt: Line 7 - REM Install CD ROM extensions
AutoExec.nt: Line 8 - lh %SystemRoot%\system32\mscdexnt.exe
AutoExec.nt: Line 10 - REM Install network redirector (load before dosx.exe)
AutoExec.nt: Line 11 - lh %SystemRoot%\system32\redir
AutoExec.nt: Line 13 - REM Install DPMI support
AutoExec.nt: Line 14 - lh %SystemRoot%\system32\dosx
AutoExec.nt: Line 16 - REM The following line enables Sound Blaster 2.0 support on NTVDM.
AutoExec.nt: Line 17 - REM The command for setting the BLASTER environment is as follows:
AutoExec.nt: Line 18 - REM SET BLASTER=A220 I5 D1 P330
AutoExec.nt: Line 19 - REM where:
AutoExec.nt: Line 20 - REM A specifies the sound blaster's base I/O port
AutoExec.nt: Line 21 - REM I specifies the interrupt request line
AutoExec.nt: Line 22 - REM D specifies the 8-bit DMA channel
AutoExec.nt: Line 23 - REM P specifies the MPU-401 base I/O port
AutoExec.nt: Line 24 - REM T specifies the type of sound blaster card
AutoExec.nt: Line 25 - REM 1 - Sound Blaster 1.5
AutoExec.nt: Line 26 - REM 2 - Sound Blaster Pro I
AutoExec.nt: Line 27 - REM 3 - Sound Blaster 2.0
AutoExec.nt: Line 28 - REM 4 - Sound Blaster Pro II
AutoExec.nt: Line 29 - REM 6 - SOund Blaster 16/AWE 32/32/64
AutoExec.nt: Line 30 - REM
AutoExec.nt: Line 31 - REM The default value is A220 I5 D1 T3 and P330. If any of the switches is
AutoExec.nt: Line 32 - REM left unspecified, the default value will be used. (NOTE, since all the
AutoExec.nt: Line 33 - REM ports are virtualized, the information provided here does not have to
AutoExec.nt: Line 34 - REM match the real hardware setting.) NTVDM supports Sound Blaster 2.0 only.
AutoExec.nt: Line 35 - REM The T switch must be set to 3, if specified.
AutoExec.nt: Line 36 - SET BLASTER=A220 I5 D1 P330 T3
AutoExec.nt: Line 38 - REM To disable the sound blaster 2.0 support on NTVDM, specify an invalid
AutoExec.nt: Line 39 - REM SB base I/O port address. For example:
AutoExec.nt: Line 40 - REM SET BLASTER=A0

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\addr_file.html - ( [Ver = | Size = 305 bytes | Date = 06/26/2006 22:36 | Attr = ])
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 01/09/2004 04:55 | Attr = HS])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Lauren Marie\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 01/09/2004 04:55 | Attr = HS])

Program Files Folder

Common Files Folder

DPF files
{00B71CFB-6864-4346-A978-C0A14556272C} - Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
{0835BC90-6ABC-4F52-A103-4FC3A61F2C33} - A18X Control - CodeBase = http://www.albatross18.com/cabs/A18X.ocx
{10093E98-C073-4C75-8D0E-FB5CD3A71D33} - ZoneUpwords Object - CodeBase = http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
{14B87622-7E19-4EA8-93B3-97215F77A6BC} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=48835
{17D72920-7A15-11D4-921E-0080C8DA7A5E} - AimSp32 Class - CodeBase = http://rimmel.ai-media.com/save/makeover.cab
{2A510DC8-C9B5-4269-B9BA-E5B04D47D981} - CPlayFirstDDSonicControl Object - CodeBase = http://www.shockwave.com/content/dinerdash...ic.1.0.0.92.cab
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - YInstStarter Class - CodeBase = http://download.yahoo.com/dl/installs/yinst0401.cab
{37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - - CodeBase = http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab
{5F8469B4-B055-49DD-83F7-62B522420ECC} - Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/Facebo...otoUploader.cab
{639658F3-B141-4D6B-B936-226F75A5EAC3} - CPlayFirstDinerDash2Control Object - CodeBase = http://www.shockwave.com/content/dinerdash...h2.1.0.0.53.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
{94B82441-A413-4E43-8422-D49930E69764} - - CodeBase = https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
{9AA73F41-EC64-489E-9A73-9CD52E528BC4} - ZoneAxRcMgr Class - CodeBase = http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...7995.9149305556
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMesse...pDownloader.cab
{B8BE5E93-A60C-4D26-A2DC-220313175592} - ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
{B9191F79-5613-4C76-AA2A-398534BB8999} - - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
{DA758BB1-5F89-4465-975F-8D7179A4BCF3} - WheelofFortune Object - CodeBase = http://messenger.zone.msn.com/binary/WoF.cab31267.cab
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - - CodeBase = http://www.popcap.com/games/popcaploader_v6.cab
DirectAnimation Java Classes - - CodeBase =
Microsoft XML Parser for Java - - CodeBase =
Yahoo! Pool 2 - - CodeBase = http://download.games.yahoo.com/games/clients/y/potd_x.cab

Hosts file = 35 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhostq Qu%# -

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 5
Desktop\Components\0 -
Desktop\Components\0\\Source - About:Home
Desktop\Components\0\\SubscribedURL - About:Home
Desktop\Components\0\\FriendlyName - My Current Home Page
Desktop\Components\0\\Flags - 2
Desktop\Components\0\\Position - 2C 00 00 00 CC 00 00 00 00 00 00 00 34 03 00 00 E2 02 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 04 00 00 40
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 9C 00 00 00 00 00 00 00 64 03 00 00 E2 02 00 00 04 00 00 40
Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 9C 00 00 00 00 00 00 00 64 03 00 00 E2 02 00 00 01 00 00 00
Desktop\General -
Desktop\General\\BackupWallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\General\\WallpaperFileTime - 08 5C 07 29 F8 E1 C6 01
Desktop\General\\WallpaperLocalFileTime - 08 BC F5 A1 D6 E1 C6 01
Desktop\General\\ComponentsPositioned - 2
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 2
Desktop\General\\Wallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 00 04 00 00 E2 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\explorer -
policies\explorer\run -
policies\Ext -
policies\Ext\CLSID -
policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} - 1
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Associations -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\Explorer\\SpecifyDefaultButtons - 0
policies\Explorer\\Btn_Search - 0
policies\Explorer\Run -
policies\System -

>>>>Output for AddOn file SID_Run_Policies.def<<<<

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run -

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145

< End of report >

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 28 September 2006 - 05:10 PM

Well it wouldnt be hard to miss something in all that information. :thumbsup:

Ill have to look at it a time or 2 more to be able to digest everything.


Download GMER from Here

Right Click the Zip and Select "Extract All"

Double Click gmer.exe to launch the program.

Click on the Rootkit Tab and then click Scan.

It takes a while to run,once complete,copy the results to notepad and save them somewhere safe.

Post those results in the next reply.


Also,do me a favor and update Ewido with the latest defintions.

Restart in Safe Mode and be sure Ewido is the only thing open.

Scan the system and clean whatever it finds.

Save the report and post it in the next reply.

#11 Lauren_Marie

Lauren_Marie
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  

Posted 28 September 2006 - 10:08 PM

GMER 1.0.11.11384 - http://www.gmer.net
Rootkit 2006-09-28 23:03:47
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess <-- ROOTKIT !!!

---- Devices - GMER 1.0.11 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [B8E8BA80] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B8E8BA80] vsdatant.sys

---- Registry - GMER 1.0.11 ----

Reg \Registry\USER\S-1-5-21-436374069-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Ynhera Znevr\Zl Qbphzragf\qbjaybnq\zvgnyvnatbqqrffr\TnzrUbhfr_Vafnavdhnevhz_Qryhkr_i1.0.0.1_Naq_Frei_Nhgu_Cngpu_ol_RZOENPR\TnzrUbhfr.Vafnavdhnevhz.Qryhkr.i1.0.0.1.JvaNYY.Xrlznxre.Bayl.Naq.Frei.Nhgu.Cngpu-RZOENPR\Vafnavdhnevhz_xt.rkr 0xD4 0x01 0x00 0x00 ...

---- Files - GMER 1.0.11 ----

ADS C:\!KillBox\biini.inf:KAVICHS <-- ROOTKIT !!!
ADS C:\!KillBox\usta33.ini:KAVICHS <-- ROOTKIT !!!
ADS C:\boot.ini:KAVICHS <-- ROOTKIT !!!
ADS C:\Documents and Settings\Administrator\Application Data\desktop.ini:KAVICHS <-- ROOTKIT !!!
ADS C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak:KAVICHS <-- ROOTKIT !!!
ADS C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt:KAVICHS <-- ROOTKIT !!!
ADS C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt:KAVICHS <-- ROOTKIT !!!
ADS C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini:KAVICHS <-- ROOTKIT !!!
ADS C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk:KAVICHS <-- ROOTKIT !!!
ADS C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:KAVICHS <-- ROOTKIT !!!
ADS C:\Documents and Settings\Administrator\Cookies\index.dat:KAVICHS <-- ROOTKIT !!!
ADS ... <-- ROOTKIT !!!
ADS C:\Documents and Settings\Lauren Marie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat:KAVICHS


DO YOU KNOW WHAT THE PROBLEM MAY BE SO FAR? :D

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 29 September 2006 - 03:33 PM

I have not seen anything in the logs so far that would justify the amound of IE processes I saw in your first log.


Move blbeta.exe (Blacklight) to your C:\ drive

Click Start--> Click Run--> Copy&Paste all thge bold text below into the open Run box and Click OK.

C:\blbeta.exe /expert


See if it will launch.


Next,restart the PC fresh and be sure not to launch Internet Explorer.

As soon as the system loads,Scan with HijackThis.

Still in HijackThis:

Let me see a HijackThis Start Up log.

Open HijackThis and Click the "Open Misc Tools Section" tab.

Select Generate StartUpList log and make sure that both Boxes beside it are checked:

Put a check by:
List all minor sections(Full)
and
List Empty Sections(Complete)

It will produce a NotePad Page,I need you to copy the entire contents of that page to the next reply along with the HijackThis log and the log from Blacklight,if it ran.

#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:42 AM

Posted 29 September 2006 - 04:51 PM

Hi Lauren_Marie. Cretemonster and I were discussing this issue and I have a question for you.

Was IE7 installed on this PC and then removed? It appears that there are a number of registry entries related specifically to IE7 and that could be the problem.

Let us know.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 Lauren_Marie

Lauren_Marie
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 29 September 2006 - 09:13 PM

Yes. I didn't like it! It sucked lol!
I removed it the right way, I dont know why its still there.

i will run thoe things, Crete

#15 Lauren_Marie

Lauren_Marie
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  

Posted 29 September 2006 - 09:18 PM

Nope, Blacklight didnt RUN! :thumbsup:

Here is my hijack this file again

StartupList report, 9/29/2006, 10:14:58 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Lauren Marie\My Documents\Unzipped\hijackthis[1]\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
F:\Zone Alarm\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
F:\Ewido\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lauren Marie\My Documents\Unzipped\hijackthis[1]\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Lauren Marie\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

{0228e555-4f9c-4e35-a3ec-b109a192b4c2} = c:\Program Files\Google\Gmail Notifier\gnotify.exe
avgnt = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
Zone Labs Client = "F:\Zone Alarm\ZoneAlarm\zlclient.exe"
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AWMON = "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
viewmgr =

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /HideWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: *Registry value not found*
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Yahoo! Pool 2]
CODEBASE = http://download.games.yahoo.com/games/clients/y/potd_x.cab
OSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Pool 2.osd

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

[A18X Control]
InProcServer32 = C:\WINDOWS\DOWNLO~2\A18X.ocx
CODEBASE = http://www.albatross18.com/cabs/A18X.ocx

[ZoneUpwords Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Upwords.ocx
CODEBASE = http://messenger.zone.msn.com/binary/Upwords.cab31267.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/get/shock...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=48835

[AimSp32 Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\aimsp32.dll
CODEBASE = http://rimmel.ai-media.com/save/makeover.cab

[CPlayFirstDDSonicControl Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\DDSonic.1.0.0.92.dll
CODEBASE = http://www.shockwave.com/content/dinerdash...ic.1.0.0.92.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://download.yahoo.com/dl/installs/yinst0401.cab

[{37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40}]
CODEBASE = http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab

[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~2\oscan8.ocx
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

[Facebook Photo Uploader Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx
CODEBASE = http://upload.facebook.com/controls/Facebo...otoUploader.cab

[CPlayFirstDinerDash2Control Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53.dll
CODEBASE = http://www.shockwave.com/content/dinerdash...h2.1.0.0.53.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

[{94B82441-A413-4E43-8422-D49930E69764}]
CODEBASE = https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB

[ZoneAxRcMgr Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZAxRcMgr.ocx
CODEBASE = http://messenger.zone.msn.com/binary/ZAxRcMgr.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7995.9149305556

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMesse...pDownloader.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

[Java Plug-in 1.4.2_05]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[WheelofFortune Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WoF.ocx
CODEBASE = http://messenger.zone.msn.com/binary/WoF.cab31267.cab

[{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]
CODEBASE = http://www.popcap.com/games/popcaploader_v6.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AntiVir PersonalEdition Classic Scheduler: C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (autostart)
AntiVir PersonalEdition Classic Guard: C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (autostart)
AOL Spyware Protection Service: C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (disabled)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Antivirus Filter Driver: \SystemRoot\system32\drivers\av5flt.sys (manual start)
avgio: \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys (system)
avgntflt: \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BrSplService: C:\WINDOWS\System32\brsvc01a.exe (disabled)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
3Com 3C2000x EtherLink XL Adapter: System32\DRIVERS\EL2K_XP.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido anti-spyware 4.0 driver: \??\F:\Ewido\ewido anti-spyware 4.0\guard.sys (system)
ewido anti-spyware 4.0 guard: F:\Ewido\ewido anti-spyware 4.0\guard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
G200: system32\DRIVERS\g200mini.sys (manual start)
gmer: System32\DRIVERS\gmer.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IIS Admin: C:\WINDOWS\system32\inetsrv\inetinfo.exe (autostart)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Jukebox: system32\DRIVERS\ctpdusb2.sys (manual start)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
MGABGEXE: %SystemRoot%\system32\mgabg.exe (autostart)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
PS2 EyeToy SLEH-00031 Webcam: System32\Drivers\ov519vid.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Microsoft IntelliPoint Filter Driver: System32\DRIVERS\point32.sys (manual start)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Simple Mail Transfer Protocol (SMTP): C:\WINDOWS\system32\inetsrv\inetinfo.exe (autostart)
smwdm: system32\drivers\smwdm.sys (manual start)
SNMP Service: %SystemRoot%\System32\snmp.exe (autostart)
SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start)
Sony USB Filter Driver (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{97549877-AD6D-40E6-B856-E4C5478F9226} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
User Privilege Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Wide Web Publishing: %SystemRoot%\system32\inetsrv\inetinfo.exe (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
wg4n: \SystemRoot\SYSTEM32\Drivers\wg4n.sys (autostart)
wg5n: \SystemRoot\SYSTEM32\Drivers\wg5n.sys (autostart)
wg6n: \SystemRoot\SYSTEM32\Drivers\wg6n.sys (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller: system32\DRIVERS\yk51x86.sys (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = *Registry value not found*

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 36,928 bytes
Report generated in 0.187 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only





Logfile of HijackThis v1.99.1
Scan saved at 10:16:06 PM, on 9/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
F:\Zone Alarm\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
F:\Ewido\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\LAUREN~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Lauren Marie\My Documents\Unzipped\hijackthis[1]\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Zone Alarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://rimmel.ai-media.com/save/makeover.cab
O16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) - http://www.shockwave.com/content/dinerdash...ic.1.0.0.92.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Ewido\ewido anti-spyware 4.0\guard.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users