Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager Has Gone Missing


  • This topic is locked This topic is locked
11 replies to this topic

#1 HansJ

HansJ

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 01 October 2006 - 05:28 PM

I have been unable to use Task Manager for the past several days. In this and other forums I have read that Adware etc might be the cause. I have followed the Preparation guide from this site and although I found a number of entries and removed them, the problem is still with me. I am therefore attaching my Hijack This Log in hopes that someone may be able to help. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 5:10:55 PM, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.PDeskNet.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Gateway\EzTune\DTHtml.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Hans Lange\My Documents\Downloaded Programs\Hijack spyeare util\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB001" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Matrox PowerDesk 8] C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe /silent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DT Task] C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [WinColorReminder] C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: ColorPlus Startup.lnk = C:\Program Files\PANTONE COLORVISION\ColorPlus\ColorPlus.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-hans lange.html
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 8\Web\MCIEContext.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: MasterCook Web Import Bar - {E6EF5071-7647-4E85-9785-87B6CF5CB561} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-hans lange.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-hans lange.html (HKCU)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1100709505328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144674515468
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv1.view22.com/app/view22rte.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGAFGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgafg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

HansJ

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:29 AM

Posted 08 October 2006 - 08:50 AM

Hello HansJ and welcome to the BC HijackThis forum. Let's dig a little deeper and see what we find.

Download WinPFind2.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind2 on your desktop.
  • Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.
  • Keep the standard settings.
  • In the AddOn-Options group click the checkboxes for
    • HKCU_IEDesktop.def
    • Jobs.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button to post the information back here and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 HansJ

HansJ
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 08 October 2006 - 10:25 AM

Hello OT,

Glad to hear from you. Have downloaded your program, opened it, and double clicked winpfind2.exe. Unfortunately, the result was a message showing IO error code 103. When I clicked on it, your program opened up with the confiog. tab showing. I then clicked on the AddOn-Options tab and found the resulting screen to have no checkboxes at all. It would appear that what ever is wrong with my computer may have effected your program also.

I am about ready to try and restore to the oldest point I have, 23 Sept. But am reluctant to do so in case whatever I have will corrupt that also. So, I 'll wait to hear from you.

Thanks

HansJ

#4 HansJ

HansJ
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 08 October 2006 - 05:35 PM

Hi OT,

Tried again and had success. Not sure where the error message came from, but I was partially at fault for not seeing the AddOn-Options in the config tab, but looking for them in the AddOn tab.

Anywat, here are the results;

Logfile created on: 10/08/2006 17:26
WinPFind2 by OldTimer - Version 1.0.11 Folder = C:\Documents and Settings\Hans Lange\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< Processes (Non-Microsoft Only) >
c:\program files\norton password manager\acctmgr.exe - (Symantec Corporation )
c:\program files\iomega\autodisk\adservice.exe - (Iomega Corporation )
c:\program files\iomega\autodisk\adusermon.exe - (Iomega Corporation )
c:\program files\symantec\liveupdate\aluschedulersvc.exe - (Symantec Corporation )
c:\progra~1\iomega\system32\appservices.exe - (Iomega Corporation )
c:\program files\common files\symantec shared\ccapp.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\ccevtmgr.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\ccproxy.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\ccsetmgr.exe - (Symantec Corporation )
c:\program files\citi virtual account numbers\citivan.exe - (Orbiscom Ltd. All rights reserved. )
c:\program files\common files\roxio shared\sharedcom8\cpshelprunner.exe - (Sonic Solutions )
c:\program files\creative\sbaudigy2zs\dvdaudio\ctdvddet.exe - (Creative Technology Ltd )
c:\windows\system32\cthelper.exe - (Creative Technology Ltd )
c:\windows\system32\ctsvccda.exe - (Creative Technology Ltd )
c:\program files\creative\sbaudigy2zs\surround mixer\ctsysvol.exe - (Creative Technology Ltd )
c:\program files\executive software\diskeeperlite\dkservice.exe - (Executive Software International, Inc. )
c:\program files\roxio\easy media creator 8\drag to disc\drgtodsc.exe - (Sonic Solutions )
c:\program files\gateway\eztune\dthtml.exe - (Portrait Displays, Inc )
c:\program files\gateway\eztune\dtsrvc.exe - ( )
c:\program files\gateway\eztune\dtsslsrv.exe - ( )
c:\windows\system32\spool\drivers\w32x86\3\e_s4i2j1.exe - (SEIKO EPSON CORPORATION )
c:\program files\portrait displays\pivot software\floater.exe - ( )
c:\program files\google\googletoolbarnotifier\1.0.720.3640\googletoolbarnotifier.exe - (Google Inc. )
c:\program files\intel\intel application accelerator\iaanotif.exe - (Intel )
c:\program files\intel\intel application accelerator\iaantmon.exe - (Intel )
c:\program files\iomega\driveicons\imgicon.exe - (Iomega )
c:\program files\intel\intel® active monitor\imonnt.exe - (Intel Corp. )
c:\program files\intel\intel® active monitor\imontray.exe - ( )
c:\program files\ipod\bin\ipodservice.exe - (Apple Computer, Inc. )
c:\program files\itunes\ituneshelper.exe - (Apple Computer, Inc. )
c:\program files\common files\logitech\khal\khalmnpr.exe - (Logitech Inc. )
c:\windows\system32\powerdesk8\matrox.powerdesk.pdesknet.exe - (Matrox Graphics Inc. )
c:\program files\norton internet security\norton antivirus\navapsvc.exe - (Symantec Corporation )
c:\progra~1\norton~1\norton~1\speedd~1\nopdb.exe - (Symantec Corporation )
c:\progra~1\norton~1\norton~1\nprotect.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\security console\nscsrvce.exe - (Symantec Corporation )
c:\program files\common files\real\update_ob\realsched.exe - (RealNetworks, Inc. )
c:\program files\common files\roxio shared\sharedcom8\roxwatch.exe - (Sonic Solutions )
c:\program files\common files\roxio shared\sharedcom8\roxwatchtray.exe - ( )
c:\program files\common files\epson\ebapi\sagent2.exe - (SEIKO EPSON CORPORATION )
c:\program files\spyware doctor\sdhelp.exe - (PC Tools Research Pty Ltd )
c:\program files\logitech\setpoint\setpoint.exe - (Logitech Inc. )
c:\windows\sm1bg.exe - (Cypress Semiconductor )
c:\program files\common files\symantec shared\sndsrvc.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe - (Symantec Corporation )
c:\progra~1\spywar~1\swdoctor.exe - (PC Tools Research Pty Ltd )
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe - (Symantec Corporation )
c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe - (Ulead Systems, Inc. )
c:\documents and settings\hans lange\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )
c:\program files\portrait displays\pivot software\wpctrl.exe - ( )
c:\program files\webroot\washer\wwdisp.exe - (Webroot Software )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM->Main\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKCU->Main\\Start Page - about:blank
HKCU->Main\\Search Bar - http://www.google.com/ie
HKCU->Main\\Search Page - http://www.google.com
HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM->Search\\SearchAssistant - http://www.google.com/ie
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride - localhost

[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{387EDF53-1CF2-4523-BC2F-13462651BE8C} - CitiUSBrowserHelper Class = C:\WINDOWS\system32\BhoCitUS.dll (Orbiscom Ltd. All rights reserved. )
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (PC Tools )
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation )
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar2.dll (Google Inc. )
{B56A7D7D-6927-48C8-A975-17DF180C71AC} - PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (PC Tools )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
{C92041C1-6D22-4069-BA0E-66246AA752B0} - MasterCook Bar = C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{21569614-B795-46B1-85F4-E737A8DC09AD} - Shell Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{32683183-48a0-441b-a342-7c2a440a9478} - Reg Data missing or invalid = Reg Data missing or invalid (File not found)
{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security 2006 = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation )
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc. )
{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc. )
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data missing or invalid = Reg Data missing or invalid (File not found)
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Norton Internet Security 2006 = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc. )
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data missing or invalid = Reg Data missing or invalid (File not found)
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Toolbar = Reg Data missing or invalid (File not found)

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8197 - Sun Java Console
{1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - 8195 - Reg Data missing or invalid
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8200 - Reg Data missing or invalid
{44226DFF-747E-4edc-B30C-78752E50CD0C} - 8193 - Reg Data missing or invalid
{4C730913-3961-439b-83D5-F4E445520422} - 8196 - Reg Data missing or invalid
{A5ABA0BB-F195-40d8-A5E9-0801153E6597} - 8199 - Add to EverNote
{E6EF5071-7647-4E85-9785-87B6CF5CB561} - 8198 - Reg Data missing or invalid
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 - Windows Messenger
NextId - 8201

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll (Sun Microsystems, Inc. )
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - ButtonText: Spyware Doctor = Reg Data missing or invalid (File not found)
{44226DFF-747E-4edc-B30C-78752E50CD0C} - ButtonText: ATI TV = Reg Data missing or invalid (File not found)
{4C730913-3961-439b-83D5-F4E445520422} - ButtonText: Citi = C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved. )
{A5ABA0BB-F195-40d8-A5E9-0801153E6597} - ButtonText: Add to EverNote = Reg Data missing or invalid (File not found)
{E6EF5071-7647-4E85-9785-87B6CF5CB561} - ButtonText: MasterCook Web Import Bar = Reg Data missing or invalid (File not found)
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )

[HKCU-> Internet Explorer Menu Extensions]
AccountLogon - C:\WINDOWS\al-popup-hans lange.html (File not found)
Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000 (EverNote Corporation )
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation )
MasterCook: Select Image - C:\Program Files\MasterCook 8\Web\MCIEContext.hta ( )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data missing or invalid (File not found)
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found)
{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} - RXDCExtShlExt extension = C:\Program Files\Roxio\Easy Media Creator 8\Virtual Drive\DC_ShellExt.dll ( )
{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = Reg Data missing or invalid (File not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = Reg Data missing or invalid (File not found)
{5E44E225-A408-11CF-B581-008029601108} - Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll (Sonic Solutions )
{654D0431-C930-43C4-B8DA-9AA01BA5B486} - PDI GUI Engine COM Obj = C:\Program Files\Gateway\EzTune\HtmlEngine.dll (Portrait Displays, Inc )
{6EE51AA0-77A0-11D7-B4E1-000347126E46} - Window Washer Shell Shredding Utility = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL (Webroot Software )
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found)
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc. )
{A7B1D2E1-5E71-4975-B8D9-FC4A1FB6B0A6} - Matrox PowerDesk Page = C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.PDeskPage.dll (Matrox Graphics Inc. )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc. )
{c7745760-8ead-11ce-b750-02608ca5202c} - IomegaWare Shell Extension = C:\Program Files\Iomega\Shell\ImgMenu.dll (Iomega Corp. )
{c7745761-8ead-11ce-b750-02608ca5202c} - IomegaWare Shell Extension = C:\Program Files\Iomega\Shell\ImgProp.dll (Iomega Corp. )
{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - RXDCExtSvr - {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} = C:\Program Files\Roxio\Easy Media Creator 8\Virtual Drive\DC_ShellExt.dll ( )
* - Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
* - Washer - {6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL (Webroot Software )
* - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )
AllFilesystemObjects - Copy To - Reg Data missing or invalid = Reg Data missing or invalid (File not found)
AllFilesystemObjects - Move To - Reg Data missing or invalid = Reg Data missing or invalid (File not found)
Directory - Washer - {6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL (Webroot Software )
Directory - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )
Folder - RXDCExtSvr - {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} = C:\Program Files\Roxio\Easy Media Creator 8\Virtual Drive\DC_ShellExt.dll ( )
Folder - Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
Folder - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]
Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )
Folder - AutorunsDisabled - Reg Data missing or invalid = Reg Data missing or invalid (File not found)

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\System32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\ - (File not found)
HKLM->Run\\AcctMgr - C:\Program Files\Norton Password Manager\AcctMgr.exe /startup (Symantec Corporation )
HKLM->Run\\ADUserMon - C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation )
HKLM->Run\\ccApp - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation )
HKLM->Run\\CitiVAN - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards (Orbiscom Ltd. All rights reserved. )
HKLM->Run\\CTDVDDET - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE (Creative Technology Ltd )
HKLM->Run\\CTHelper - CTHELPER.EXE (Creative Technology Ltd )
HKLM->Run\\CTSysVol - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd )
HKLM->Run\\Deskup - C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART (Iomega )
HKLM->Run\\DT Task - C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder (Portrait Displays, Inc )
HKLM->Run\\EPSON Stylus Photo R800 - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB001" /M "Stylus Photo R800" (SEIKO EPSON CORPORATION )
HKLM->Run\\IAAnotif - C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel )
HKLM->Run\\IMONTRAY - C:\Program Files\Intel\Intel® Active Monitor\imontray.exe ( )
HKLM->Run\\Iomega Drive Icons - C:\Program Files\Iomega\DriveIcons\ImgIcon.exe (Iomega )
HKLM->Run\\iTunesHelper - "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc. )
HKLM->Run\\Matrox PowerDesk 8 - C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe /silent (File not found)
HKLM->Run\\NWEReboot - (File not found)
HKLM->Run\\PivotSoftware - "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" ( )
HKLM->Run\\RemoteCenter - (File not found)
HKLM->Run\\RoxioDragToDisc - "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" (Sonic Solutions )
HKLM->Run\\RoxWatchTray - "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" ( )
HKLM->Run\\SBDrvDet - C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r (Creative Technology Ltd )
HKLM->Run\\SM1BG - C:\WINDOWS\SM1BG.EXE (Cypress Semiconductor )
HKLM->Run\\TkBellExe - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc. )
HKLM->Run\\UpdReg - C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd. )
HKLM->Run\\WinFaxAppPortStarter - wfxsnt40.exe (Microsoft Corporation )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\LDM - \Program\BackWeb-8876480.exe (File not found)
HKCU->Run\\Spyware Doctor - C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q (PC Tools Research Pty Ltd )
HKCU->Run\\swg - C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (Google Inc. )
HKCU->Run\\WinColorReminder - C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe (Microsoft Corporation )
HKCU->Run\\Window Washer - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software )

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]
AppInit_DLL - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ( )

[Image File Execution Options]
taskmgr.exe - Debugger = C:\Documents and Settings\Hans Lange\My Documents\Downloaded Programs\ProcessExplorerNt\procexp.exe
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - smrgdf C:\Program Files\iolo\System Mechanic 5 Professional\;

[PendingFileRenameOperations]

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]
StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PlexTools Professional.lnk - PlexTools Professional = C:\PROGRA~1\Plextor\PlexTool.exe Startup (Plextor SA/NV )
StartUpFolder\C:^Documents and Settings^Hans Lange^Start Menu^Programs^Startup^Adobe Gamma.lnk - Adobe Gamma = C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE (Adobe Systems, Inc. )
StartUpReg\LDM - BackWeb-8876480 = \Program\BackWeb-8876480.exe (File not found)
StartUpReg\ViewMgr - ViewMgr = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation )

[>> User Agent Post Platform <<]
SV1 -

[>> Winlogon <<]
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\AtiExtEvent - Reg Data missing or invalid (File not found)
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{58364630-773C-4B7F-BBA7-479C380411DE} - (1394 Net Adapter)
{ABD6C204-9B82-4E02-A245-B2DDA78F34D8} - ()
{AFECFFA2-0F5E-4D8C-8AA0-1853DF7713C1} - (Intel® PRO/1000 CT Network Connection)

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found)
msdaipp - (File not found)

[>> Protocol Filters (Non-Microsoft only) <<]

< Services (Non-Microsoft Only) >
Asset Management Daemon (Asset Management Daemon) - C:\Program Files\Gateway\EzTune\dtsslsrv.exe ( ) [Automatic - Running - Win32, running in it's own process]
Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Event Manager (ccEvtMgr) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Network Proxy (ccProxy) - "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Settings Manager (ccSetMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Creative Service for CDROM Access (Creative Service for CDROM Access) - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd ) [Automatic - Running - Win32, running in it's own process]
Diskeeper (Diskeeper) - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe (Executive Software International, Inc. ) [Automatic - Running - Win32, running in it's own process]
Portrait Displays Display Tune Service (DTSRVC) - C:\Program Files\Gateway\EzTune\DTSRVC.exe ( ) [Automatic - Running - Win32, running in it's own process]
EPSON Printer Status Agent2 (EPSONStatusAgent2) - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION ) [Automatic - Running - Win32, running in it's own process]
IAA Event Monitor (IAANTMon) - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (Intel ) [Automatic - Running - Win32, running in it's own process]
Intel® Active Monitor (imonNT) - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe (Intel Corp. ) [Automatic - Running - Win32, running in it's own process]
Iomega App Services (Iomega App Services) - "C:\PROGRA~1\Iomega\System32\AppServices.exe" (Iomega Corporation ) [Automatic - Running - Win32, running in it's own process]
iPod Service (iPod Service) - "C:\Program Files\iPod\bin\iPodService.exe" (Apple Computer, Inc. ) [On Demand - Running - Win32, running in it's own process]
Norton AntiVirus Auto-Protect Service (navapsvc) - "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Norton Unerase Protection (NProtectService) - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Norton Protection Center Service (NSCService) - "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE" (Symantec Corporation ) [On Demand - Running - Win32, running in it's own process]
Roxio Hard Drive Watcher (RoxWatch) - "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe" (Sonic Solutions ) [Automatic - Running - Win32, running in it's own process]
PC Tools Spyware Doctor (SDhelper) - C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd ) [Automatic - Running - Win32, running in it's own process]
Symantec Network Drivers Service (SNDSrvc) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec SPBBCSvc (SPBBCSvc) - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Speed Disk service (Speed Disk service) - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Core LC (Symantec Core LC) - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Ulead Burning Helper (UleadBurningHelper) - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc. ) [Automatic - Running - Win32, running in it's own process]
Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - "C:\Program Files\Iomega\AutoDisk\ADService.exe" (Iomega Corporation ) [Automatic - Running - Win32, running in it's own process]

< Files >

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ColorPlus Startup.lnk - C:\Program Files\PANTONE COLORVISION\ColorPlus\ColorPlus.exe (ColorVision Inc. [Ver = 1, 0, 1, 1 | Size = 2920448 bytes | Date = 04/16/2004 18:39 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 11/08/2004 04:55 | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION [Ver = 2.09 | Size = 135680 bytes | Date = 08/23/2001 03:09 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech [Ver = 1.4.50 | Size = 450560 bytes | Date = 11/18/2004 14:07 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc. [Ver = 2.22.124 | Size = 598016 bytes | Date = 12/02/2004 09:33 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation [Ver = 10.0.2609 | Size = 83360 bytes | Date = 02/13/2001 02:01 | Attr = ])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Hans Lange\Start Menu\Programs\Startup
C:\Documents and Settings\Hans Lange\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 11/08/2004 04:55 | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Wininit.ini: Line 1 - [rename]
Wininit.ini: Line 2 - [Rename]
Wininit.ini: Line 3 - NUL=C:\DOCUME~1\HANSLA~1\LOCALS~1\Temp\VIES2CD7
Wininit.ini: Line 4 - NUL=C:\DOCUME~1\HANSLA~1\LOCALS~1\Temp\VIES5796
Wininit.ini: Line 5 - NUL=C:\DOCUME~1\HANSLA~1\LOCALS~1\Temp\VIES6B2B
Wininit.ini: Line 6 - NUL=C:\DOCUME~1\HANSLA~1\LOCALS~1\Temp\VIES0661
Wininit.ini: Line 7 - NUL=C:\DOCUME~1\HANSLA~1\LOCALS~1\Temp\VIES2F74
Wininit.ini: Line 8 - NUL=C:\DOCUME~1\HANSLA~1\LOCALS~1\Temp\VIES18ED
Wininit.ini: Line 9 - NUL=C:\DOCUME~1\HANSLA~1\LOCALS~1\Temp\VIES217B

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 11/07/2004 22:47 | Attr = HS])
C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt - ( [Ver = | Size = 10 bytes | Date = 09/11/2006 08:22 | Attr = ])
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache - ( [Ver = | Size = 4315 bytes | Date = 09/22/2006 09:00 | Attr = ])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Hans Lange\Application Data\AdobeDLM.log - ( [Ver = | Size = 1057 bytes | Date = 07/17/2005 17:23 | Attr = ])
C:\Documents and Settings\Hans Lange\Application Data\Comma Separated Values (Windows).ADR - ( [Ver = | Size = 25133 bytes | Date = 05/26/2005 12:55 | Attr = ])
C:\Documents and Settings\Hans Lange\Application Data\Comma Separated Values (Windows).EML - ( [Ver = | Size = 9322 bytes | Date = 12/22/2004 09:31 | Attr = ])
C:\Documents and Settings\Hans Lange\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 11/07/2004 22:47 | Attr = HS])
C:\Documents and Settings\Hans Lange\Application Data\dm.ini - ( [Ver = | Size = 0 bytes | Date = 01/21/2005 10:51 | Attr = ])
C:\Documents and Settings\Hans Lange\Application Data\GDIPFONTCACHEV1.DAT - ( [Ver = | Size = 105272 bytes | Date = 07/03/2006 21:29 | Attr = ])

Program Files Folder

Common Files Folder
C:\Program Files\Common Files\Cvtaqlog.dat - ( [Ver = | Size = 4 bytes | Date = 10/31/2005 16:15 | Attr = ])
C:\Program Files\Common Files\SM1updtr.dll - (Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 36963 bytes | Date = 08/27/2003 15:19 | Attr = ])

DPF files
{01012101-5E80-11D8-9E86-0007E96C65AE} - SupportSoft Script Runner Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - Creative Software AutoUpdate - CodeBase = http://www.creative.com/su/ocx/15009/CTSUEng.cab
{11260943-421B-11D0-8EAC-0000C07D88CF} - iPIX ActiveX Control - CodeBase = http://www.ipix.com/download/ipixx.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=48835
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - MSSecurityAdvisor Class - CodeBase = http://protect.microsoft.com/security/prot...b?1100710714171
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} - Microsoft PID Sniffer - CodeBase = https://support.microsoft.com/OAS/ActiveX/odc.cab
{406B5949-7190-4245-91A9-30A17DE16AD0} - Snapfish Activia - CodeBase = http://photo.walgreens.com/WalgreensActivia.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://v5.windowsupdate.microsoft.com/v5co...b?1100709505328
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1144674515468
{88D969C0-F192-11D4-A65F-0040963251E5} - XML DOM Document 4.0 - CodeBase = file://C:\TempEI4\EI40_\msxml4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{A90A5822-F108-45AD-8482-9BC8B12DD539} - Crucial cpcScan - CodeBase = http://www.crucial.com/controls/cpcScanner.cab
{BCBC9371-595D-11D4-A96D-00105A1CEF6C} - View22RTE Class - CodeBase = http://hgtv1.view22.com/app/view22rte.cab
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
{F6ACF75C-C32C-447B-9BEF-46B766368D29} - Creative Software AutoUpdate Support Package - CodeBase = http://www.creative.com/su/ocx/15010/CTPID.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

Hosts file = 734 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright © 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 1
Desktop\Components\0 -
Desktop\Components\0\\Source - About:Home
Desktop\Components\0\\SubscribedURL - About:Home
Desktop\Components\0\\FriendlyName - My Current Home Page
Desktop\Components\0\\Flags - 2
Desktop\Components\0\\Position - 2C 00 00 00 50 01 00 00 00 00 00 00 40 05 00 00 F4 03 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 04 00 00 40
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 50 01 00 00 00 00 00 00 40 05 00 00 F4 03 00 00 04 00 00 40
Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 50 01 00 00 00 00 00 00 40 05 00 00 F4 03 00 00 01 00 00 00
Desktop\Components\1 -
Desktop\Components\1\\Source - http://www.microsoft.com/windows/ie/galler...ents/ticker.htm
Desktop\Components\1\\SubscribedURL - http://www.microsoft.com/windows/ie/galler...ents/ticker.htm
Desktop\Components\1\\FriendlyName - Microsoft Investor Active Desktop Ticker
Desktop\Components\1\\Flags - 2
Desktop\Components\1\\Position - 2C 00 00 00 37 01 00 00 4D 00 00 00 27 02 00 00 4D 00 00 00 EA 03 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\1\\CurrentState - 01 00 00 40
Desktop\Components\1\\OriginalStateInfo - 18 00 00 00 37 01 00 00 4D 00 00 00 27 02 00 00 4D 00 00 00 01 00 00 40
Desktop\Components\1\\RestoredStateInfo - 18 00 00 00 F4 01 00 00 1F 00 00 00 27 02 00 00 4D 00 00 00 01 00 00 40
Desktop\General -
Desktop\General\\BackupWallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\General\\WallpaperFileTime - 3E C6 89 7E A0 DA C6 01
Desktop\General\\WallpaperLocalFileTime - 3E BE B3 95 76 DA C6 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 2
Desktop\General\\Wallpaper - %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Desktop\General\\ComponentsPositioned - 1
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 2
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 90 06 00 00 F4 03 00 00 90 06 00 00 00 00 00 00 B0 09 00 00 58 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\Components -
Desktop\SafeMode\Components\\DeskHtmlVersion - 272
Desktop\SafeMode\Components\\DeskHtmlMinorVersion - 5
Desktop\SafeMode\Components\\Settings - 1
Desktop\SafeMode\Components\\GeneralFlags - 0
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Jobs.def<<<<

DIR - C:\WINDOWS\tasks\*.* - Parameters = Include SubFolders
C:\WINDOWS\tasks\AppleSoftwareUpdate.job - ( [Ver = | Size = 284 bytes | Date = 10/06/2006 19:03 | Attr = ])
C:\WINDOWS\tasks\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 08/29/2002 07:00 | Attr = RH ])
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Hans Lange.job - ( [Ver = | Size = 558 bytes | Date = 10/08/2006 09:40 | Attr = ])
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job - ( [Ver = | Size = 302 bytes | Date = 10/02/2006 12:21 | Attr = ])
C:\WINDOWS\tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 10/08/2006 09:40 | Attr = H ])
C:\WINDOWS\tasks\Symantec Drmc.job - ( [Ver = | Size = 318 bytes | Date = 09/12/2006 00:00 | Attr = ])

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Explorer -
policies\Explorer\\NoCDBurning - 0
policies\Ext -
policies\Ext\CLSID -
policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} - 1
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1
policies\system\\LegalNoticeText -
policies\system\\LegalNoticeCaption -

KEY - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer -
Internet Explorer\Restrictions -

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\ActiveDesktop -
policies\comdlg32 -
policies\comdlg32\\NoBackButton - 0
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\Explorer\\NoDrives - 0
policies\Explorer\\NoViewOnDrive - 0
policies\Explorer\\NoRecentDocsMenu - 1
policies\Explorer\\NoRecentDocsHistory - 1
policies\Explorer\\NoDriveAutoRun - 67108855
policies\System -
policies\Uninstall -

KEY - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer -
Internet Explorer\Control Panel -
Internet Explorer\Control Panel\\Colors - 0
Internet Explorer\Restrictions -

>>>>Output for AddOn file SID_Run_Policies.def<<<<

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -
Run\\Spyware Doctor - "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run -
Run\\Spyware Doctor - "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145
Policies\Explorer\\CDRAutoRun - 0

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145
Policies\Explorer\\CDRAutoRun - 0

< End of report >

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:29 AM

Posted 09 October 2006 - 03:21 PM

Hi HansJ. Let's clean up some items.
  • Start WinPFind2 and click on the Registry tab.
  • Click the Scan Registry button.
  • Scroll down to the >> Registry Run Keys << section and click the checkbox in front of the following items:
    • HKLM->Run\\ - (File not found)
      HKLM->Run\\NWEReboot - (File not found)
      HKLM->Run\\RemoteCenter - (File not found)
  • Now scroll down to the Image File Execution Options section and click the checkbox in front of the following item:taskmgr.exe - Debugger = C:\Documents and Settings\Hans Lange\My Documents\Downloaded Programs\ProcessExplorerNt\procexp.exe
  • Now click the Delete Entries button in the upper right-hand corner of the toolbar.
  • Close WinPFind2.
Ok. Reboot the machine and run a new WinPFind2 scan by doing the following:
  • Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.
  • Keep the standard settings.
  • Click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button to post the information back here and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 HansJ

HansJ
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 09 October 2006 - 07:01 PM

Hello again,

Attached is the reort as requested. Thanks again for taking your time to help me.

HansJ

Logfile created on: 10/09/2006 18:51
WinPFind2 by OldTimer - Version 1.0.11 Folder = C:\Documents and Settings\Hans Lange\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< Processes (Non-Microsoft Only) >
c:\program files\norton password manager\acctmgr.exe - (Symantec Corporation )
c:\program files\iomega\autodisk\adservice.exe - (Iomega Corporation )
c:\program files\iomega\autodisk\adusermon.exe - (Iomega Corporation )
c:\program files\symantec\liveupdate\aluschedulersvc.exe - (Symantec Corporation )
c:\progra~1\iomega\system32\appservices.exe - (Iomega Corporation )
c:\program files\common files\symantec shared\ccapp.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\ccevtmgr.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\ccproxy.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\ccsetmgr.exe - (Symantec Corporation )
c:\program files\citi virtual account numbers\citivan.exe - (Orbiscom Ltd. All rights reserved. )
c:\program files\common files\roxio shared\sharedcom8\cpshelprunner.exe - (Sonic Solutions )
c:\program files\creative\sbaudigy2zs\dvdaudio\ctdvddet.exe - (Creative Technology Ltd )
c:\windows\system32\cthelper.exe - (Creative Technology Ltd )
c:\windows\system32\ctsvccda.exe - (Creative Technology Ltd )
c:\program files\creative\sbaudigy2zs\surround mixer\ctsysvol.exe - (Creative Technology Ltd )
c:\program files\executive software\diskeeperlite\dkservice.exe - (Executive Software International, Inc. )
c:\program files\roxio\easy media creator 8\drag to disc\drgtodsc.exe - (Sonic Solutions )
c:\program files\gateway\eztune\dthtml.exe - (Portrait Displays, Inc )
c:\program files\gateway\eztune\dtsrvc.exe - ( )
c:\program files\gateway\eztune\dtsslsrv.exe - ( )
c:\windows\system32\spool\drivers\w32x86\3\e_s4i2j1.exe - (SEIKO EPSON CORPORATION )
c:\program files\portrait displays\pivot software\floater.exe - ( )
c:\program files\google\googletoolbarnotifier\1.0.720.3640\googletoolbarnotifier.exe - (Google Inc. )
c:\program files\intel\intel application accelerator\iaanotif.exe - (Intel )
c:\program files\intel\intel application accelerator\iaantmon.exe - (Intel )
c:\program files\iomega\driveicons\imgicon.exe - (Iomega )
c:\program files\intel\intel® active monitor\imonnt.exe - (Intel Corp. )
c:\program files\intel\intel® active monitor\imontray.exe - ( )
c:\program files\ipod\bin\ipodservice.exe - (Apple Computer, Inc. )
c:\program files\itunes\ituneshelper.exe - (Apple Computer, Inc. )
c:\program files\common files\logitech\khal\khalmnpr.exe - (Logitech Inc. )
c:\windows\system32\powerdesk8\matrox.powerdesk.pdesknet.exe - (Matrox Graphics Inc. )
c:\program files\norton internet security\norton antivirus\navapsvc.exe - (Symantec Corporation )
c:\progra~1\norton~1\norton~1\speedd~1\nopdb.exe - (Symantec Corporation )
c:\progra~1\norton~1\norton~1\nprotect.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\security console\nscsrvce.exe - (Symantec Corporation )
c:\program files\common files\real\update_ob\realsched.exe - (RealNetworks, Inc. )
c:\program files\common files\roxio shared\sharedcom8\roxwatch.exe - (Sonic Solutions )
c:\program files\common files\roxio shared\sharedcom8\roxwatchtray.exe - ( )
c:\program files\common files\epson\ebapi\sagent2.exe - (SEIKO EPSON CORPORATION )
c:\program files\spyware doctor\sdhelp.exe - (PC Tools Research Pty Ltd )
c:\program files\logitech\setpoint\setpoint.exe - (Logitech Inc. )
c:\windows\sm1bg.exe - (Cypress Semiconductor )
c:\program files\common files\symantec shared\sndsrvc.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe - (Symantec Corporation )
c:\progra~1\spywar~1\swdoctor.exe - (PC Tools Research Pty Ltd )
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe - (Symantec Corporation )
c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe - (Ulead Systems, Inc. )
c:\documents and settings\hans lange\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )
c:\program files\portrait displays\pivot software\wpctrl.exe - ( )
c:\program files\webroot\washer\wwdisp.exe - (Webroot Software )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM->Main\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKCU->Main\\Start Page - about:blank
HKCU->Main\\Search Bar - http://www.google.com/ie
HKCU->Main\\Search Page - http://www.google.com
HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM->Search\\SearchAssistant - http://www.google.com/ie
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride - localhost

[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{387EDF53-1CF2-4523-BC2F-13462651BE8C} - CitiUSBrowserHelper Class = C:\WINDOWS\system32\BhoCitUS.dll (Orbiscom Ltd. All rights reserved. )
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (PC Tools )
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation )
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar2.dll (Google Inc. )
{B56A7D7D-6927-48C8-A975-17DF180C71AC} - PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (PC Tools )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
{C92041C1-6D22-4069-BA0E-66246AA752B0} - MasterCook Bar = C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{21569614-B795-46B1-85F4-E737A8DC09AD} - Shell Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{32683183-48a0-441b-a342-7c2a440a9478} - Reg Data missing or invalid = Reg Data missing or invalid (File not found)
{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security 2006 = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation )
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc. )
{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc. )
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data missing or invalid = Reg Data missing or invalid (File not found)
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Norton Internet Security 2006 = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc. )
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data missing or invalid = Reg Data missing or invalid (File not found)
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Toolbar = Reg Data missing or invalid (File not found)

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8197 - Sun Java Console
{1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - 8195 - Reg Data missing or invalid
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8200 - Reg Data missing or invalid
{44226DFF-747E-4edc-B30C-78752E50CD0C} - 8193 - Reg Data missing or invalid
{4C730913-3961-439b-83D5-F4E445520422} - 8196 - Reg Data missing or invalid
{A5ABA0BB-F195-40d8-A5E9-0801153E6597} - 8199 - Add to EverNote
{E6EF5071-7647-4E85-9785-87B6CF5CB561} - 8198 - Reg Data missing or invalid
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 - Windows Messenger
NextId - 8201

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll (Sun Microsystems, Inc. )
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - ButtonText: Spyware Doctor = Reg Data missing or invalid (File not found)
{44226DFF-747E-4edc-B30C-78752E50CD0C} - ButtonText: ATI TV = Reg Data missing or invalid (File not found)
{4C730913-3961-439b-83D5-F4E445520422} - ButtonText: Citi = C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved. )
{A5ABA0BB-F195-40d8-A5E9-0801153E6597} - ButtonText: Add to EverNote = Reg Data missing or invalid (File not found)
{E6EF5071-7647-4E85-9785-87B6CF5CB561} - ButtonText: MasterCook Web Import Bar = Reg Data missing or invalid (File not found)
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )

[HKCU-> Internet Explorer Menu Extensions]
AccountLogon - C:\WINDOWS\al-popup-hans lange.html (File not found)
Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000 (EverNote Corporation )
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation )
MasterCook: Select Image - C:\Program Files\MasterCook 8\Web\MCIEContext.hta ( )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data missing or invalid (File not found)
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found)
{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} - RXDCExtShlExt extension = C:\Program Files\Roxio\Easy Media Creator 8\Virtual Drive\DC_ShellExt.dll ( )
{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = Reg Data missing or invalid (File not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = Reg Data missing or invalid (File not found)
{5E44E225-A408-11CF-B581-008029601108} - Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll (Sonic Solutions )
{654D0431-C930-43C4-B8DA-9AA01BA5B486} - PDI GUI Engine COM Obj = C:\Program Files\Gateway\EzTune\HtmlEngine.dll (Portrait Displays, Inc )
{6EE51AA0-77A0-11D7-B4E1-000347126E46} - Window Washer Shell Shredding Utility = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL (Webroot Software )
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found)
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc. )
{A7B1D2E1-5E71-4975-B8D9-FC4A1FB6B0A6} - Matrox PowerDesk Page = C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.PDeskPage.dll (Matrox Graphics Inc. )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc. )
{c7745760-8ead-11ce-b750-02608ca5202c} - IomegaWare Shell Extension = C:\Program Files\Iomega\Shell\ImgMenu.dll (Iomega Corp. )
{c7745761-8ead-11ce-b750-02608ca5202c} - IomegaWare Shell Extension = C:\Program Files\Iomega\Shell\ImgProp.dll (Iomega Corp. )
{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - RXDCExtSvr - {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} = C:\Program Files\Roxio\Easy Media Creator 8\Virtual Drive\DC_ShellExt.dll ( )
* - Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
* - Washer - {6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL (Webroot Software )
* - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )
AllFilesystemObjects - Copy To - Reg Data missing or invalid = Reg Data missing or invalid (File not found)
AllFilesystemObjects - Move To - Reg Data missing or invalid = Reg Data missing or invalid (File not found)
Directory - Washer - {6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL (Webroot Software )
Directory - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )
Folder - RXDCExtSvr - {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} = C:\Program Files\Roxio\Easy Media Creator 8\Virtual Drive\DC_ShellExt.dll ( )
Folder - Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
Folder - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc. )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]
Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )
Folder - AutorunsDisabled - Reg Data missing or invalid = Reg Data missing or invalid (File not found)

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\System32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\AcctMgr - C:\Program Files\Norton Password Manager\AcctMgr.exe /startup (Symantec Corporation )
HKLM->Run\\ADUserMon - C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation )
HKLM->Run\\ccApp - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation )
HKLM->Run\\CitiVAN - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards (Orbiscom Ltd. All rights reserved. )
HKLM->Run\\CTDVDDET - C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE (Creative Technology Ltd )
HKLM->Run\\CTHelper - CTHELPER.EXE (Creative Technology Ltd )
HKLM->Run\\CTSysVol - C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd )
HKLM->Run\\Deskup - C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART (Iomega )
HKLM->Run\\DT Task - C:\Program Files\Gateway\EzTune\DTHtml.exe -startup_folder (Portrait Displays, Inc )
HKLM->Run\\EPSON Stylus Photo R800 - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE /P23 "EPSON Stylus Photo R800" /O6 "USB001" /M "Stylus Photo R800" (SEIKO EPSON CORPORATION )
HKLM->Run\\IAAnotif - C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel )
HKLM->Run\\IMONTRAY - C:\Program Files\Intel\Intel® Active Monitor\imontray.exe ( )
HKLM->Run\\Iomega Drive Icons - C:\Program Files\Iomega\DriveIcons\ImgIcon.exe (Iomega )
HKLM->Run\\iTunesHelper - "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc. )
HKLM->Run\\Matrox PowerDesk 8 - C:\WINDOWS\system32\PowerDesk8\Matrox.PowerDesk.exe /silent (File not found)
HKLM->Run\\PivotSoftware - "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe" ( )
HKLM->Run\\RoxioDragToDisc - "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" (Sonic Solutions )
HKLM->Run\\RoxWatchTray - "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" ( )
HKLM->Run\\SBDrvDet - C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r (Creative Technology Ltd )
HKLM->Run\\SM1BG - C:\WINDOWS\SM1BG.EXE (Cypress Semiconductor )
HKLM->Run\\TkBellExe - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc. )
HKLM->Run\\UpdReg - C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd. )
HKLM->Run\\WinFaxAppPortStarter - wfxsnt40.exe (Microsoft Corporation )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\LDM - \Program\BackWeb-8876480.exe (File not found)
HKCU->Run\\Spyware Doctor - C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q (PC Tools Research Pty Ltd )
HKCU->Run\\swg - C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (Google Inc. )
HKCU->Run\\WinColorReminder - C:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe (Microsoft Corporation )
HKCU->Run\\Window Washer - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software )

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]
AppInit_DLL - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ( )

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - smrgdf C:\Program Files\iolo\System Mechanic 5 Professional\;

[PendingFileRenameOperations]

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]
StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PlexTools Professional.lnk - PlexTools Professional = C:\PROGRA~1\Plextor\PlexTool.exe Startup (Plextor SA/NV )
StartUpFolder\C:^Documents and Settings^Hans Lange^Start Menu^Programs^Startup^Adobe Gamma.lnk - Adobe Gamma = C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE (Adobe Systems, Inc. )
StartUpReg\LDM - BackWeb-8876480 = \Program\BackWeb-8876480.exe (File not found)
StartUpReg\ViewMgr - ViewMgr = C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation )

[>> User Agent Post Platform <<]
SV1 -

[>> Winlogon <<]
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\AtiExtEvent - Reg Data missing or invalid (File not found)
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{58364630-773C-4B7F-BBA7-479C380411DE} - (1394 Net Adapter)
{ABD6C204-9B82-4E02-A245-B2DDA78F34D8} - ()
{AFECFFA2-0F5E-4D8C-8AA0-1853DF7713C1} - (Intel® PRO/1000 CT Network Connection)

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found)
msdaipp - (File not found)

[>> Protocol Filters (Non-Microsoft only) <<]

< Services (Non-Microsoft Only) >
Asset Management Daemon (Asset Management Daemon) - C:\Program Files\Gateway\EzTune\dtsslsrv.exe ( ) [Automatic - Running - Win32, running in it's own process]
Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Event Manager (ccEvtMgr) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Network Proxy (ccProxy) - "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Settings Manager (ccSetMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Creative Service for CDROM Access (Creative Service for CDROM Access) - C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd ) [Automatic - Running - Win32, running in it's own process]
Diskeeper (Diskeeper) - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe (Executive Software International, Inc. ) [Automatic - Running - Win32, running in it's own process]
Portrait Displays Display Tune Service (DTSRVC) - C:\Program Files\Gateway\EzTune\DTSRVC.exe ( ) [Automatic - Running - Win32, running in it's own process]
EPSON Printer Status Agent2 (EPSONStatusAgent2) - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION ) [Automatic - Running - Win32, running in it's own process]
IAA Event Monitor (IAANTMon) - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (Intel ) [Automatic - Running - Win32, running in it's own process]
Intel® Active Monitor (imonNT) - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe (Intel Corp. ) [Automatic - Running - Win32, running in it's own process]
Iomega App Services (Iomega App Services) - "C:\PROGRA~1\Iomega\System32\AppServices.exe" (Iomega Corporation ) [Automatic - Running - Win32, running in it's own process]
iPod Service (iPod Service) - "C:\Program Files\iPod\bin\iPodService.exe" (Apple Computer, Inc. ) [On Demand - Running - Win32, running in it's own process]
Norton AntiVirus Auto-Protect Service (navapsvc) - "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Norton Unerase Protection (NProtectService) - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Norton Protection Center Service (NSCService) - "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE" (Symantec Corporation ) [On Demand - Running - Win32, running in it's own process]
Roxio Hard Drive Watcher (RoxWatch) - "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe" (Sonic Solutions ) [Automatic - Running - Win32, running in it's own process]
PC Tools Spyware Doctor (SDhelper) - C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd ) [Automatic - Running - Win32, running in it's own process]
Symantec Network Drivers Service (SNDSrvc) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec SPBBCSvc (SPBBCSvc) - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Speed Disk service (Speed Disk service) - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Core LC (Symantec Core LC) - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Ulead Burning Helper (UleadBurningHelper) - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc. ) [Automatic - Running - Win32, running in it's own process]
Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - "C:\Program Files\Iomega\AutoDisk\ADService.exe" (Iomega Corporation ) [Automatic - Running - Win32, running in it's own process]

< Files >

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ColorPlus Startup.lnk - C:\Program Files\PANTONE COLORVISION\ColorPlus\ColorPlus.exe (ColorVision Inc. [Ver = 1, 0, 1, 1 | Size = 2920448 bytes | Date = 04/16/2004 18:39 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 11/08/2004 04:55 | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION [Ver = 2.09 | Size = 135680 bytes | Date = 08/23/2001 03:09 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech [Ver = 1.4.50 | Size = 450560 bytes | Date = 11/18/2004 14:07 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc. [Ver = 2.22.124 | Size = 598016 bytes | Date = 12/02/2004 09:33 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation [Ver = 10.0.2609 | Size = 83360 bytes | Date = 02/13/2001 02:01 | Attr = ])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Hans Lange\Start Menu\Programs\Startup
C:\Documents and Settings\Hans Lange\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 11/08/2004 04:55 | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Wininit.ini: Line 1 - [rename]
Wininit.ini: Line 2 - [Rename]
Wininit.ini: Line 3 - NUL=C:\DOCUME~1\HANSLA~1\LOCALS~1\Temp\VIES2CD7
Wininit.ini: Line 4 - NUL=C:\DOCUME~1\HANSLA~1\LOCALS~1\Temp\VIES5796
Wininit.ini: Line 5 - NUL=C:\DOCUME~1\HANSLA~1\LOCALS~1\Temp\VIES6B2B
Wininit.ini: Line 6 - NUL=C:\DOCUME~1\HANSLA~1\LOCALS~1\Temp\VIES0661
Wininit.ini: Line 7 - NUL=C:\DOCUME~1\HANSLA~1\LOCALS~1\Temp\VIES2F74
Wininit.ini: Line 8 - NUL=C:\DOCUME~1\HANSLA~1\LOCALS~1\Temp\VIES18ED
Wininit.ini: Line 9 - NUL=C:\DOCUME~1\HANSLA~1\LOCALS~1\Temp\VIES217B

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 11/07/2004 22:47 | Attr = HS])
C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt - ( [Ver = | Size = 10 bytes | Date = 09/11/2006 08:22 | Attr = ])
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache - ( [Ver = | Size = 4315 bytes | Date = 09/22/2006 09:00 | Attr = ])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Hans Lange\Application Data\AdobeDLM.log - ( [Ver = | Size = 1057 bytes | Date = 07/17/2005 17:23 | Attr = ])
C:\Documents and Settings\Hans Lange\Application Data\Comma Separated Values (Windows).ADR - ( [Ver = | Size = 25133 bytes | Date = 05/26/2005 12:55 | Attr = ])
C:\Documents and Settings\Hans Lange\Application Data\Comma Separated Values (Windows).EML - ( [Ver = | Size = 9322 bytes | Date = 12/22/2004 09:31 | Attr = ])
C:\Documents and Settings\Hans Lange\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 11/07/2004 22:47 | Attr = HS])
C:\Documents and Settings\Hans Lange\Application Data\dm.ini - ( [Ver = | Size = 0 bytes | Date = 01/21/2005 10:51 | Attr = ])
C:\Documents and Settings\Hans Lange\Application Data\GDIPFONTCACHEV1.DAT - ( [Ver = | Size = 105272 bytes | Date = 07/03/2006 21:29 | Attr = ])

Program Files Folder

Common Files Folder
C:\Program Files\Common Files\Cvtaqlog.dat - ( [Ver = | Size = 4 bytes | Date = 10/31/2005 16:15 | Attr = ])
C:\Program Files\Common Files\SM1updtr.dll - (Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 36963 bytes | Date = 08/27/2003 15:19 | Attr = ])

DPF files
{01012101-5E80-11D8-9E86-0007E96C65AE} - SupportSoft Script Runner Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - Creative Software AutoUpdate - CodeBase = http://www.creative.com/su/ocx/15009/CTSUEng.cab
{11260943-421B-11D0-8EAC-0000C07D88CF} - iPIX ActiveX Control - CodeBase = http://www.ipix.com/download/ipixx.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=48835
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - MSSecurityAdvisor Class - CodeBase = http://protect.microsoft.com/security/prot...b?1100710714171
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} - Microsoft PID Sniffer - CodeBase = https://support.microsoft.com/OAS/ActiveX/odc.cab
{406B5949-7190-4245-91A9-30A17DE16AD0} - Snapfish Activia - CodeBase = http://photo.walgreens.com/WalgreensActivia.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://v5.windowsupdate.microsoft.com/v5co...b?1100709505328
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1144674515468
{88D969C0-F192-11D4-A65F-0040963251E5} - XML DOM Document 4.0 - CodeBase = file://C:\TempEI4\EI40_\msxml4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{A90A5822-F108-45AD-8482-9BC8B12DD539} - Crucial cpcScan - CodeBase = http://www.crucial.com/controls/cpcScanner.cab
{BCBC9371-595D-11D4-A96D-00105A1CEF6C} - View22RTE Class - CodeBase = http://hgtv1.view22.com/app/view22rte.cab
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
{F6ACF75C-C32C-447B-9BEF-46B766368D29} - Creative Software AutoUpdate Support Package - CodeBase = http://www.creative.com/su/ocx/15010/CTPID.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

Hosts file = 734 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright © 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -

< End of report >

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:29 AM

Posted 09 October 2006 - 07:12 PM

Hi HansJ. That log looks good. What happens when you try Task Manager now?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 HansJ

HansJ
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 09 October 2006 - 07:30 PM

Hi,

I see your working late. You have resurrected my Task Mgr; it has come back to me. Thank you very much. If you ever visit San Antonio, TX, please let me know so I can return the favor.

HansJ :thumbsup:

#9 HansJ

HansJ
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 10 October 2006 - 09:37 AM

Hello OT

One more question please. Can you tell me what I did to get into this situation? I would like to learn from this to hopefully avoid anything like this happening again.

Thanks

HansJ

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:29 AM

Posted 10 October 2006 - 04:20 PM

Hi HansJ. I love San Antonio! I was there a couple of years ago for graduation when my son was at Lackland AFB going through Basic Training. We had a great weekend togather roaming the city and taking in the sites.

I think what happened with the Task Manager was that SysInternal's Process Explorer was set to replace it. This is an option on the Options menu. This line in the WinPFind2 log points to that:taskmgr.exe - Debugger = C:\Documents and Settings\Hans Lange\My Documents\Downloaded Programs\ProcessExplorerNt\procexp.exe
If Process Explorer was then moved (or removed) the system was still looking for it and not the standard Task Manager. Removing that registry entry in the fix is what brought the standard Task Manager back to normal use.

Let me know if there is anything else we can help with.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 HansJ

HansJ
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 10 October 2006 - 07:46 PM

Hello again,

Not sure I know why the process program was moved or removed, I don't recall doing that. Anyway, I am happy to have things working correctly again.

Glad you enjoyed our fair city and it's bi-cultural flavor. Interestingly, our son graduated from Lackland about three years ago. He has spent the last three years in Japan were we had the pleasure of visiting him this summer. He is enjoying himself and is seeing a lot of the country. Hope your son got a good assignment.

Thanks again.

HansJ

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:29 AM

Posted 11 October 2006 - 06:38 PM

Hi HansJ. My son went into secured network systems so he has been locked away and won't tell me what he has been doing haha. He really seems to love it and I think he will stay with it for a career. From what he can tell me I think I would love it too! He calls every week and we have a nice chat.

Anyway, I will now close this topic. If you have any new malware-related questions or issues in the future please start a new topic.

If I ever get out toward San Antonio in the future I will try and let you know.

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users