Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log Help Please


  • Please log in to reply
5 replies to this topic

#1 tinmanic

tinmanic

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 27 October 2006 - 10:04 AM

I have gotten something nasty on this machine, whenever I am connected to the internet, Norton Antivirus pops up hundreds of "Scanning message 1 of 1" windows, followed by messages that mail could not be delivered. I have run Norton, Panda, Housecall, BitDefender, Ad-Aware, Spybot. They usually find and fix something but things keep coming back. I have Windows restore turned OFF. I have reinstalled Norton. I tried Zone Alarm, which seemed to indicate that it was ccapp.exe that was sending the emails, but I thought that was part of Norton AV?

Pease take a look at my Hijackthis log and let me know if you see what could be causing this. I have tried everything and gone thorough all the steps for 3 days now and am finally at the point where I need expert help. Thanks,

Logfile of HijackThis v1.99.1
Scan saved at 10:49:11 AM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\My Documents\My Received Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local>
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program

Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay

Toolbar2\eBayTb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common

Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe 1
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay

Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton

SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program

Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program

Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file

missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -

http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) -

http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {36C0B01C-8031-11D4-A527-00C04F794627} (Merant Dimensions Native Code Client for MSIE) -

http://vfescaladium.vf.lmco.com:8080/dim_a...web90ie_jni.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) -

http://gbgnwww09t/projectserver/objects/pjclient.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -

http://pcmsweb.ms.lmco.com/PCMS_WebPages/msxml4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -

http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A04E3F0-3BB2-11D2-91E2-00C04FAEC46B} (NMClient Class) -

http://conferencing.us.lmco.com/ConferencingBin/xcliacc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) -

http://gbgnwww09t/projectserver/objects/1033/pjcintl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -

https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList =

ems.lmco.com,gbg.us.lmco.com,gbg.ms.lmco.com,gbg.lmco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList =

ems.lmco.com,gbg.us.lmco.com,gbg.ms.lmco.com,gbg.lmco.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList =

ems.lmco.com,gbg.us.lmco.com,gbg.ms.lmco.com,gbg.lmco.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList =

ems.lmco.com,gbg.us.lmco.com,gbg.ms.lmco.com,gbg.lmco.com
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program

Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\VAScanner\comHost.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application

Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton

Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation -

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program

Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TCP and UDP Support - Unknown owner - C:\WINDOWS\system32\tcpip.exe (file missing)

BC AdBot (Login to Remove)

 


#2 tinmanic

tinmanic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 27 October 2006 - 11:00 AM

Sorry about the word wrap in notepad on that last log. I did some research that lead me to run SDFIX. I am posting a new HJT log and the results of the SDFIX report.

Logfile of HijackThis v1.99.1
Scan saved at 11:55:11 AM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Administrator\My Documents\My Received Files\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local>
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Launch Ai Booster] C:\Program Files\ASUS\Ai Booster\OverClk.exe 1
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {36C0B01C-8031-11D4-A527-00C04F794627} (Merant Dimensions Native Code Client for MSIE) - http://vfescaladium.vf.lmco.com:8080/dim_a...web90ie_jni.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://gbgnwww09t/projectserver/objects/pjclient.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://pcmsweb.ms.lmco.com/PCMS_WebPages/msxml4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A04E3F0-3BB2-11D2-91E2-00C04FAEC46B} (NMClient Class) - http://conferencing.us.lmco.com/ConferencingBin/xcliacc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://gbgnwww09t/projectserver/objects/1033/pjcintl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ems.lmco.com,gbg.us.lmco.com,gbg.ms.lmco.com,gbg.lmco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ems.lmco.com,gbg.us.lmco.com,gbg.ms.lmco.com,gbg.lmco.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = ems.lmco.com,gbg.us.lmco.com,gbg.ms.lmco.com,gbg.lmco.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ems.lmco.com,gbg.us.lmco.com,gbg.ms.lmco.com,gbg.lmco.com
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TCP and UDP Support - Unknown owner - C:\WINDOWS\system32\tcpip.exe (file missing)

SDFix: Version 1.32
-------------------

Scan run on:
Fri 10/27/2006

Time:
11:48 AM


Microsoft Windows XP [Version 5.1.2600]

Running from: C:\Documents and Settings\Administrator\Desktop\SDFix

Stage One...

Checking Services...

Name:
-----


Path:
----




Repairing Registry...

Killing PID 944 'explorer.exe'
Killing PID 944 'explorer.exe'

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two...

Checking For Malware:
--------------------

C:\WINDOWS\system32\mini7tone.ini

Backing Up and Removing any Files Found...

Final Check:

Services:
---------


Files:
------


Any files removed are saved to the SDFix\backups Folder

FINISHED

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:33 PM

Posted 03 November 2006 - 06:41 PM

Hello tinmanic and welcome to the BC HijackThis forum. Let's try a different scanner and see what it shows us.

Download WinPFind2.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind2 on your desktop.
  • Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.
  • Keep the standard settings.
  • In the AddOn-Options group click the checkboxes for
    • HKCU_IEDesktop.def
    • Jobs.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button to post the information back here and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 tinmanic

tinmanic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 07 November 2006 - 10:45 AM

Logfile created on: 11/7/2006 10:41:59 AM
WinPFind2 by OldTimer - Version 1.0.14 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< Processes (Non-Microsoft Only) >
c:\program files\symantec\liveupdate\aluschedulersvc.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\appcore\appsvc32.exe - (Symantec Corporation )
c:\windows\system32\ati2evxx.exe - (ATI Technologies Inc. )
c:\windows\system32\ati2evxx.exe - (ATI Technologies Inc. )
c:\program files\canon\bjcard\bjlaunch.exe - (CANON INC. )
c:\program files\canon\bjcard\bjmcmng.exe - (CANON INC. )
c:\program files\common files\symantec shared\ccapp.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\ccsvchst.exe - (Symantec Corporation )
c:\program files\ati technologies\ati.ace\cli.exe - (ATI Technologies Inc. )
c:\program files\ati technologies\ati.ace\cli.exe - (ATI Technologies Inc. )
c:\program files\ati technologies\ati.ace\cli.exe - (ATI Technologies Inc. )
c:\program files\google\googletoolbarnotifier\1.2.908.5008\googletoolbarnotifier.exe - (Google Inc. )
c:\program files\intel\intel matrix storage manager\iaanotif.exe - (Intel Corporation )
c:\program files\intel\intel application accelerator\iaantmon.exe - (Intel )
c:\program files\ipod\bin\ipodservice.exe - (Apple Computer, Inc. )
c:\program files\itunes\ituneshelper.exe - (Apple Computer, Inc. )
c:\program files\java\jre1.5.0_09\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\program files\bonjour\mdnsresponder.exe - (Apple Computer, Inc. )
c:\progra~1\norton~1\norton~2\speedd~1\nopdb.exe - (Symantec Corporation )
c:\progra~1\norton~1\norton~2\nprotect.exe - (Symantec Corporation )
c:\program files\analog devices\soundmax\smagent.exe - (Analog Devices, Inc. )
c:\program files\analog devices\soundmax\smax4pnp.exe - (Analog Devices, Inc. )
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe - (Symantec Corporation )
c:\program files\canon\bjpv\tvmon.exe - (Canon Inc. )
c:\documents and settings\administrator\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM->Main\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM->Main\\Default_Search_URL - http://www.google.com/ie
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page - http://my.yahoo.com/
HKCU->Main\\Search Bar - http://www.google.com/ie
HKCU->Main\\Search Page - http://www.google.com
HKCU->Main\\Local Page - C:\WINDOWS\system32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM->Search\\SearchAssistant - http://www.google.com/ie
HKCU->Search\\SearchAssistant - http://www.google.com/ie
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride - ;*.local;<local>

[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} - Reg Data - Value does not exist = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll (Symantec Corporation )
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - eBay Toolbar Helper = C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll ( )
{43C91A2B-2B04-4788-9321-44B3E6CA93C5} - Reg Data - Key not found = Reg Data - Key not found (File not found)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc. )
{871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - Reg Data - Value does not exist = C:\WINDOWS\system32\prignhbr.dll ( )
{9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - BHO = C:\Program Files\BHO Plugin\plugin1.dll ( )
{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar4.dll (Google Inc. )
{c3703265-4671-4858-92a4-cba6a7b3bb45} - Reg Data - Key not found = Reg Data - Key not found (File not found)

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{32683183-48a0-441b-a342-7c2a440a9478} - Reg Data - Key not found = Reg Data - Key not found (File not found)
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar4.dll (Google Inc. )
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint = C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ( )
{8E718888-423F-11D2-876E-00A0C9082467} - Radio = C:\WINDOWS\system32\msdxm.ocx ( )
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation )
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} - eBay Toolbar = C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll ( )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
ShellBrowser\\{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar4.dll (Google Inc. )
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Reg Data - Key not found = Reg Data - Key not found (File not found)

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8195 - Sun Java Console
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - 8202 - Reg Data - Value does not exist
{5E638779-1818-4754-A595-EF1C63B87A56} - 8198 - Express Cleanup
{7F9DB11C-E358-4ca6-A83D-ACC663939424} - 8199 - Reg Data - Value does not exist
{85d1f590-48f4-11d9-9669-0800200c9a66} - 8201 - Uninstall BitDefender Online Scanner v8
{92D7F210-7F20-11d3-8157-0090278B20DE} - 8194 - Reg Data - Key not found
{A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - 8200 - Reg Data - Key not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8197 - Reg Data - Value does not exist
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 - @C:\Program Files\Messenger\Msgslang.dll,-61144
NextId - 8203

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc. )
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc. )
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - ButtonText: Web Anti-Virus = Reg Data - Value does not exist (File not found)
{5E638779-1818-4754-A595-EF1C63B87A56} - ButtonText: Express Cleanup = C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ( )
{7F9DB11C-E358-4ca6-A83D-ACC663939424} - ButtonText: Bonjour = Reg Data - Value does not exist (File not found)
{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = Reg Data - Key not found (File not found)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc. )
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: @C:\Program Files\Messenger\Msgslang.dll,-61144 = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )

[HKCU-> Internet Explorer Menu Extensions]
&eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html ( )
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (File not found)

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
- = Reg Data - Key not found (File not found)
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data - Key not found (File not found)
{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = Reg Data - Key not found (File not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = Reg Data - Key not found (File not found)
{6F5F1E41-9B53-4F8F-84C4-1452B596582D} - = Reg Data - Key not found (File not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data - Key not found (File not found)
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data - Key not found (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data - Key not found (File not found)
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} - Web Anti-Virus = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll (Kaspersky Lab )
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc. )
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} - eBay Toolbar = C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll ( )
{9999A076-A9E2-4C99-8A2B-632FC9429223} - Bonjour = C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc. )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc. )
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - UnlockerShellExtension = C:\Program Files\Unlocker\UnlockerCOM.dll ( )
{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - Kaspersky Anti-Virus - {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll (Kaspersky Lab )
* - Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll (Symantec Corporation )
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
* - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
AllFilesystemObjects - Copy To - Reg Data - Value does not exist = Reg Data - Key not found (File not found)
AllFilesystemObjects - Move To - Reg Data - Value does not exist = Reg Data - Key not found (File not found)
AllFilesystemObjects - UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll ( )
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Directory - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
Directory\Background - ACE - {5E2121EE-0300-11D4-8D3B-444553540000} = Reg Data - Key not found (File not found)
Folder - Kaspersky Anti-Virus - {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll (Kaspersky Lab )
Folder - Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll (Symantec Corporation )
Folder - UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll ( )
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\System32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1
HKCU->Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\\Application - notepad.exe

[>> Registry Run Keys <<]
HKLM->Run\\ATICCC - "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ( )
HKLM->Run\\ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc. )
HKLM->Run\\BJLaunchEXE - C:\Program Files\Canon\BJCard\BJLaunch.exe (CANON INC. )
HKLM->Run\\BJPD HID Control - C:\Program Files\Canon\BJPV\TVMon.exe (Canon Inc. )
HKLM->Run\\ccApp - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation )
HKLM->Run\\IAAnotif - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation )
HKLM->Run\\iTunesHelper - "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc. )
HKLM->Run\\Launch Ai Booster - C:\Program Files\ASUS\Ai Booster\OverClk.exe 1 ( )
HKLM->Run\\osCheck - "C:\Program Files\Norton Internet Security\osCheck.exe" (Symantec Corporation )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\SoundMAX - "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc. )
HKLM->Run\\SoundMAXPnP - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc. )
HKLM->Run\\SunJavaUpdateSched - "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" (Sun Microsystems, Inc. )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\MSMSGS - "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation )

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
incestuously - Reg Data - Key not found = Reg Data - Key not found (File not found)

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;

[PendingFileRenameOperations]
Session Manager\\PendingFileRenameOperations - \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\SyKnAppS\b7fbabfb-654d-4d92-a283-0419cf5d1b75_cohcol.wlt;

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]

[>> User Agent Post Platform <<]
SV1 -

[>> Winlogon <<]
HMLM->AltDefaultDomainName - ORKINS
HMLM->AltDefaultUserName - Administrator
HMLM->AutoAdminLogon - 0
HMLM->DefaultDomainName - ORKINS
HMLM->DefaultUserName - Administrator
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\AtiExtEvent - Ati2evxx.dll (ATI Technologies Inc. )
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\klogon - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab )
Notify\ModuleUsage - (File not found)
Notify\rpcc - C:\WINDOWS\system32\rpcc.dll (File not found)
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\winmmt32 - winmmt32.dll (File not found)
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{2755A136-FB46-4797-9C70-DF3813AFAECA} - (1394 Net Adapter)
{3A992D1D-9603-4DBF-B44E-3B3659299347} - ()
{8698CA2E-DF17-4BE6-B537-2FE4A6A3F056} - (1394 Net Adapter)
{9A409064-2475-4118-9E60-20AC99BE63BC} - ()
{D498EDDD-592F-425B-89E0-FC723E3310B8} - (3Com Gigabit LOM (3C940))

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 (Tcpip) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 (NTDS) - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 (Network Location Awareness (NLA) Namespace) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000004 (mdnsNSP) - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc. )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found)
msdaipp - (File not found)

[>> Protocol Filters (Non-Microsoft only) <<]

< Services (Non-Microsoft Only) >
Ati HotKey Poller (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc. ) [Automatic - Running - Win32, running in it's own process]
Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Canon BJ Memory Card Manager (Bjmcmng) - C:\Program Files\Canon\BJCard\Bjmcmng.exe (CANON INC. ) [Automatic - Running - Win32, running in it's own process]
Bonjour Service (Bonjour Service) - "C:\Program Files\Bonjour\mDNSResponder.exe" (Apple Computer, Inc. ) [Automatic - Running - Win32, running in it's own process]
Symantec Event Manager (ccEvtMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (Symantec Corporation ) [Automatic - Running - Win32, running in a shared process]
Symantec Settings Manager (ccSetMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (Symantec Corporation ) [Automatic - Running - Win32, running in a shared process]
Symantec Lic NetConnect service (CLTNetCnService) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (Symantec Corporation ) [Automatic - Running - Win32, running in a shared process]
IAA Event Monitor (IAANTMon) - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (Intel ) [Automatic - Running - Win32, running in it's own process]
iPod Service (iPod Service) - "C:\Program Files\iPod\bin\iPodService.exe" (Apple Computer, Inc. ) [On Demand - Running - Win32, running in it's own process]
Norton UnErase Protection (NProtectService) - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
SoundMAX Agent Service (SoundMAX Agent Service (default)) - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc. ) [Automatic - Running - Win32, running in it's own process]
Speed Disk service (Speed Disk service) - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Core LC (Symantec Core LC) - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec AppCore Service (SymAppCore) - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]

< Files >

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 11/15/2003 11:18:34 AM | Attr = HS])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 11/15/2003 11:18:34 AM | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 11/15/2003 6:07:24 AM | Attr = HS])
C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt - ( [Ver = | Size = 13 bytes | Date = 11/3/2005 1:39:46 PM | Attr = ])
C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt - ( [Ver = | Size = 13 bytes | Date = 10/10/2006 9:27:18 AM | Attr = ])
C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt - ( [Ver = | Size = 13 bytes | Date = 1/5/2006 5:45:08 PM | Attr = ])
C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt - ( [Ver = | Size = 13 bytes | Date = 1/3/2006 11:09:50 AM | Attr = ])
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache - ( [Ver = | Size = 3143 bytes | Date = 8/30/2006 12:11:02 PM | Attr = ])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Administrator\Application Data\.zreglib - ( [Ver = | Size = 83 bytes | Date = 10/30/2006 2:15:02 PM | Attr = HS])
C:\Documents and Settings\Administrator\Application Data\B5C97CE14F72423A8560E9BDE8C70FC4.rul - ( [Ver = | Size = 45801 bytes | Date = 11/6/2006 4:17:40 PM | Attr = HS])
C:\Documents and Settings\Administrator\Application Data\B5C97CE14F72423A8560E9BDE8C70FC4.sta - ( [Ver = | Size = 21565 bytes | Date = 11/6/2006 4:17:40 PM | Attr = HS])
C:\Documents and Settings\Administrator\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 11/15/2003 6:07:24 AM | Attr = HS])
C:\Documents and Settings\Administrator\Application Data\dm.ini - ( [Ver = | Size = 0 bytes | Date = 7/2/2004 12:44:44 PM | Attr = ])
C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT - ( [Ver = | Size = 33896 bytes | Date = 7/30/2005 7:15:38 PM | Attr = ])

Program Files Folder

Common Files Folder
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe - ( [Ver = | Size = 32179 bytes | Date = 10/25/2006 7:06:26 PM | Attr = HS])

DPF files
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} - LSSupCtl Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
{215B8138-A3CF-44C5-803F-8226143CFC0A} - Trend Micro ActiveX Scan Agent 6.5 - CodeBase = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
{36C0B01C-8031-11D4-A527-00C04F794627} - Merant Dimensions Native Code Client for MSIE - CodeBase = http://vfescaladium.vf.lmco.com:8080/dim_a...web90ie_jni.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab
{4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - PjAdoInfo3 Class - CodeBase = http://gbgnwww09t/projectserver/objects/pjclient.cab
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} - Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
{88D969C0-F192-11D4-A65F-0040963251E5} - XML DOM Document 4.0 - CodeBase = http://pcmsweb.ms.lmco.com/PCMS_WebPages/msxml4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{9600F64D-755F-11D4-A47F-0001023E6D5A} - Shutterfly Picture Upload Plugin - CodeBase = http://web1.shutterfly.com/downloads/Uploader.cab
{9A04E3F0-3BB2-11D2-91E2-00C04FAEC46B} - NMClient Class - CodeBase = http://conferencing.us.lmco.com/ConferencingBin/xcliacc.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...7941.3638425926
{AF9A1421-E128-4D5F-A37E-039F305867B9} - Pj11enuC Class - CodeBase = http://gbgnwww09t/projectserver/objects/1033/pjcintl.cab
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - Java Plug-in 1.4.2_06 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - - CodeBase = https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

Hosts file = 686 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a "#" symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
# -
127.0.0.1 localhost -

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 0
Desktop\Components\0 -
Desktop\Components\0\\Source - C:\Program Files\ASUS\kybewiqe.html
Desktop\Components\0\\SubscribedURL -
Desktop\Components\0\\FriendlyName -
Desktop\Components\0\\Flags - 8192
Desktop\Components\0\\Position - 2C 00 00 00 64 00 00 00 64 00 00 00 58 02 00 00 C8 00 00 00 E8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 14 00 00 00
Desktop\Components\0\\CurrentState - 1073741825
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 64 00 00 00 64 00 00 00 58 02 00 00 C8 00 00 00 01 00 00 00
Desktop\Components\0\\RestoredStateInfo - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\1 -
Desktop\Components\1\\Source - About:Home
Desktop\Components\1\\SubscribedURL - About:Home
Desktop\Components\1\\FriendlyName - My Current Home Page
Desktop\Components\1\\Flags - 2
Desktop\Components\1\\Position - 2C 00 00 00 00 01 00 00 00 00 00 00 00 04 00 00 E2 03 00 00 EA 03 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\1\\CurrentState - 1073741828
Desktop\Components\1\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00
Desktop\Components\1\\RestoredStateInfo - 18 00 00 00 6A 02 00 00 23 00 00 00 A4 00 00 00 9A 00 00 00 01 00 00 00
Desktop\General -
Desktop\General\\BackupWallpaper - %SystemRoot%\Web\Wallpaper\Bliss.bmp
Desktop\General\\WallpaperFileTime - 9E 79 39 FA 93 AB C3 01
Desktop\General\\WallpaperLocalFileTime - 9E 71 63 11 6A AB C3 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 2
Desktop\General\\Wallpaper - %SystemRoot%\Web\Wallpaper\Bliss.bmp
Desktop\General\\ComponentsPositioned - 2
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 20 03 00 00 3A 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\Components -
Desktop\SafeMode\Components\\DeskHtmlVersion - 272
Desktop\SafeMode\Components\\DeskHtmlMinorVersion - 5
Desktop\SafeMode\Components\\Settings - 1
Desktop\SafeMode\Components\\GeneralFlags - 0
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Jobs.def<<<<

DIR - C:\WINDOWS\tasks\*.* - Parameters = Include SubFolders
C:\WINDOWS\tasks\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 8/23/2001 10:00:00 AM | Attr = RH ])
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Administrator.job - ( [Ver = | Size = 580 bytes | Date = 11/4/2006 5:14:50 PM | Attr = ])
C:\WINDOWS\tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 10/30/2006 2:14:02 PM | Attr = H ])

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

KEY - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer -
Internet Explorer\Restrictions -

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 0
policies\Explorer\\NoDrives - 0
policies\Explorer\\NoViewOnDrive - 0
policies\Explorer\\NoActiveDesktop - 0
policies\Explorer\\ClassicShell - 0
policies\NonEnum -
policies\System -
policies\Uninstall -

KEY - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer -
Internet Explorer\Control Panel -
Internet Explorer\Control Panel\\Colors - 0
Internet Explorer\Restrictions -

>>>>Output for AddOn file SID_Run_Policies.def<<<<

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run -

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145
Policies\Explorer\\CDRAutoRun - 0

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145
Policies\Explorer\\CDRAutoRun - 0

< End of report >

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:33 PM

Posted 10 November 2006 - 12:40 PM

Hi tinmanic. Alright, let's clean some of this up.
  • Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.
  • Keep the standard settings.
  • In the AddOn-Options group click the checkboxes for
    • HKCU_IEDesktop.def
    to select them.
  • Now click the Run All Scans button on the toolbar.
Click on the Registry tab and scroll down to the following sections and click the checkboxes in front of the following items to select them:
[>> BHO's <<] section:{43C91A2B-2B04-4788-9321-44B3E6CA93C5} - Reg Data - Key not found = Reg Data - Key not found (File not found)
{871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} - Reg Data - Value does not exist = C:\WINDOWS\system32\prignhbr.dll ( )
{9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - BHO = C:\Program Files\BHO Plugin\plugin1.dll ( )
{c3703265-4671-4858-92a4-cba6a7b3bb45} - Reg Data - Key not found = Reg Data - Key not found (File not found)

[HKCU-> Internet Explorer Bars] section:{32683183-48a0-441b-a342-7c2a440a9478} - Reg Data - Key not found = Reg Data - Key not found (File not found)
[HKCU-> Internet Explorer ToolBars] section:ShellBrowser\\{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Reg Data - Key not found = Reg Data - Key not found (File not found)

[HKLM-> Internet Explorer Extensions] section:{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - ButtonText: Web Anti-Virus = Reg Data - Value does not exist (File not found)
{7F9DB11C-E358-4ca6-A83D-ACC663939424} - ButtonText: Bonjour = Reg Data - Value does not exist (File not found)
{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = Reg Data - Key not found (File not found)

[Shared Task Scheduler] section:incestuously - Reg Data - Key not found = Reg Data - Key not found (File not found)
[>> Winlogon <<] section:Notify\klogon - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab )
Notify\ModuleUsage - (File not found)
Notify\winmmt32 - winmmt32.dll (File not found)

Now click the Delete Entries button.

I do not know what this file is: C:\Program Files\ASUS\kybewiqe.html (it is located in the ASUS folder and might have been installed as a background by the motherboard manufacturer). If you did not install it as a desktop component then check the following also:
Click on the Add-On's tab and scroll down to the following sections and click the checkboxes in front of the following items to select them:
>>>>Output for AddOn file HKCU_IEDesktop.def<<<< section:Desktop\Components\0 -
Now click the Delete Items button.


We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):C:\WINDOWS\system32\prignhbr.dll
C:\Program Files\BHO Plugin\ <--folder
C:\WINDOWS\system32\klogon.dll

Now perform a search for these files and delete all instances. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.winmmt32.dll
Note: If you receive any error messages while trying to delete any of the above files/folders then reboot into Safe Mode and try to delete them again. See the instructions below on how to boot into Safe Mode.
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Ok, reboot normally and run a new winPFind2 report by doing the following:
  • Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.
  • Keep the standard settings.
  • In the AddOn-Options group click the checkboxes for
    • HKCU_IEDesktop.def
    • Jobs.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button to post the information back here and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 tinmanic

tinmanic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 28 November 2006 - 02:03 PM

Sorry, I was out of town for two weeks over Thanksgiving. I am posting the lastest log after completing your instructions. One thing, on reboot now I am getting a message that winlogon.exe has an error and needs to terminate. I think it has to do with deleting klogon.dll. Here is the latest report:

Logfile created on: 11/28/2006 1:56:06 PM
WinPFind2 by OldTimer - Version 1.0.14 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< Processes (Non-Microsoft Only) >
c:\program files\symantec\liveupdate\aluschedulersvc.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\appcore\appsvc32.exe - (Symantec Corporation )
c:\windows\system32\ati2evxx.exe - (ATI Technologies Inc. )
c:\windows\system32\ati2evxx.exe - (ATI Technologies Inc. )
c:\program files\canon\bjcard\bjlaunch.exe - (CANON INC. )
c:\program files\canon\bjcard\bjmcmng.exe - (CANON INC. )
c:\program files\common files\symantec shared\ccapp.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\ccsvchst.exe - (Symantec Corporation )
c:\program files\ati technologies\ati.ace\cli.exe - (ATI Technologies Inc. )
c:\program files\ati technologies\ati.ace\cli.exe - (ATI Technologies Inc. )
c:\program files\ati technologies\ati.ace\cli.exe - (ATI Technologies Inc. )
c:\program files\nortel networks\extranet.exe - (Nortel Networks NA, Inc. )
c:\program files\google\googletoolbarnotifier\1.2.908.5008\googletoolbarnotifier.exe - (Google Inc. )
c:\program files\intel\intel matrix storage manager\iaanotif.exe - (Intel Corporation )
c:\program files\intel\intel application accelerator\iaantmon.exe - (Intel )
c:\program files\ipod\bin\ipodservice.exe - (Apple Computer, Inc. )
c:\program files\itunes\ituneshelper.exe - (Apple Computer, Inc. )
c:\program files\java\jre1.5.0_09\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\program files\bonjour\mdnsresponder.exe - (Apple Computer, Inc. )
c:\progra~1\norton~1\norton~2\speedd~1\nopdb.exe - (Symantec Corporation )
c:\progra~1\norton~1\norton~2\nprotect.exe - (Symantec Corporation )
c:\program files\asus\ai booster\overclk.exe - ( )
c:\program files\quicktime\qttask.exe - (Apple Computer, Inc. )
c:\program files\analog devices\soundmax\smagent.exe - (Analog Devices, Inc. )
c:\program files\analog devices\soundmax\smax4pnp.exe - (Analog Devices, Inc. )
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe - (Symantec Corporation )
c:\program files\canon\bjpv\tvmon.exe - (Canon Inc. )
c:\documents and settings\administrator\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM->Main\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM->Main\\Default_Search_URL - http://www.google.com/ie
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page - http://my.yahoo.com/
HKCU->Main\\Search Bar - http://www.google.com/ie
HKCU->Main\\Search Page - http://www.google.com
HKCU->Main\\Local Page - C:\WINDOWS\system32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM->Search\\SearchAssistant - http://www.google.com/ie
HKCU->Search\\SearchAssistant - http://www.google.com/ie
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride - ;*.local;<local>

[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} - Reg Data - Value does not exist = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll (Symantec Corporation )
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - eBay Toolbar Helper = C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll ( )
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc. )
{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar4.dll (Google Inc. )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKCU-> Internet Explorer Bars]
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar4.dll (Google Inc. )
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint = C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ( )
{8E718888-423F-11D2-876E-00A0C9082467} - Radio = C:\WINDOWS\system32\msdxm.ocx ( )
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation )
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} - eBay Toolbar = C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll ( )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar4.dll (Google Inc. )

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8195 - Sun Java Console
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - 8202 - Reg Data - Key not found
{5E638779-1818-4754-A595-EF1C63B87A56} - 8198 - Express Cleanup
{7F9DB11C-E358-4ca6-A83D-ACC663939424} - 8199 - Reg Data - Key not found
{85d1f590-48f4-11d9-9669-0800200c9a66} - 8201 - Reg Data - Key not found
{92D7F210-7F20-11d3-8157-0090278B20DE} - 8194 - Reg Data - Key not found
{A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - 8200 - Reg Data - Key not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8197 - Reg Data - Value does not exist
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 - @C:\Program Files\Messenger\Msgslang.dll,-61144
NextId - 8203

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc. )
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc. )
{5E638779-1818-4754-A595-EF1C63B87A56} - ButtonText: Express Cleanup = C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ( )
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc. )
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: @C:\Program Files\Messenger\Msgslang.dll,-61144 = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )

[HKCU-> Internet Explorer Menu Extensions]
&eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html ( )
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (File not found)

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
- = Reg Data - Key not found (File not found)
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data - Key not found (File not found)
{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = Reg Data - Key not found (File not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = Reg Data - Key not found (File not found)
{6F5F1E41-9B53-4F8F-84C4-1452B596582D} - = Reg Data - Key not found (File not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data - Key not found (File not found)
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data - Key not found (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data - Key not found (File not found)
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} - Web Anti-Virus = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll (Kaspersky Lab )
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc. )
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} - eBay Toolbar = C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll ( )
{9999A076-A9E2-4C99-8A2B-632FC9429223} - Bonjour = C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc. )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc. )
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - UnlockerShellExtension = C:\Program Files\Unlocker\UnlockerCOM.dll ( )
{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - Kaspersky Anti-Virus - {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll (Kaspersky Lab )
* - Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll (Symantec Corporation )
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
* - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
AllFilesystemObjects - Copy To - Reg Data - Value does not exist = Reg Data - Key not found (File not found)
AllFilesystemObjects - Move To - Reg Data - Value does not exist = Reg Data - Key not found (File not found)
AllFilesystemObjects - UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll ( )
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Directory - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
Directory\Background - ACE - {5E2121EE-0300-11D4-8D3B-444553540000} = Reg Data - Key not found (File not found)
Folder - Kaspersky Anti-Virus - {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll (Kaspersky Lab )
Folder - Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll (Symantec Corporation )
Folder - UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll ( )
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\System32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1
HKCU->Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\\Application - notepad.exe

[>> Registry Run Keys <<]
HKLM->Run\\ATICCC - "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ( )
HKLM->Run\\ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc. )
HKLM->Run\\BJLaunchEXE - C:\Program Files\Canon\BJCard\BJLaunch.exe (CANON INC. )
HKLM->Run\\BJPD HID Control - C:\Program Files\Canon\BJPV\TVMon.exe (Canon Inc. )
HKLM->Run\\ccApp - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation )
HKLM->Run\\IAAnotif - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation )
HKLM->Run\\iTunesHelper - "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc. )
HKLM->Run\\Launch Ai Booster - C:\Program Files\ASUS\Ai Booster\OverClk.exe 1 ( )
HKLM->Run\\osCheck - "C:\Program Files\Norton Internet Security\osCheck.exe" (Symantec Corporation )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\SoundMAX - "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc. )
HKLM->Run\\SoundMAXPnP - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc. )
HKLM->Run\\SunJavaUpdateSched - "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" (Sun Microsystems, Inc. )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\MSMSGS - "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation )

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;

[PendingFileRenameOperations]

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]

[>> User Agent Post Platform <<]
SV1 -

[>> Winlogon <<]
HMLM->AltDefaultDomainName - ORKINS
HMLM->AltDefaultUserName - Administrator
HMLM->AutoAdminLogon - 0
HMLM->DefaultDomainName - ORKINS
HMLM->DefaultUserName - Administrator
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\AtiExtEvent - Ati2evxx.dll (ATI Technologies Inc. )
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\rpcc - C:\WINDOWS\system32\rpcc.dll (File not found)
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{2755A136-FB46-4797-9C70-DF3813AFAECA} - (1394 Net Adapter)
{3A992D1D-9603-4DBF-B44E-3B3659299347} - ()
{8698CA2E-DF17-4BE6-B537-2FE4A6A3F056} - (1394 Net Adapter)
{9A409064-2475-4118-9E60-20AC99BE63BC} - 166.29.2.72,166.17.13.36 ()
{D498EDDD-592F-425B-89E0-FC723E3310B8} - (3Com Gigabit LOM (3C940))

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 (Tcpip) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 (NTDS) - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 (Network Location Awareness (NLA) Namespace) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000004 (mdnsNSP) - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc. )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found)
msdaipp - (File not found)

[>> Protocol Filters (Non-Microsoft only) <<]

< Services (Non-Microsoft Only) >
Ati HotKey Poller (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc. ) [Automatic - Running - Win32, running in it's own process]
Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Canon BJ Memory Card Manager (Bjmcmng) - C:\Program Files\Canon\BJCard\Bjmcmng.exe (CANON INC. ) [Automatic - Running - Win32, running in it's own process]
Bonjour Service (Bonjour Service) - "C:\Program Files\Bonjour\mDNSResponder.exe" (Apple Computer, Inc. ) [Automatic - Running - Win32, running in it's own process]
Symantec Event Manager (ccEvtMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (Symantec Corporation ) [Automatic - Running - Win32, running in a shared process]
Symantec Settings Manager (ccSetMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (Symantec Corporation ) [Automatic - Running - Win32, running in a shared process]
Symantec Lic NetConnect service (CLTNetCnService) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (Symantec Corporation ) [Automatic - Running - Win32, running in a shared process]
IAA Event Monitor (IAANTMon) - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (Intel ) [Automatic - Running - Win32, running in it's own process]
iPod Service (iPod Service) - "C:\Program Files\iPod\bin\iPodService.exe" (Apple Computer, Inc. ) [On Demand - Running - Win32, running in it's own process]
Norton UnErase Protection (NProtectService) - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
SoundMAX Agent Service (SoundMAX Agent Service (default)) - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc. ) [Automatic - Running - Win32, running in it's own process]
Speed Disk service (Speed Disk service) - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Core LC (Symantec Core LC) - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec AppCore Service (SymAppCore) - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]

< Files >

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 11/15/2003 11:18:34 AM | Attr = HS])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 11/15/2003 11:18:34 AM | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 11/15/2003 6:07:24 AM | Attr = HS])
C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt - ( [Ver = | Size = 13 bytes | Date = 11/3/2005 1:39:46 PM | Attr = ])
C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt - ( [Ver = | Size = 13 bytes | Date = 10/10/2006 9:27:18 AM | Attr = ])
C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt - ( [Ver = | Size = 13 bytes | Date = 1/5/2006 5:45:08 PM | Attr = ])
C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt - ( [Ver = | Size = 13 bytes | Date = 1/3/2006 11:09:50 AM | Attr = ])
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache - ( [Ver = | Size = 3143 bytes | Date = 8/30/2006 12:11:02 PM | Attr = ])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Administrator\Application Data\.zreglib - ( [Ver = | Size = 83 bytes | Date = 11/10/2006 6:44:50 PM | Attr = HS])
C:\Documents and Settings\Administrator\Application Data\B5C97CE14F72423A8560E9BDE8C70FC4.rul - ( [Ver = | Size = 45801 bytes | Date = 11/6/2006 4:17:40 PM | Attr = HS])
C:\Documents and Settings\Administrator\Application Data\B5C97CE14F72423A8560E9BDE8C70FC4.sta - ( [Ver = | Size = 21565 bytes | Date = 11/6/2006 4:17:40 PM | Attr = HS])
C:\Documents and Settings\Administrator\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 11/15/2003 6:07:24 AM | Attr = HS])
C:\Documents and Settings\Administrator\Application Data\dm.ini - ( [Ver = | Size = 0 bytes | Date = 7/2/2004 12:44:44 PM | Attr = ])
C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT - ( [Ver = | Size = 33896 bytes | Date = 7/30/2005 7:15:38 PM | Attr = ])

Program Files Folder

Common Files Folder
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe - ( [Ver = | Size = 32179 bytes | Date = 10/25/2006 7:06:26 PM | Attr = HS])

DPF files
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} - LSSupCtl Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
{215B8138-A3CF-44C5-803F-8226143CFC0A} - Trend Micro ActiveX Scan Agent 6.5 - CodeBase = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
{36C0B01C-8031-11D4-A527-00C04F794627} - Merant Dimensions Native Code Client for MSIE - CodeBase = http://vfescaladium.vf.lmco.com:8080/dim_a...web90ie_jni.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab
{4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - PjAdoInfo3 Class - CodeBase = http://gbgnwww09t/projectserver/objects/pjclient.cab
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} - Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
{88D969C0-F192-11D4-A65F-0040963251E5} - XML DOM Document 4.0 - CodeBase = http://pcmsweb.ms.lmco.com/PCMS_WebPages/msxml4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{9600F64D-755F-11D4-A47F-0001023E6D5A} - Shutterfly Picture Upload Plugin - CodeBase = http://web1.shutterfly.com/downloads/Uploader.cab
{9A04E3F0-3BB2-11D2-91E2-00C04FAEC46B} - NMClient Class - CodeBase = http://conferencing.us.lmco.com/ConferencingBin/xcliacc.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...7941.3638425926
{AF9A1421-E128-4D5F-A37E-039F305867B9} - Pj11enuC Class - CodeBase = http://gbgnwww09t/projectserver/objects/1033/pjcintl.cab
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - Java Plug-in 1.4.2_06 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - - CodeBase = https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

Hosts file = 686 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a "#" symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
# -
127.0.0.1 localhost -

< Add On's >

>>>>Output for AddOn file HKCU_IEDesktop.def<<<<

KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 0
Desktop\Components\0 -
Desktop\Components\0\\Source - About:Home
Desktop\Components\0\\SubscribedURL - About:Home
Desktop\Components\0\\FriendlyName - My Current Home Page
Desktop\Components\0\\Flags - 2
Desktop\Components\0\\Position - 2C 00 00 00 00 01 00 00 00 00 00 00 00 04 00 00 E2 03 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 1073741828
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 FF FF 00 00 FF FF 00 00 FF FF FF FF FF FF FF FF 04 00 00 00
Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 6A 02 00 00 23 00 00 00 A4 00 00 00 9A 00 00 00 01 00 00 00
Desktop\General -
Desktop\General\\BackupWallpaper - %SystemRoot%\Web\Wallpaper\Bliss.bmp
Desktop\General\\WallpaperFileTime - 9E 79 39 FA 93 AB C3 01
Desktop\General\\WallpaperLocalFileTime - 9E 71 63 11 6A AB C3 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 2
Desktop\General\\Wallpaper - %SystemRoot%\Web\Wallpaper\Bliss.bmp
Desktop\General\\ComponentsPositioned - 2
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 00 05 00 00 E2 03 00 00
Desktop\SafeMode -
Desktop\SafeMode\Components -
Desktop\SafeMode\Components\\DeskHtmlVersion - 272
Desktop\SafeMode\Components\\DeskHtmlMinorVersion - 5
Desktop\SafeMode\Components\\Settings - 1
Desktop\SafeMode\Components\\GeneralFlags - 0
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -

>>>>Output for AddOn file Jobs.def<<<<

DIR - C:\WINDOWS\tasks\*.* - Parameters = Include SubFolders
C:\WINDOWS\tasks\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 8/23/2001 10:00:00 AM | Attr = RH ])
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Administrator.job - ( [Ver = | Size = 580 bytes | Date = 11/11/2006 12:27:44 AM | Attr = ])
C:\WINDOWS\tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 11/28/2006 1:46:20 PM | Attr = H ])

>>>>Output for AddOn file Policies.def<<<<

KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1

KEY - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer -
Internet Explorer\Restrictions -

KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 0
policies\Explorer\\NoDrives - 0
policies\Explorer\\NoViewOnDrive - 0
policies\Explorer\\NoActiveDesktop - 0
policies\Explorer\\ClassicShell - 0
policies\NonEnum -
policies\System -
policies\Uninstall -

KEY - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer -
Internet Explorer\Control Panel -
Internet Explorer\Control Panel\\Colors - 0
Internet Explorer\Restrictions -

>>>>Output for AddOn file SID_Run_Policies.def<<<<

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run -

KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145
Policies\Explorer\\CDRAutoRun - 0

KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145
Policies\Explorer\\CDRAutoRun - 0

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users