Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comp Keeps Freezing And Restarting And Beeping!


  • This topic is locked This topic is locked
27 replies to this topic

#1 r1ckst4

r1ckst4

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 08 February 2007 - 02:08 AM

Hey guys, i have a problem with this stupid HP computer of mine...

The main problem is that it keeps freezing/crashing! and sometimes it restarts itself... every once in a while the cpu would beep and my comp will start having a mind of its own coz it opens google and searches for QYTREW and sometimes it opens qytrew.net???? i have no idea why, that page doesnt even exist!

What's more annoying is that it sometimes go into my system setup when i first start the comp and it tries to change the date!

I have followed you Preperation Guide but the thing is that my comp would freeze everytime it gets scanned... i tried Housecall, Panda, and my own AVG... it also freezed when i tried McAffe Stinger... the only thing that i can use it my Spybot search and destroy *sigh*

On the days when this comp doesnt beep, it freezes. I rarely shut it down anymore coz it freezes all the time...

Anyways here's a screen shot of the error report microsoft gave me after my comp just restarted it self:

Posted Image

and here is my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:45:02 p.m., on 8/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.nz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8106372-EDA4-45B8-AA62-4F3CF7F68AA8}: NameServer = 210.55.12.1 210.55.12.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: explorer - explorer.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\WINDOW~4\fastload.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

===================================================================

Should i just reformat this computer??? what do u think?
thanks for reading this and i hope u guys here can help me :thumbsup:

-rick

Edited by r1ckst4, 08 February 2007 - 02:09 AM.


BC AdBot (Login to Remove)

 


#2 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:10:22 AM

Posted 14 February 2007 - 06:28 PM

Yep, you have a bugger there. However, I doubt that's the source of your problem.

I would like to see if any other startups are involved. To do this, I need to see another type of log please. Go here and download Silent Runners.vbs to a new folder on your Desktop (Clicking the the download link works if you use IE. If you use FireFox, rightclick on the link and choose "Save Link As") and run it. It generates a log too. It takes a minute or two and it will notify you with a popup when your log is ready (make sure you wait for the popups please) Please post the information back in this thread too (you may need to make a couple of posts). If your antivirus program queries the script, allow it to run. It's not malicious.

#3 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 16 February 2007 - 07:32 AM

Hi there YounGun!
thanks for replying to my thread :flowers:

umm, i downloaded Silent Runners (placed it in a new folder on my desktop) but evrytime i try to open it by double clicking i get an error message from Windows Script Host and is says that it "could not locate automation class named "WScript.Shell".

any idea? :thumbsup:

#4 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:10:22 AM

Posted 16 February 2007 - 08:11 AM

Download and install this file.

Try running silentrunners again.

#5 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 18 February 2007 - 06:42 PM

Done that YounGun but it still shows the same error message... sorry :thumbsup:

#6 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:10:22 AM

Posted 19 February 2007 - 09:28 AM

Download WinPFind.exe to your desktop and double-click on the WinPFind.exe file to extract the contents.

It will create a folder named WinPFind on your desktop.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Open the WinPfind folder on your desktop and double-click on the WinPFind.exe file to run it. Now click the Start Scan button to begin the scan.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here and I will review the information when it comes in.

#7 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 19 February 2007 - 07:24 PM

WinPFind logfile created on: 20/02/2007 12:52:11 p.m.
WinPFind by OldTimer - v2.0.1 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind\

»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 7.0.5730.11

»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

261612 Kb Total Physical Memory | 152512 Kb Available Physical Memory | 58.30% Memory free
831300 Kb Paging File | 769008 Kb Available in Paging File | 92.51% Paging File free
Paging file location: C:\pagefile.sys 576 576

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33575848 Kb Total Space | 5125884 Kb Free Space | 15.27% Space Free
Drive D: | 5531572 Kb Total Space | 741952 Kb Free Space | 13.41% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

C:\Documents and Settings\Owner\Desktop\WinPFind\WinPFind.exe ()

»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.)

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG Free\avgemc.exe (GRISOFT, s.r.o.)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

(iPodService) iPodService [Win32_Own | On_Demand | Stopped]
= C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)

(MySql) MySql [Win32_Own | Auto | Stopped]
= C:\mysql\bin\mysqld-nt.exe ()

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped]
= C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Stopped]
= C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Stopped]
= C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVG7_CC = C:\Program Files\Grisoft\AVG Free\avgcc.exe (GRISOFT, s.r.o.)
hp Silent Service = C:\WINDOWS\system32\HpSrvUI.exe (Hewlett-Packard Co.)
hpScannerFirstBoot = c:\hp\drivers\scanners\scannerfb.exe (Hewlett-Packard Co.)
hpsysdrv = c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
NvCplDaemon = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
Recguard = C:\WINDOWS\SMINST\Recguard.exe ()
regcmdcons = c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd (File not found)
SmcService = C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NCLaunch = C:\WINDOWS\NCLAUNCH.EXe (Northcode Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1

< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

< User Startup Folder = C:\Documents and Settings\Owner\Start Menu\Programs\Startup >
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini ()

>>>>> MsConfig Disabled Items <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup = C:\WINDOWS\pss\Adobe Gamma Loader.lnk (File not found)
location = Common Startup
command = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
item = Adobe Gamma Loader

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
backup = C:\WINDOWS\pss\GStartup.lnk (File not found)
location = Common Startup
item = GStartup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup = C:\WINDOWS\pss\Microsoft Office.lnk (File not found)
location = Common Startup
item = Microsoft Office

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
backup = C:\WINDOWS\pss\Updates from HP.lnk (File not found)
location = Common Startup
command = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe ()
item = Updates from HP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup = C:\WINDOWS\pss\WinZip Quick Pick.lnk (File not found)
location = Common Startup
command = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
item = WinZip Quick Pick

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcxMonitor]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
hkey = HKLM
command = C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AltnetPointsManager]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Points Manager
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Ares
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ashMaiSv]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = ashmaisv
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CamMonitor]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = hpqcmon
hkey = HKLM
command = c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = CloneCDTray
hkey = HKLM
command = C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CMESys]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = CMESys
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools-1033]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\daemon.dll ()
hkey = HKLM
command = C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gah95on6]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = gah95on6
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
hkey = HKLM
command = C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = iTunesHelper
hkey = HKLM
command = C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KBD]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = KBD
hkey = HKLM
command = C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = dumprep 0 -k
hkey = HKLM
command = %systemroot%\system32\dumprep 0 -k
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = MediaAccK
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MessengerPlus3]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = MsgPlus
hkey = HKLM
command = C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Tray]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Games (1)
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Mirabilis ICQ]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = ICQNet
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyAgent]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = mnyexpr
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = msmsgs
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnappau]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = msnappau
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
hkey = HKLM
command = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\nwiz.exe ()
hkey = HKLM
command = C:\WINDOWS\system32\nwiz.exe ()
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\P2P Networking]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PS2]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
hkey = HKLM
command = C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\qncreb]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = qncreb
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = qttask
hkey = HKLM
command = C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegistryMechanic]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item =
hkey = HKLM
command =
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Reminder]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Remind_XP
hkey = HKLM
command = C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\salm]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = salm
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Share-to-Web Namespace Daemon]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = hpgs2wnd
hkey = HKLM
command = c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SNPMI03]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\vsnpmi03.exe ()
hkey = HKLM
command = C:\WINDOWS\vsnpmi03.exe ()
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StorageGuard]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = sgtray
hkey = HKLM
command = C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = jusched
hkey = HKLM
command = C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SurfAccuracy]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = SAcc
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = SNDMon
hkey = HKLM
command = C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = evntsvc
hkey = HKLM
command = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe (RealNetworks, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updmgr]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = updmgr
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\warez]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = warez
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\wcmdmgr]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = wcmdmgrl
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = WebRebates0
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebSavingsfromEbates]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = WebSavingsfromEbates"
hkey = HKLM
command = wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Window Washer]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = wwDisp
hkey = HKCU
command = C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Automation]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = mslaugh
hkey = HKLM
command = mslaugh.exe
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinPatrol]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = WinPatrol
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = ypager
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = gnotify
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
system.ini = 0
win.ini = 0
bootini = 0
services = 0
startup = 2

#8 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 19 February 2007 - 07:25 PM

>>>>> Disabled Startup Folder Items <<<<<

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = ( HKLM = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) )


>>>>> Security Providers <<<<<

>>>>> Winlogon Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
Control_RunDLL (File not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
DllName = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\explorer]
DllName = explorer.dll (File not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
DllName = C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
DllName = C:\Program Files\WindowBlinds\fastload.dll (Stardock)

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\WINDOWS\1 ()
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = C:\WINDOWS\1 ()
undockwithoutlogon = C:\WINDOWS\1 ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 145

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home

>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 734 bytes | Modified Date: 20/04/2004 3:06:36 a.m.)
127.0.0.1 localhost

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.google.co.nz/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
- ( HKLM = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

>>>>> Bars, Toolbars and Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit ( HKLM = C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\ShellBrowser]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit ( HKLM = C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit ( HKLM = C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company) )
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} = 8193 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8195 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8196

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
MenuText = Sun Java Console
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKLM C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.) )
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKCU C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}]
ButtonText = MoneySide
ClsidExtension = {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - Reg Data - Value does not exist ( HKLM C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation) )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download with &DAP]
@ = C:\Program Files\DAP\dapextie.htm ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP]
@ = C:\Program Files\DAP\dapextie2.htm ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel]
@ = 000 (File not found)

>>>>> Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{2F5AC606-70CF-461C-BFE1-734234536262} = DisplayCplExt Class ( HKLM = C:\Program Files\WindowBlinds\wbui.dll (Stardock.Net, Inc) )
{32683183-48a0-441b-a342-7c2a440a9478} = Media Band ( CLSID not found! )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( CLSID not found! )
{52B87208-9CCF-42C9-B88E-069281105805} = Trojan Remover Shell Extension ( CLSID not found! )
{6EE51AA0-77A0-11D7-B4E1-000347126E46} = Window Washer Shell Shredding Utility ( HKLM = C:\Program Files\Common Files\Webroot Shared\ShellWash.dll (Webroot Software) )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} = SampleView ( HKLM = C:\WINDOWS\system32\ShellvRTF.dll (XSS) )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG7 Shell Extension Class ( HKLM = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} = AVG7 Find Extension Class ( HKLM = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) )
{A4DF5659-0801-4A60-9607-1C48695EFDA9} = Share-to-Web Upload Folder ( HKLM = c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wns.dll (Hewlett-Packard) )
{A70C977A-BF00-412C-90B7-034C51DA2439} = DesktopContext Class ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes ( HKLM = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.) )
{E0D79304-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79305-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79306-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79307-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = TrojanHunter Menu Shell Extension ( CLSID not found! )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealOne Player\rpplugins\ierpplug.dll (RealNetworks) )
{FFB699E0-306A-11d3-8BD1-00104B6F7516} = NVIDIA CPL Extension ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}]
- SASContextMenu Class ( HKLM = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Washer]
@ = {6EE51AA0-77A0-11D7-B4E1-000347126E46} ( HKLM = C:\Program Files\Common Files\Webroot Shared\ShellWash.dll (Webroot Software) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}]
- SASContextMenu Class ( HKLM = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\Washer]
@ = {6EE51AA0-77A0-11D7-B4E1-000347126E46} ( HKLM = C:\Program Files\Common Files\Webroot Shared\ShellWash.dll (Webroot Software) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\00nView]
@ = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} ( HKLM = C:\WINDOWS\system32\nvshell.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\igfxcui]
@ = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} ( HKLM = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\NvCplDesktopContext]
@ = {A70C977A-BF00-412C-90B7-034C51DA2439} ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\Washer]
@ = {6EE51AA0-77A0-11D7-B4E1-000347126E46} ( HKLM = C:\Program Files\Common Files\Webroot Shared\ShellWash.dll (Webroot Software) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

>>>>> User Agent Post Platform <<<<<

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11C25FA2-EE28-4C8D-AD3D-0940E24914AC}] ( Realtek RTL8139 Family PCI Fast Ethernet NIC )
DefaultGateway =
DhcpIPAddress = 10.1.1.3
DhcpServer = 10.1.1.1
DhcpSubnetMask = 255.0.0.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B738101E-7E19-450C-9EFC-1570085E3981}]
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DB04707B-E6D4-4877-B60B-C022800D02D5}] ( 1394 Net Adapter )
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Protocol Handlers <<<<<

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{80DD2229-B8E4-4C77-B72F-F22972D723EA}\DownloadInformation]
CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab
INF = C:\WINDOWS\Downloaded Program Files\bitdefender.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}\DownloadInformation]
CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation]
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
INF = C:\WINDOWS\Downloaded Program Files\asinst.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B9191F79-5613-4C76-AA2A-398534BB8999}\DownloadInformation]
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/products/plugin/1.3.1/...-131_04-win.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

»»»»»»»»»»»»»»»»»»»» Files Created Within 60 Days »»»»»»»»»»»»»

C:\AVG7QT.DAT [Ver = | Size = 11942607 bytes | Created Date = 31/12/2006 7:00:09 a.m. | Attr = ]
C:\Documents and Settings\Owner\My Documents\surat visa.doc [Ver = | Size = 20992 bytes | Created Date = 11/01/2007 9:32:09 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\cbr maintenance5.pdf [Ver = | Size = 660499 bytes | Created Date = 20/02/2007 9:06:07 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\Meenal and I.lnk [Ver = | Size = 643 bytes | Created Date = 31/01/2007 10:34:21 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\PPL Law Ans.pdf [Ver = | Size = 50905 bytes | Created Date = 8/01/2007 8:36:04 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\PPL Law Qs.pdf [Ver = | Size = 127016 bytes | Created Date = 8/01/2007 8:35:26 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\winpfind.exe [Ver = | Size = 262159 bytes | Created Date = 20/02/2007 11:42:49 a.m. | Attr = ]
C:\WINDOWS\imsins.BAK [Ver = | Size = 1374 bytes | Created Date = 19/02/2007 4:50:23 p.m. | Attr = ]
C:\WINDOWS\System32\asuninst.exe Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 8/02/2007 12:11:09 a.m. | Attr = ]
C:\WINDOWS\System32\d3d8caps.dat [Ver = | Size = 552 bytes | Created Date = 12/01/2007 9:51:42 p.m. | Attr = ]
C:\WINDOWS\System32\d3d9caps.dat [Ver = | Size = 664 bytes | Created Date = 25/01/2007 9:40:13 a.m. | Attr = ]
C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Created Date = 8/02/2007 12:04:25 a.m. | Attr = ]
C:\WINDOWS\System32\java.exe Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Created Date = 7/02/2007 11:47:41 a.m. | Attr = ]
C:\WINDOWS\System32\javaw.exe Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Created Date = 7/02/2007 11:47:41 a.m. | Attr = ]
C:\WINDOWS\System32\javaws.exe Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Created Date = 7/02/2007 11:47:41 a.m. | Attr = ]
C:\WINDOWS\System32\nvapps.xml [Ver = | Size = 88566 bytes | Created Date = 26/01/2007 2:13:44 p.m. | Attr = ]
C:\WINDOWS\System32\nvdisp.nvu [Ver = | Size = 17056 bytes | Created Date = 26/01/2007 2:13:41 p.m. | Attr = ]
C:\WINDOWS\System32\nvudisp.exe NVIDIA Corporation [Ver = 1 , 0 , 1 , 55 | Size = 208896 bytes | Created Date = 26/01/2007 2:13:40 p.m. | Attr = ]
C:\WINDOWS\System32\NVUNINST.EXE NVIDIA Corporation [Ver = 1 , 0 , 1 , 55 | Size = 208896 bytes | Created Date = 26/01/2007 2:12:43 p.m. | Attr = ]
C:\WINDOWS\System32\pavas.ico [Ver = | Size = 30590 bytes | Created Date = 8/02/2007 12:04:17 a.m. | Attr = ]
C:\WINDOWS\System32\secupd.dat [Ver = | Size = 4569 bytes | Created Date = 4/02/2007 11:31:46 a.m. | Attr = ]
C:\WINDOWS\System32\secupd.sig [Ver = | Size = 7208 bytes | Created Date = 4/02/2007 11:31:46 a.m. | Attr = ]
C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Created Date = 8/02/2007 12:04:26 a.m. | Attr = ]
C:\WINDOWS\System32\ZPORT4AS.dll [Ver = | Size = 11776 bytes | Created Date = 8/02/2007 12:11:08 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 18/01/2007 9:43:48 p.m. | Attr = ]
C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Created Date = 18/01/2007 9:43:47 p.m. | Attr = ]
C:\WINDOWS\System32\drivers\netwlan5.img [Ver = | Size = 67866 bytes | Created Date = 4/02/2007 11:31:46 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 7/02/2007 12:02:48 p.m. | Attr = ]

»»»»»»»»»»»»»»»»»»»» Files Modified Within 60 Days »»»»»»»»»»»»»

C:\AVG7QT.DAT [Ver = | Size = 11942607 bytes | Modified Date = 31/12/2006 8:00:16 a.m. | Attr = ]
C:\boot.ini [Ver = | Size = 281 bytes | Modified Date = 7/02/2007 10:55:46 a.m. | Attr = RHS]
C:\NTDETECT.COM [Ver = | Size = 47564 bytes | Modified Date = 4/02/2007 1:03:52 p.m. | Attr = RHS]
C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 159232 bytes | Modified Date = 5/02/2007 3:46:50 p.m. | Attr = ]
C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 36776 bytes | Modified Date = 4/02/2007 3:24:12 p.m. | Attr = ]
C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [Ver = | Size = 1580148 bytes | Modified Date = 12/02/2007 3:14:52 a.m. | Attr = H ]
C:\Documents and Settings\Owner\My Documents\Angela Christina's CV.doc [Ver = | Size = 35328 bytes | Modified Date = 7/02/2007 9:42:30 p.m. | Attr = ]
C:\Documents and Settings\Owner\My Documents\desktop.ini [Ver = | Size = 76 bytes | Modified Date = 5/02/2007 12:20:50 p.m. | Attr = HS]
C:\Documents and Settings\Owner\My Documents\surat visa.doc [Ver = | Size = 20992 bytes | Modified Date = 12/01/2007 10:46:36 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\cbr maintenance5.pdf [Ver = | Size = 660499 bytes | Modified Date = 20/02/2007 10:08:10 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\Meenal and I.lnk [Ver = | Size = 643 bytes | Modified Date = 31/01/2007 11:34:22 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk [Ver = | Size = 2483 bytes | Modified Date = 19/02/2007 9:49:44 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\PPL Law Ans.pdf [Ver = | Size = 50905 bytes | Modified Date = 8/01/2007 9:36:06 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\PPL Law Qs.pdf [Ver = | Size = 127016 bytes | Modified Date = 8/01/2007 9:35:28 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\winpfind.exe [Ver = | Size = 262159 bytes | Modified Date = 20/02/2007 12:43:36 p.m. | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 20/02/2007 12:48:12 p.m. | Attr = S]
C:\WINDOWS\imsins.BAK [Ver = | Size = 1374 bytes | Modified Date = 19/02/2007 5:53:56 p.m. | Attr = ]
C:\WINDOWS\mozver.dat [Ver = | Size = 7114 bytes | Modified Date = 17/02/2007 12:52:34 a.m. | Attr = ]
C:\WINDOWS\system.ini [Ver = | Size = 282 bytes | Modified Date = 7/02/2007 10:55:46 a.m. | Attr = ]
C:\WINDOWS\Thumbs.db [Ver = | Size = 74752 bytes | Modified Date = 17/01/2007 6:59:28 p.m. | Attr = HS]
@Alternate Data Stream - C:\WINDOWS\Thumbs.db:encryptable (0 bytes)
C:\WINDOWS\win.ini [Ver = | Size = 413 bytes | Modified Date = 8/02/2007 2:52:36 a.m. | Attr = ]
C:\WINDOWS\winamp.ini [Ver = | Size = 1125 bytes | Modified Date = 16/02/2007 10:30:36 p.m. | Attr = ]
C:\WINDOWS\WMSysPr9.prx [Ver = | Size = 316640 bytes | Modified Date = 4/02/2007 3:14:38 p.m. | Attr = ]
C:\WINDOWS\System32\amcompat.tlb [Ver = | Size = 16832 bytes | Modified Date = 26/01/2007 12:18:22 p.m. | Attr = ]
C:\WINDOWS\System32\d3d8caps.dat [Ver = | Size = 552 bytes | Modified Date = 12/01/2007 10:51:44 p.m. | Attr = ]
C:\WINDOWS\System32\d3d9caps.dat [Ver = | Size = 664 bytes | Modified Date = 25/01/2007 10:40:14 a.m. | Attr = ]
C:\WINDOWS\System32\FNTCACHE.DAT [Ver = | Size = 165912 bytes | Modified Date = 4/02/2007 3:11:50 p.m. | Attr = ]
C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Modified Date = 8/02/2007 2:15:54 a.m. | Attr = ]
C:\WINDOWS\System32\nscompat.tlb [Ver = | Size = 23392 bytes | Modified Date = 26/01/2007 12:18:22 p.m. | Attr = ]
C:\WINDOWS\System32\nvapps.xml [Ver = | Size = 88566 bytes | Modified Date = 20/02/2007 9:18:16 a.m. | Attr = ]
C:\WINDOWS\System32\pavas.ico [Ver = | Size = 30590 bytes | Modified Date = 8/02/2007 2:15:52 a.m. | Attr = ]
C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 46080 bytes | Modified Date = 14/02/2007 11:32:24 a.m. | Attr = ]
C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 365076 bytes | Modified Date = 14/02/2007 11:32:24 a.m. | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 416732 bytes | Modified Date = 14/02/2007 11:32:22 a.m. | Attr = ]
C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Modified Date = 8/02/2007 2:15:54 a.m. | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 1158 bytes | Modified Date = 19/02/2007 11:49:20 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Modified Date = 14/02/2007 2:11:28 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 18/01/2007 10:43:48 p.m. | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 27776 bytes | Modified Date = 14/02/2007 2:11:30 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 18/01/2007 10:43:50 p.m. | Attr = ]
C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Modified Date = 14/02/2007 2:11:28 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\avgtdi.sys GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 18/01/2007 10:43:50 p.m. | Attr = ]
C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 7/02/2007 12:53:50 p.m. | Attr = ]

»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
@Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\Thumbs.db:encryptable (0 bytes)
[UPX! , UPX0 , ]C:\WINDOWS\daemon.dll ()
[UPX! , UPX0 , ]C:\WINDOWS\epuninstall.exe ()
@Alternate Data Stream - C:\WINDOWS\Thumbs.db:encryptable (0 bytes)
[UPX! , UPX0 , ]C:\WINDOWS\Unwash5.exe ()
[SAHAgent , ]C:\WINDOWS\System32\70tovmto.ini ()
[WSUD , ]C:\WINDOWS\System32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
[SAHAgent , ]C:\WINDOWS\System32\bln02nqv.ini ()
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[SAHAgent , ]C:\WINDOWS\System32\gah95on6.ini ()
[aspack , ]C:\WINDOWS\System32\jesterss.dll ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\MACDec.dll (Matthew T. Ashland)
[UPX! , UPX0 , ]C:\WINDOWS\System32\MonkeySource.ax ()
@Alternate Data Stream - C:\WINDOWS\System32\Thumbs.db:encryptable (0 bytes)
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[aspack , FSG! , PEC2 , UPX! , ]C:\WINDOWS\System32\drivers\avg7core.sys (GRISOFT, s.r.o.)
[PTech , ]C:\WINDOWS\System32\drivers\mtlstrm.sys (Smart Link)

< End of report >

#9 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 19 February 2007 - 07:32 PM

there u go YounGun, hope that helps :thumbsup: cheers mate

#10 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:10:22 AM

Posted 20 February 2007 - 04:41 AM

Yes, it does :thumbsup:

Go to start > control panel > add/remove programs > and uninstall the following : Media Access, SurfAccuracy, MessengerPlus3 (the last one only if you have installed it with the sponsor program)

Download : Download AVG Anti-Spyware 7.5 and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Select “Change state" to inactivate 'Resident Shield' and 'Automatic Updates'
    Right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
    Go to Start > Run and type: services.msc
  • Press "OK".
  • In Services, click the "Extended tab" and scroll down the list to find AVG anti-spyware 7.5 guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
      If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet. We will shortly.

Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "BFU"

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not run the Uninstaller and the Remover yet.

Please reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key.
Use the arrow keys to highlight Safe Mode and press the Enter key.
  • While in Safe Mode, Scan with AVG Anti-Spyware as follows:
    1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware
Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe

Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu

Press execute and let it do its job.

Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Please run HijackThis, click Scan, and check the following:

O20 - Winlogon Notify: explorer - explorer.dll (file missing)

Close all open windows except HijackThis, and click Fix Checked.

Reboot into normal windows

Please copy the text in the quote box below, and paste it into a blank notepad window.
Save it as regfix.reg and in the save as type box choose all files.

Once you have saved it double click it and allow it to merge with the registry.


REGEDIT 4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcxMonitor]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AltnetPointsManager]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CMESys]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gah95on6]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\P2P Networking]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\qncreb]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\salm]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SNPMI03]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SurfAccuracy]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updmgr]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\warez]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebSavingsfromEbates]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Automation]



REBOOT

When your computer boots back, post the AVG antispyware log, a new hijackthis log and a new winpfind log.

#11 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 22 February 2007 - 12:20 AM

Hi YouGun! umm i tried to uninstall those programs that u advised to me but i couldnt find them in the Remove Program menu :thumbsup: so yeah...

Anyways, here's my AVG antispyware log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:11:38 p.m. 22/02/2007

+ Scan result:



C:\WINDOWS\system32\70tovmto.ini -> Adware.Sahat : Cleaned.
C:\System Volume Information\_restore{D97058E4-EF03-45C5-8FFE-3DC881C25C4F}\RP785\A0756830.dll -> Adware.WinAD : Cleaned.
C:\Documents and Settings\Owner\My Documents\My Received Files\awesome cars slide show.exe -> Not-A-Virus.BadJoke.Win32.Stupen.c : Cleaned.
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\crnrsxjk.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Phoenix\Profiles\default\crnrsxjk.slt\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.ttu\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end




HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 5:40:15 p.m., on 22/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WindowBlinds\wbload.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.nz/
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\WINDOW~4\fastload.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

#12 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 22 February 2007 - 12:24 AM

And here's my WinPFind report:

WinPFind logfile created on: 22/02/2007 5:41:38 p.m.
WinPFind by OldTimer - v2.0.1 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind\

»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 7.0.5730.11

»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

261612 Kb Total Physical Memory | 84492 Kb Available Physical Memory | 32.30% Memory free
831300 Kb Paging File | 588016 Kb Available in Paging File | 70.73% Paging File free
Paging file location: C:\pagefile.sys 576 576

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33575848 Kb Total Space | 4857428 Kb Free Space | 14.47% Space Free
Drive D: | 5531572 Kb Total Space | 741948 Kb Free Space | 13.41% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

C:\Documents and Settings\Owner\Desktop\WinPFind\WinPFind.exe ()
C:\mysql\bin\mysqld-nt.exe ()
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG Free\avgcc.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG Free\avgemc.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
C:\Program Files\WindowBlinds\wbload.exe (Stardock Systems, Inc)
C:\WINDOWS\NCLAUNCH.EXe (Northcode Inc.)
C:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
C:\WINDOWS\system32\HpSrvUI.exe (Hewlett-Packard Co.)
C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.)

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG Free\avgemc.exe (GRISOFT, s.r.o.)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

(iPodService) iPodService [Win32_Own | On_Demand | Stopped]
= C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)

(MySql) MySql [Win32_Own | Auto | Running]
= C:\mysql\bin\mysqld-nt.exe ()

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running]
= C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running]
= C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running]
= C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVG7_CC = C:\Program Files\Grisoft\AVG Free\avgcc.exe (GRISOFT, s.r.o.)
hp Silent Service = C:\WINDOWS\system32\HpSrvUI.exe (Hewlett-Packard Co.)
hpScannerFirstBoot = c:\hp\drivers\scanners\scannerfb.exe (Hewlett-Packard Co.)
hpsysdrv = c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
NvCplDaemon = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
Recguard = C:\WINDOWS\SMINST\Recguard.exe ()
regcmdcons = c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd (File not found)
SmcService = C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NCLaunch = C:\WINDOWS\NCLAUNCH.EXe (Northcode Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1

< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

< User Startup Folder = C:\Documents and Settings\Owner\Start Menu\Programs\Startup >
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini ()

>>>>> MsConfig Disabled Items <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup = C:\WINDOWS\pss\Adobe Gamma Loader.lnk (File not found)
location = Common Startup
command = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
item = Adobe Gamma Loader

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
backup = C:\WINDOWS\pss\GStartup.lnk (File not found)
location = Common Startup
item = GStartup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup = C:\WINDOWS\pss\Microsoft Office.lnk (File not found)
location = Common Startup
item = Microsoft Office

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
backup = C:\WINDOWS\pss\Updates from HP.lnk (File not found)
location = Common Startup
command = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe ()
item = Updates from HP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup = C:\WINDOWS\pss\WinZip Quick Pick.lnk (File not found)
location = Common Startup
command = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
item = WinZip Quick Pick

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcxMonitor]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
hkey = HKLM
command = C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AltnetPointsManager]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Points Manager
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Ares
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ashMaiSv]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = ashmaisv
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CamMonitor]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = hpqcmon
hkey = HKLM
command = c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = CloneCDTray
hkey = HKLM
command = C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CMESys]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = CMESys
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools-1033]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\daemon.dll ()
hkey = HKLM
command = C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gah95on6]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = gah95on6
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
hkey = HKLM
command = C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = iTunesHelper
hkey = HKLM
command = C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KBD]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = KBD
hkey = HKLM
command = C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = dumprep 0 -k
hkey = HKLM
command = %systemroot%\system32\dumprep 0 -k
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = MediaAccK
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MessengerPlus3]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = MsgPlus
hkey = HKLM
command = C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Tray]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Games (1)
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Mirabilis ICQ]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = ICQNet
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyAgent]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = mnyexpr
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = msmsgs
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnappau]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = msnappau
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
hkey = HKLM
command = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\nwiz.exe ()
hkey = HKLM
command = C:\WINDOWS\system32\nwiz.exe ()
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\P2P Networking]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PS2]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
hkey = HKLM
command = C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\qncreb]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = qncreb
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = qttask
hkey = HKLM
command = C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegistryMechanic]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item =
hkey = HKLM
command =
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Reminder]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Remind_XP
hkey = HKLM
command = C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\salm]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = salm
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Share-to-Web Namespace Daemon]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = hpgs2wnd
hkey = HKLM
command = c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SNPMI03]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\vsnpmi03.exe ()
hkey = HKLM
command = C:\WINDOWS\vsnpmi03.exe ()
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StorageGuard]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = sgtray
hkey = HKLM
command = C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = jusched
hkey = HKLM
command = C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SurfAccuracy]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = SAcc
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = SNDMon
hkey = HKLM
command = C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = evntsvc
hkey = HKLM
command = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe (RealNetworks, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updmgr]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = updmgr
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\warez]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = warez
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\wcmdmgr]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = wcmdmgrl
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = WebRebates0
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebSavingsfromEbates]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = WebSavingsfromEbates"
hkey = HKLM
command = wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Window Washer]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = wwDisp
hkey = HKCU
command = C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Automation]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = mslaugh
hkey = HKLM
command = mslaugh.exe
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinPatrol]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = WinPatrol
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = ypager
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = gnotify
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
system.ini = 0
win.ini = 0
bootini = 0
services = 0
startup = 2

>>>>> Disabled Startup Folder Items <<<<<

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = AVG Anti-Spyware 7.5 ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.) )
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = ( HKLM = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) )


>>>>> Security Providers <<<<<

>>>>> Winlogon Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
Control_RunDLL (File not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
DllName = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
DllName = C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
DllName = C:\Program Files\WindowBlinds\fastload.dll (Stardock)

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\WINDOWS\1 ()
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = C:\WINDOWS\1 ()
undockwithoutlogon = C:\WINDOWS\1 ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 145

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home

>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 734 bytes | Modified Date: 20/04/2004 3:06:36 a.m.)
127.0.0.1 localhost

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.google.co.nz/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
- ( HKLM = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

>>>>> Bars, Toolbars and Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit ( HKLM = C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\ShellBrowser]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit ( HKLM = C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit ( HKLM = C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company) )
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} = 8193 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8195 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8196

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
MenuText = Sun Java Console
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKLM C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.) )
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKCU C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}]
ButtonText = MoneySide
ClsidExtension = {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - Reg Data - Value does not exist ( HKLM C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation) )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download with &DAP]
@ = C:\Program Files\DAP\dapextie.htm ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP]
@ = C:\Program Files\DAP\dapextie2.htm ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel]
@ = 000 (File not found)

>>>>> Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{2F5AC606-70CF-461C-BFE1-734234536262} = DisplayCplExt Class ( HKLM = C:\Program Files\WindowBlinds\wbui.dll (Stardock.Net, Inc) )
{32683183-48a0-441b-a342-7c2a440a9478} = Media Band ( CLSID not found! )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( CLSID not found! )
{52B87208-9CCF-42C9-B88E-069281105805} = Trojan Remover Shell Extension ( CLSID not found! )
{6EE51AA0-77A0-11D7-B4E1-000347126E46} = Window Washer Shell Shredding Utility ( HKLM = C:\Program Files\Common Files\Webroot Shared\ShellWash.dll (Webroot Software) )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} = SampleView ( HKLM = C:\WINDOWS\system32\ShellvRTF.dll (XSS) )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG7 Shell Extension Class ( HKLM = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} = AVG7 Find Extension Class ( HKLM = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) )
{A4DF5659-0801-4A60-9607-1C48695EFDA9} = Share-to-Web Upload Folder ( HKLM = c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wns.dll (Hewlett-Packard) )
{A70C977A-BF00-412C-90B7-034C51DA2439} = DesktopContext Class ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes ( HKLM = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.) )
{E0D79304-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79305-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79306-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79307-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = TrojanHunter Menu Shell Extension ( CLSID not found! )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealOne Player\rpplugins\ierpplug.dll (RealNetworks) )
{FFB699E0-306A-11d3-8BD1-00104B6F7516} = NVIDIA CPL Extension ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}]
- SASContextMenu Class ( HKLM = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Washer]
@ = {6EE51AA0-77A0-11D7-B4E1-000347126E46} ( HKLM = C:\Program Files\Common Files\Webroot Shared\ShellWash.dll (Webroot Software) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}]
- SASContextMenu Class ( HKLM = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\Washer]
@ = {6EE51AA0-77A0-11D7-B4E1-000347126E46} ( HKLM = C:\Program Files\Common Files\Webroot Shared\ShellWash.dll (Webroot Software) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\00nView]
@ = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} ( HKLM = C:\WINDOWS\system32\nvshell.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\igfxcui]
@ = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} ( HKLM = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\NvCplDesktopContext]
@ = {A70C977A-BF00-412C-90B7-034C51DA2439} ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\Washer]
@ = {6EE51AA0-77A0-11D7-B4E1-000347126E46} ( HKLM = C:\Program Files\Common Files\Webroot Shared\ShellWash.dll (Webroot Software) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

>>>>> User Agent Post Platform <<<<<

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11C25FA2-EE28-4C8D-AD3D-0940E24914AC}] ( Realtek RTL8139 Family PCI Fast Ethernet NIC )
DefaultGateway =
DhcpIPAddress = 10.1.1.3
DhcpServer = 10.1.1.1
DhcpSubnetMask = 255.0.0.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B738101E-7E19-450C-9EFC-1570085E3981}]
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DB04707B-E6D4-4877-B60B-C022800D02D5}] ( 1394 Net Adapter )
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Protocol Handlers <<<<<

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{80DD2229-B8E4-4C77-B72F-F22972D723EA}\DownloadInformation]
CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab
INF = C:\WINDOWS\Downloaded Program Files\bitdefender.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}\DownloadInformation]
CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation]
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
INF = C:\WINDOWS\Downloaded Program Files\asinst.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B9191F79-5613-4C76-AA2A-398534BB8999}\DownloadInformation]
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/products/plugin/1.3.1/...-131_04-win.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

»»»»»»»»»»»»»»»»»»»» Files Created Within 30 Days »»»»»»»»»»»»»

C:\hiberfil.sys [Ver = | Size = 267964416 bytes | Created Date = 2/01/1601 12:00:00 p.m. | Attr = HS]
C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk [Ver = | Size = 860 bytes | Created Date = 21/02/2007 10:53:20 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\avgas-setup-7.5.0.50.exe [Ver = | Size = 6469352 bytes | Created Date = 21/02/2007 10:22:47 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\bfu.zip [Ver = | Size = 62862 bytes | Created Date = 21/02/2007 10:24:19 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\cbr maintenance5.pdf [Ver = | Size = 660499 bytes | Created Date = 20/02/2007 9:06:07 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\fix.doc [Ver = | Size = 29184 bytes | Created Date = 22/02/2007 9:48:19 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\Meenal and I.lnk [Ver = | Size = 643 bytes | Created Date = 31/01/2007 10:34:21 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\regfix.reg [Ver = | Size = 2163 bytes | Created Date = 22/02/2007 4:31:17 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\winpfind.exe [Ver = | Size = 262159 bytes | Created Date = 20/02/2007 11:42:49 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\~$fix.doc [Ver = | Size = 162 bytes | Created Date = 22/02/2007 4:39:10 p.m. | Attr = H ]
C:\WINDOWS\imsins.BAK [Ver = | Size = 1374 bytes | Created Date = 19/02/2007 4:50:23 p.m. | Attr = ]
C:\WINDOWS\System32\asuninst.exe Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 8/02/2007 12:11:09 a.m. | Attr = ]
C:\WINDOWS\System32\d3d9caps.dat [Ver = | Size = 664 bytes | Created Date = 25/01/2007 9:40:13 a.m. | Attr = ]
C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Created Date = 8/02/2007 12:04:25 a.m. | Attr = ]
C:\WINDOWS\System32\java.exe Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Created Date = 7/02/2007 11:47:41 a.m. | Attr = ]
C:\WINDOWS\System32\javaw.exe Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Created Date = 7/02/2007 11:47:41 a.m. | Attr = ]
C:\WINDOWS\System32\javaws.exe Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Created Date = 7/02/2007 11:47:41 a.m. | Attr = ]
C:\WINDOWS\System32\nvapps.xml [Ver = | Size = 88566 bytes | Created Date = 26/01/2007 2:13:44 p.m. | Attr = ]
C:\WINDOWS\System32\nvdisp.nvu [Ver = | Size = 17056 bytes | Created Date = 26/01/2007 2:13:41 p.m. | Attr = ]
C:\WINDOWS\System32\nvudisp.exe NVIDIA Corporation [Ver = 1 , 0 , 1 , 55 | Size = 208896 bytes | Created Date = 26/01/2007 2:13:40 p.m. | Attr = ]
C:\WINDOWS\System32\NVUNINST.EXE NVIDIA Corporation [Ver = 1 , 0 , 1 , 55 | Size = 208896 bytes | Created Date = 26/01/2007 2:12:43 p.m. | Attr = ]
C:\WINDOWS\System32\pavas.ico [Ver = | Size = 30590 bytes | Created Date = 8/02/2007 12:04:17 a.m. | Attr = ]
C:\WINDOWS\System32\secupd.dat [Ver = | Size = 4569 bytes | Created Date = 4/02/2007 11:31:46 a.m. | Attr = ]
C:\WINDOWS\System32\secupd.sig [Ver = | Size = 7208 bytes | Created Date = 4/02/2007 11:31:46 a.m. | Attr = ]
C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Created Date = 8/02/2007 12:04:26 a.m. | Attr = ]
C:\WINDOWS\System32\ZPORT4AS.dll [Ver = | Size = 11776 bytes | Created Date = 8/02/2007 12:11:08 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\AvgAsCln.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 21/02/2007 10:53:00 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\netwlan5.img [Ver = | Size = 67866 bytes | Created Date = 4/02/2007 11:31:46 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 7/02/2007 12:02:48 p.m. | Attr = ]

»»»»»»»»»»»»»»»»»»»» Files Modified Within 30 Days »»»»»»»»»»»»»

C:\boot.ini [Ver = | Size = 281 bytes | Modified Date = 7/02/2007 10:55:46 a.m. | Attr = RHS]
C:\hiberfil.sys [Ver = | Size = 267964416 bytes | Modified Date = 22/02/2007 5:33:16 p.m. | Attr = HS]
C:\NTDETECT.COM [Ver = | Size = 47564 bytes | Modified Date = 4/02/2007 1:03:52 p.m. | Attr = RHS]
C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 159232 bytes | Modified Date = 5/02/2007 3:46:50 p.m. | Attr = ]
C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 36776 bytes | Modified Date = 4/02/2007 3:24:12 p.m. | Attr = ]
C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [Ver = | Size = 1580148 bytes | Modified Date = 12/02/2007 3:14:52 a.m. | Attr = H ]
C:\Documents and Settings\Owner\My Documents\Angela Christina's CV.doc [Ver = | Size = 35328 bytes | Modified Date = 7/02/2007 9:42:30 p.m. | Attr = ]
C:\Documents and Settings\Owner\My Documents\desktop.ini [Ver = | Size = 76 bytes | Modified Date = 5/02/2007 12:20:50 p.m. | Attr = HS]
C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk [Ver = | Size = 860 bytes | Modified Date = 21/02/2007 11:53:22 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\avgas-setup-7.5.0.50.exe [Ver = | Size = 6469352 bytes | Modified Date = 21/02/2007 11:44:20 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\bfu.zip [Ver = | Size = 62862 bytes | Modified Date = 21/02/2007 11:24:42 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\cbr maintenance5.pdf [Ver = | Size = 660499 bytes | Modified Date = 20/02/2007 10:08:10 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\fix.doc [Ver = | Size = 29184 bytes | Modified Date = 22/02/2007 10:48:22 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\Meenal and I.lnk [Ver = | Size = 643 bytes | Modified Date = 31/01/2007 11:34:22 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk [Ver = | Size = 2483 bytes | Modified Date = 22/02/2007 10:47:14 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\regfix.reg [Ver = | Size = 2163 bytes | Modified Date = 22/02/2007 5:31:18 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\winpfind.exe [Ver = | Size = 262159 bytes | Modified Date = 20/02/2007 12:43:36 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\~$fix.doc [Ver = | Size = 162 bytes | Modified Date = 22/02/2007 5:39:12 p.m. | Attr = H ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 22/02/2007 5:33:26 p.m. | Attr = S]
C:\WINDOWS\imsins.BAK [Ver = | Size = 1374 bytes | Modified Date = 19/02/2007 5:53:56 p.m. | Attr = ]
C:\WINDOWS\mozver.dat [Ver = | Size = 7114 bytes | Modified Date = 17/02/2007 12:52:34 a.m. | Attr = ]
C:\WINDOWS\system.ini [Ver = | Size = 282 bytes | Modified Date = 7/02/2007 10:55:46 a.m. | Attr = ]
C:\WINDOWS\win.ini [Ver = | Size = 413 bytes | Modified Date = 8/02/2007 2:52:36 a.m. | Attr = ]
C:\WINDOWS\winamp.ini [Ver = | Size = 1125 bytes | Modified Date = 16/02/2007 10:30:36 p.m. | Attr = ]
C:\WINDOWS\WMSysPr9.prx [Ver = | Size = 316640 bytes | Modified Date = 4/02/2007 3:14:38 p.m. | Attr = ]
C:\WINDOWS\System32\amcompat.tlb [Ver = | Size = 16832 bytes | Modified Date = 26/01/2007 12:18:22 p.m. | Attr = ]
C:\WINDOWS\System32\d3d9caps.dat [Ver = | Size = 664 bytes | Modified Date = 25/01/2007 10:40:14 a.m. | Attr = ]
C:\WINDOWS\System32\FNTCACHE.DAT [Ver = | Size = 165912 bytes | Modified Date = 4/02/2007 3:11:50 p.m. | Attr = ]
C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Modified Date = 8/02/2007 2:15:54 a.m. | Attr = ]
C:\WINDOWS\System32\nscompat.tlb [Ver = | Size = 23392 bytes | Modified Date = 26/01/2007 12:18:22 p.m. | Attr = ]
C:\WINDOWS\System32\nvapps.xml [Ver = | Size = 88566 bytes | Modified Date = 22/02/2007 5:35:26 p.m. | Attr = ]
C:\WINDOWS\System32\pavas.ico [Ver = | Size = 30590 bytes | Modified Date = 8/02/2007 2:15:52 a.m. | Attr = ]
C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 46080 bytes | Modified Date = 14/02/2007 11:32:24 a.m. | Attr = ]
C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 365076 bytes | Modified Date = 14/02/2007 11:32:24 a.m. | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 416732 bytes | Modified Date = 14/02/2007 11:32:22 a.m. | Attr = ]
C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Modified Date = 8/02/2007 2:15:54 a.m. | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 1158 bytes | Modified Date = 19/02/2007 11:49:20 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Modified Date = 14/02/2007 2:11:28 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 27776 bytes | Modified Date = 14/02/2007 2:11:30 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Modified Date = 14/02/2007 2:11:28 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 7/02/2007 12:53:50 p.m. | Attr = ]

»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
@Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\Thumbs.db:encryptable (0 bytes)
[aspack , FSG! , PEC2 , PTech , SAHAgent , UPX! , UPX0 , winsync , WSUD , ]C:\Documents and Settings\Owner\Desktop\WinPFind.Txt ()
[UPX! , UPX0 , ]C:\WINDOWS\daemon.dll ()
[UPX! , UPX0 , ]C:\WINDOWS\epuninstall.exe ()
@Alternate Data Stream - C:\WINDOWS\Thumbs.db:encryptable (0 bytes)
[UPX! , UPX0 , ]C:\WINDOWS\Unwash5.exe ()
[WSUD , ]C:\WINDOWS\System32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
[SAHAgent , ]C:\WINDOWS\System32\bln02nqv.ini ()
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[SAHAgent , ]C:\WINDOWS\System32\gah95on6.ini ()
[aspack , ]C:\WINDOWS\System32\jesterss.dll ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\MACDec.dll (Matthew T. Ashland)
[UPX! , UPX0 , ]C:\WINDOWS\System32\MonkeySource.ax ()
@Alternate Data Stream - C:\WINDOWS\System32\Thumbs.db:encryptable (0 bytes)
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[aspack , FSG! , PEC2 , UPX! , ]C:\WINDOWS\System32\drivers\avg7core.sys (GRISOFT, s.r.o.)
[PTech , ]C:\WINDOWS\System32\drivers\mtlstrm.sys (Smart Link)

< End of report >


The AVG scan only came up with tracking cookies mostly... so i don't know if that's crucial to the problem i'm having.. u be the judge :thumbsup:

#13 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:10:22 AM

Posted 23 February 2007 - 06:10 AM

It seems the registry hasn't been modified. Have you rebooted after merging the registry file? Can you please post the contents of the reg file you created? (right click it, and choose edit, select all and paste it here.)

#14 r1ckst4

r1ckst4
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 24 February 2007 - 08:22 PM

Hey YounGun... i ran the RegFix again coz i think i forgot to reboot that day but here's the fresh Winpfind report :thumbsup:


WinPFind logfile created on: 25/02/2007 1:53:49 p.m.
WinPFind by OldTimer - v2.0.1 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind\

»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 7.0.5730.11

»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

261612 Kb Total Physical Memory | 144220 Kb Available Physical Memory | 55.13% Memory free
831300 Kb Paging File | 614532 Kb Available in Paging File | 73.92% Paging File free
Paging file location: C:\pagefile.sys 576 576

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33575848 Kb Total Space | 4735204 Kb Free Space | 14.10% Space Free
Drive D: | 5531572 Kb Total Space | 741948 Kb Free Space | 13.41% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

C:\Documents and Settings\Owner\Desktop\WinPFind\WinPFind.exe ()
C:\mysql\bin\mysqld-nt.exe ()
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG Free\avgcc.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG Free\avgemc.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
C:\Program Files\WindowBlinds\wbload.exe (Stardock Systems, Inc)
C:\WINDOWS\NCLAUNCH.EXe (Northcode Inc.)
C:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
C:\WINDOWS\system32\HpSrvUI.exe (Hewlett-Packard Co.)
C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG Free\avgamsvr.exe (GRISOFT, s.r.o.)

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG Free\avgupsvc.exe (GRISOFT, s.r.o.)

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG Free\avgemc.exe (GRISOFT, s.r.o.)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

(iPodService) iPodService [Win32_Own | On_Demand | Stopped]
= C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)

(MySql) MySql [Win32_Own | Auto | Running]
= C:\mysql\bin\mysqld-nt.exe ()

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running]
= C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running]
= C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running]
= C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVG7_CC = C:\Program Files\Grisoft\AVG Free\avgcc.exe (GRISOFT, s.r.o.)
hp Silent Service = C:\WINDOWS\system32\HpSrvUI.exe (Hewlett-Packard Co.)
hpScannerFirstBoot = c:\hp\drivers\scanners\scannerfb.exe (Hewlett-Packard Co.)
hpsysdrv = c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
NvCplDaemon = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
Recguard = C:\WINDOWS\SMINST\Recguard.exe ()
regcmdcons = c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd (File not found)
SmcService = C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NCLaunch = C:\WINDOWS\NCLAUNCH.EXe (Northcode Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1

< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

< User Startup Folder = C:\Documents and Settings\Owner\Start Menu\Programs\Startup >
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini ()

>>>>> MsConfig Disabled Items <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup = C:\WINDOWS\pss\Adobe Gamma Loader.lnk (File not found)
location = Common Startup
command = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
item = Adobe Gamma Loader

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
backup = C:\WINDOWS\pss\GStartup.lnk (File not found)
location = Common Startup
item = GStartup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup = C:\WINDOWS\pss\Microsoft Office.lnk (File not found)
location = Common Startup
item = Microsoft Office

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
backup = C:\WINDOWS\pss\Updates from HP.lnk (File not found)
location = Common Startup
command = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe ()
item = Updates from HP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup = C:\WINDOWS\pss\WinZip Quick Pick.lnk (File not found)
location = Common Startup
command = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
item = WinZip Quick Pick

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcxMonitor]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
hkey = HKLM
command = C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AltnetPointsManager]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Points Manager
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Ares
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ashMaiSv]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = ashmaisv
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CamMonitor]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = hpqcmon
hkey = HKLM
command = c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = CloneCDTray
hkey = HKLM
command = C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CMESys]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = CMESys
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools-1033]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\daemon.dll ()
hkey = HKLM
command = C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gah95on6]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = gah95on6
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
hkey = HKLM
command = C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = iTunesHelper
hkey = HKLM
command = C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KBD]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = KBD
hkey = HKLM
command = C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = dumprep 0 -k
hkey = HKLM
command = %systemroot%\system32\dumprep 0 -k
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = MediaAccK
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MessengerPlus3]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = MsgPlus
hkey = HKLM
command = C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Tray]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Games (1)
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Mirabilis ICQ]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = ICQNet
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyAgent]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = mnyexpr
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = msmsgs
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnappau]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = msnappau
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
hkey = HKLM
command = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\nwiz.exe ()
hkey = HKLM
command = C:\WINDOWS\system32\nwiz.exe ()
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\P2P Networking]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PS2]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
hkey = HKLM
command = C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\qncreb]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = qncreb
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = qttask
hkey = HKLM
command = C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegistryMechanic]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item =
hkey = HKLM
command =
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Reminder]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Remind_XP
hkey = HKLM
command = C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\salm]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = salm
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Share-to-Web Namespace Daemon]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = hpgs2wnd
hkey = HKLM
command = c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SNPMI03]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\vsnpmi03.exe ()
hkey = HKLM
command = C:\WINDOWS\vsnpmi03.exe ()
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StorageGuard]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = sgtray
hkey = HKLM
command = C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = jusched
hkey = HKLM
command = C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SurfAccuracy]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = SAcc
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = SNDMon
hkey = HKLM
command = C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = evntsvc
hkey = HKLM
command = C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe (RealNetworks, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updmgr]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = updmgr
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\warez]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = warez
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\wcmdmgr]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = wcmdmgrl
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = WebRebates0
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebSavingsfromEbates]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = WebSavingsfromEbates"
hkey = HKLM
command = wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Window Washer]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = wwDisp
hkey = HKCU
command = C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Automation]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = mslaugh
hkey = HKLM
command = mslaugh.exe
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinPatrol]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = WinPatrol
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = ypager
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = gnotify
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
system.ini = 0
win.ini = 0
bootini = 0
services = 0
startup = 2

>>>>> Disabled Startup Folder Items <<<<<

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = AVG Anti-Spyware 7.5 ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.) )
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = ( HKLM = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) )


>>>>> Security Providers <<<<<

>>>>> Winlogon Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
Control_RunDLL (File not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
DllName = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
DllName = C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
DllName = C:\Program Files\WindowBlinds\fastload.dll (Stardock)

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\WINDOWS\1 ()
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = C:\WINDOWS\1 ()
undockwithoutlogon = C:\WINDOWS\1 ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 145

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home

>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 734 bytes | Modified Date: 20/04/2004 3:06:36 a.m.)
127.0.0.1 localhost

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.google.co.nz/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
- ( HKLM = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

>>>>> Bars, Toolbars and Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit ( HKLM = C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\ShellBrowser]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit ( HKLM = C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit ( HKLM = C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company) )
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} = 8193 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8195 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8196

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
MenuText = Sun Java Console
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKLM C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.) )
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKCU C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}]
ButtonText = MoneySide
ClsidExtension = {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - Reg Data - Value does not exist ( HKLM C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation) )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download with &DAP]
@ = C:\Program Files\DAP\dapextie.htm ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download &all with DAP]
@ = C:\Program Files\DAP\dapextie2.htm ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel]
@ = 000 (File not found)

>>>>> Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{2F5AC606-70CF-461C-BFE1-734234536262} = DisplayCplExt Class ( HKLM = C:\Program Files\WindowBlinds\wbui.dll (Stardock.Net, Inc) )
{32683183-48a0-441b-a342-7c2a440a9478} = Media Band ( CLSID not found! )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( CLSID not found! )
{52B87208-9CCF-42C9-B88E-069281105805} = Trojan Remover Shell Extension ( CLSID not found! )
{6EE51AA0-77A0-11D7-B4E1-000347126E46} = Window Washer Shell Shredding Utility ( HKLM = C:\Program Files\Common Files\Webroot Shared\ShellWash.dll (Webroot Software) )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} = SampleView ( HKLM = C:\WINDOWS\system32\ShellvRTF.dll (XSS) )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG7 Shell Extension Class ( HKLM = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} = AVG7 Find Extension Class ( HKLM = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) )
{A4DF5659-0801-4A60-9607-1C48695EFDA9} = Share-to-Web Upload Folder ( HKLM = c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wns.dll (Hewlett-Packard) )
{A70C977A-BF00-412C-90B7-034C51DA2439} = DesktopContext Class ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes ( HKLM = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.) )
{E0D79304-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79305-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79306-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79307-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = TrojanHunter Menu Shell Extension ( CLSID not found! )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealOne Player\rpplugins\ierpplug.dll (RealNetworks) )
{FFB699E0-306A-11d3-8BD1-00104B6F7516} = NVIDIA CPL Extension ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}]
- SASContextMenu Class ( HKLM = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Washer]
@ = {6EE51AA0-77A0-11D7-B4E1-000347126E46} ( HKLM = C:\Program Files\Common Files\Webroot Shared\ShellWash.dll (Webroot Software) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}]
- SASContextMenu Class ( HKLM = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\Washer]
@ = {6EE51AA0-77A0-11D7-B4E1-000347126E46} ( HKLM = C:\Program Files\Common Files\Webroot Shared\ShellWash.dll (Webroot Software) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\00nView]
@ = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} ( HKLM = C:\WINDOWS\system32\nvshell.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\igfxcui]
@ = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} ( HKLM = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\NvCplDesktopContext]
@ = {A70C977A-BF00-412C-90B7-034C51DA2439} ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\Washer]
@ = {6EE51AA0-77A0-11D7-B4E1-000347126E46} ( HKLM = C:\Program Files\Common Files\Webroot Shared\ShellWash.dll (Webroot Software) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

>>>>> User Agent Post Platform <<<<<

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11C25FA2-EE28-4C8D-AD3D-0940E24914AC}] ( Realtek RTL8139 Family PCI Fast Ethernet NIC )
DefaultGateway =
DhcpIPAddress = 10.1.1.3
DhcpServer = 10.1.1.1
DhcpSubnetMask = 255.0.0.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B738101E-7E19-450C-9EFC-1570085E3981}]
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DB04707B-E6D4-4877-B60B-C022800D02D5}] ( 1394 Net Adapter )
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Protocol Handlers <<<<<

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{80DD2229-B8E4-4C77-B72F-F22972D723EA}\DownloadInformation]
CODEBASE = http://www.bitdefender.com/scan/Msie/bitdefender.cab
INF = C:\WINDOWS\Downloaded Program Files\bitdefender.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}\DownloadInformation]
CODEBASE = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation]
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
INF = C:\WINDOWS\Downloaded Program Files\asinst.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B9191F79-5613-4C76-AA2A-398534BB8999}\DownloadInformation]
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/products/plugin/1.3.1/...-131_04-win.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

»»»»»»»»»»»»»»»»»»»» Files Created Within 30 Days »»»»»»»»»»»»»

C:\hiberfil.sys [Ver = | Size = 267964416 bytes | Created Date = 2/01/1601 12:00:00 p.m. | Attr = HS]
C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk [Ver = | Size = 860 bytes | Created Date = 21/02/2007 10:53:20 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\avgas-setup-7.5.0.50.exe [Ver = | Size = 6469352 bytes | Created Date = 21/02/2007 10:22:47 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\bfu.zip [Ver = | Size = 62862 bytes | Created Date = 21/02/2007 10:24:19 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\cbr maintenance5.pdf [Ver = | Size = 660499 bytes | Created Date = 20/02/2007 9:06:07 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\fix.doc [Ver = | Size = 29184 bytes | Created Date = 22/02/2007 9:48:19 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\Meenal and I.lnk [Ver = | Size = 643 bytes | Created Date = 31/01/2007 10:34:21 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\regfix.reg [Ver = | Size = 2163 bytes | Created Date = 22/02/2007 4:31:17 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\winpfind.exe [Ver = | Size = 262159 bytes | Created Date = 20/02/2007 11:42:49 a.m. | Attr = ]
C:\WINDOWS\imsins.BAK [Ver = | Size = 1374 bytes | Created Date = 19/02/2007 4:50:23 p.m. | Attr = ]
C:\WINDOWS\System32\asuninst.exe Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 8/02/2007 12:11:09 a.m. | Attr = ]
C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Created Date = 8/02/2007 12:04:25 a.m. | Attr = ]
C:\WINDOWS\System32\java.exe Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Created Date = 7/02/2007 11:47:41 a.m. | Attr = ]
C:\WINDOWS\System32\javaw.exe Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Created Date = 7/02/2007 11:47:41 a.m. | Attr = ]
C:\WINDOWS\System32\javaws.exe Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Created Date = 7/02/2007 11:47:41 a.m. | Attr = ]
C:\WINDOWS\System32\pavas.ico [Ver = | Size = 30590 bytes | Created Date = 8/02/2007 12:04:17 a.m. | Attr = ]
C:\WINDOWS\System32\secupd.dat [Ver = | Size = 4569 bytes | Created Date = 4/02/2007 11:31:46 a.m. | Attr = ]
C:\WINDOWS\System32\secupd.sig [Ver = | Size = 7208 bytes | Created Date = 4/02/2007 11:31:46 a.m. | Attr = ]
C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Created Date = 8/02/2007 12:04:26 a.m. | Attr = ]
C:\WINDOWS\System32\ZPORT4AS.dll [Ver = | Size = 11776 bytes | Created Date = 8/02/2007 12:11:08 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\AvgAsCln.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 21/02/2007 10:53:00 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\netwlan5.img [Ver = | Size = 67866 bytes | Created Date = 4/02/2007 11:31:46 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 7/02/2007 12:02:48 p.m. | Attr = ]

»»»»»»»»»»»»»»»»»»»» Files Modified Within 30 Days »»»»»»»»»»»»»

C:\boot.ini [Ver = | Size = 281 bytes | Modified Date = 7/02/2007 10:55:46 a.m. | Attr = RHS]
C:\hiberfil.sys [Ver = | Size = 267964416 bytes | Modified Date = 25/02/2007 12:45:58 p.m. | Attr = HS]
C:\NTDETECT.COM [Ver = | Size = 47564 bytes | Modified Date = 4/02/2007 1:03:52 p.m. | Attr = RHS]
C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 159232 bytes | Modified Date = 5/02/2007 3:46:50 p.m. | Attr = ]
C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 36776 bytes | Modified Date = 4/02/2007 3:24:12 p.m. | Attr = ]
C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [Ver = | Size = 1580148 bytes | Modified Date = 12/02/2007 3:14:52 a.m. | Attr = H ]
C:\Documents and Settings\Owner\My Documents\Angela Christina's CV.doc [Ver = | Size = 35328 bytes | Modified Date = 7/02/2007 9:42:30 p.m. | Attr = ]
C:\Documents and Settings\Owner\My Documents\desktop.ini [Ver = | Size = 76 bytes | Modified Date = 5/02/2007 12:20:50 p.m. | Attr = HS]
C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk [Ver = | Size = 860 bytes | Modified Date = 21/02/2007 11:53:22 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\avgas-setup-7.5.0.50.exe [Ver = | Size = 6469352 bytes | Modified Date = 21/02/2007 11:44:20 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\bfu.zip [Ver = | Size = 62862 bytes | Modified Date = 21/02/2007 11:24:42 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\cbr maintenance5.pdf [Ver = | Size = 660499 bytes | Modified Date = 20/02/2007 10:08:10 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\fix.doc [Ver = | Size = 29184 bytes | Modified Date = 22/02/2007 10:48:22 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\Meenal and I.lnk [Ver = | Size = 643 bytes | Modified Date = 31/01/2007 11:34:22 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk [Ver = | Size = 2483 bytes | Modified Date = 22/02/2007 10:47:14 a.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\regfix.reg [Ver = | Size = 2163 bytes | Modified Date = 22/02/2007 5:31:18 p.m. | Attr = ]
C:\Documents and Settings\Owner\Desktop\winpfind.exe [Ver = | Size = 262159 bytes | Modified Date = 20/02/2007 12:43:36 p.m. | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 25/02/2007 12:46:08 p.m. | Attr = S]
C:\WINDOWS\imsins.BAK [Ver = | Size = 1374 bytes | Modified Date = 19/02/2007 5:53:56 p.m. | Attr = ]
C:\WINDOWS\mozver.dat [Ver = | Size = 7114 bytes | Modified Date = 17/02/2007 12:52:34 a.m. | Attr = ]
C:\WINDOWS\system.ini [Ver = | Size = 282 bytes | Modified Date = 7/02/2007 10:55:46 a.m. | Attr = ]
C:\WINDOWS\win.ini [Ver = | Size = 413 bytes | Modified Date = 8/02/2007 2:52:36 a.m. | Attr = ]
C:\WINDOWS\winamp.ini [Ver = | Size = 1125 bytes | Modified Date = 16/02/2007 10:30:36 p.m. | Attr = ]
C:\WINDOWS\WMSysPr9.prx [Ver = | Size = 316640 bytes | Modified Date = 4/02/2007 3:14:38 p.m. | Attr = ]
C:\WINDOWS\System32\FNTCACHE.DAT [Ver = | Size = 165912 bytes | Modified Date = 4/02/2007 3:11:50 p.m. | Attr = ]
C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Modified Date = 8/02/2007 2:15:54 a.m. | Attr = ]
C:\WINDOWS\System32\nvapps.xml [Ver = | Size = 88566 bytes | Modified Date = 25/02/2007 12:48:06 p.m. | Attr = ]
C:\WINDOWS\System32\pavas.ico [Ver = | Size = 30590 bytes | Modified Date = 8/02/2007 2:15:52 a.m. | Attr = ]
C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 46080 bytes | Modified Date = 14/02/2007 11:32:24 a.m. | Attr = ]
C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 365076 bytes | Modified Date = 14/02/2007 11:32:24 a.m. | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 416732 bytes | Modified Date = 14/02/2007 11:32:22 a.m. | Attr = ]
C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Modified Date = 8/02/2007 2:15:54 a.m. | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 1158 bytes | Modified Date = 19/02/2007 11:49:20 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Modified Date = 14/02/2007 2:11:28 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 27776 bytes | Modified Date = 14/02/2007 2:11:30 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Modified Date = 14/02/2007 2:11:28 a.m. | Attr = ]
C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 7/02/2007 12:53:50 p.m. | Attr = ]

»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
@Alternate Data Stream - C:\Documents and Settings\Owner\Desktop\Thumbs.db:encryptable (0 bytes)
[aspack , FSG! , PEC2 , PTech , SAHAgent , UPX! , UPX0 , winsync , WSUD , ]C:\Documents and Settings\Owner\Desktop\WinPFind.Txt ()
[aspack , FSG! , PEC2 , PTech , SAHAgent , UPX! , UPX0 , winsync , WSUD , ]C:\Documents and Settings\Owner\Desktop\WinPFind2.txt ()
[UPX! , UPX0 , ]C:\WINDOWS\daemon.dll ()
[UPX! , UPX0 , ]C:\WINDOWS\epuninstall.exe ()
@Alternate Data Stream - C:\WINDOWS\Thumbs.db:encryptable (0 bytes)
[UPX! , UPX0 , ]C:\WINDOWS\Unwash5.exe ()
[WSUD , ]C:\WINDOWS\System32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
[SAHAgent , ]C:\WINDOWS\System32\bln02nqv.ini ()
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[SAHAgent , ]C:\WINDOWS\System32\gah95on6.ini ()
[aspack , ]C:\WINDOWS\System32\jesterss.dll ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\MACDec.dll (Matthew T. Ashland)
[UPX! , UPX0 , ]C:\WINDOWS\System32\MonkeySource.ax ()
@Alternate Data Stream - C:\WINDOWS\System32\Thumbs.db:encryptable (0 bytes)
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[aspack , FSG! , PEC2 , UPX! , ]C:\WINDOWS\System32\drivers\avg7core.sys (GRISOFT, s.r.o.)
[PTech , ]C:\WINDOWS\System32\drivers\mtlstrm.sys (Smart Link)

< End of report >


and this is the content of the reg file:

REGEDIT 4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcxMonitor]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AltnetPointsManager]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CMESys]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gah95on6]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\P2P Networking]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\qncreb]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\salm]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SNPMI03]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SurfAccuracy]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updmgr]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\warez]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebSavingsfromEbates]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Automation]


hope that helps :flowers:

#15 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:10:22 AM

Posted 25 February 2007 - 06:56 AM

Heya

It seems that you have disabled some start-up entries from the msconfig panel. I need you to go there again (start > run > msconfig) and re-check all the entries you have there, so they will be enabled again and we can properly remove them.

After you have done that, post a new hijackthis log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users