Win32.softomate does not go HIGH RISK please help!

Here is something connected to my problem, everytime I shutdown ZA and then try and access any program or windows explorer it will come up with a message saying "could not access program not enough free memory please close one or more programs" it will say something close to that.
Why would it do that?
What makes it worse is I cant shut down pc i have to pull the damn plug out.
please help.
this could be related to the problems

 

Hey BluRay,

Don't worry, your in safe hands.

I can't solve your ZA issues, I personally dumped it a while ago, for issues similer to yours, these people will aid you with your ZA woes:

http://forum.zonelabs.org/zonelabs

First, please boot into safe mode.

How to boot into safe mode

http://www.pchell.com/support/safemode.shtml

Now, we need to show all hidden files and folders

Read HERE

Please navigate to Windows Explorer -(open it up via Start> All Programs > Accessories) and locate + delete the following files or folders listed in bold:

>-----

C:\WINDOWS\system32\actskn45.ocx

>-----

*Please note anything you were not able to find or delete!


HJT isn't showing anything else out of place, I still have some ideas..

*Open HJT.

*Select Misc tools

*Select Generate Startup List

Let it scan for a second or two, post the log here.

 

ok i am going to do what you said.

just some info that might help, could this prob be related to windows messenger?
because i uninstaalled it a few days back before this crisis.
might sound stupid, but many people have claimed to have problems after they uninstalled or got rid off, should i say, windows messenger.

 

Hey BluRay,

You should not remove Windows Messenger, if you disable it via services.msc or msconfig it will never bother you, but if you remove it you won't be able to use stuff like remote assitance, which do you mean?

I doubt thats where your problems are anyway, we'll have to get you to post a winPFind log, when you have done the step you are currenly working on that will be out next.

Just have patience and co operation and we'll have you sorted in no time!

Hang in there.

-Rav

 

Thank You Rav for suppporting me.

Things have taken a turn for the better, I got my ZA problem fixed I have windows messenger back, and the threat seems to have gone.
What I did was, this by the way is before I read your post on booting up in safe mode, so its not that I ignored your advice, please dont take it the wrong way. I created a new user account, with administrative privelidges and then using the new account I deleted the old account and all its files, which was kind of a p*** taker because it had a 56% completion of a 29gb file download, on it.
Ever since I did that and then getting windows messenger back everything seems to be ok, infact if you want I will post up a new HJT, Ewido, Ad-Aware and Spybot SD log, if you like?
At the moment everything seems to be fine, but there is still one problem, but thats for another thread, as I dont think it is related to win.32.softomate.
Rav THANK YOU for your support, I dont think I would have fixed this problem without you, there is one more thing I do need to know though, that step I missed out on, the on with find and delete a certain file after booting up in safe mode, does that still need to be done?

Kind Regards, BluRay.

ps. I owe you a favour.

 

Hey BluRay

Your welcome buddy, if you want to post up a new HJT to see if your still all clear, that would'nt be a problem, you can do it in this thread if you like.

That file does need to be deleted, I urge you to so

I'm glad you were able to solve it and thank you for your co-operation.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

*Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re enable system restore here:
Managing Windows Millennium System Restore
or
Windows XP System Restore Guide
re-enable system restore with instructions from tutorial above.

*Re hide your system files. To do so, please follow the steps below:

*Double-click My Computer.
*Click the Tools menu, and then click Folder Options.
*Click the View tab.
*Put a check by "Hide file extensions for known file types."
*Under the "Hidden files" folder, select "Do not show hidden files and folders."
* Check "Hide protected operating system files."
*Click Apply, and then click OK.


Make your Internet Explorer more secure - This can be done by following these simple instructions:

*From within Internet Explorer click on the Tools menu and then click on Options.
*Click once on the Security tab
*Click once on the Internet icon so it becomes highlighted.
*Click once on the Custom Level button.

*Change the Download signed ActiveX controls to Prompt
*Change the Download unsigned ActiveX controls to Disable
*Change the Initialise and script ActiveX controls not marked as safe to Disable
*Change the Installation of desktop items to Prompt
*Change the Launching programs and files in an IFRAME to Prompt
*Change the Navigate sub-frames across different domains to Prompt
*When all these settings have been made, click on the OK button.
*If it prompts you as to whether or not you want to save the settings, press the Yes button.


*Next press the Apply button and then the OK to exit the Internet Properties page.


*Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
Computer Safety On line - Anti-Virus
I recommend AVG Anti-Virus (Free Edition)!

*Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

*Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
Computer Safety On line - Software Firewalls
I recommend ZoneAlarm (Free Edition)!

*Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

*Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
Instructions for - Spybot S & D and Ad-aware

*Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
Instructions for - Spybot S & D and Ad-aware

*Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
Computer Safety on line - Anti-Malware

*Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.


May God be with you..

 

I cant fin the file actskn.ocx is it highlighted in blue by any chance?

I searched both in safe and normal mode.

what do i do now?

 

when you said find and delete actskn45.ocx, did you by any chance mean delete that and everything else with .ocx for an extension?
or anything that is highlighted bold?
oh and i did that HJT generate start up list log for you, its the post after this.

 

StartupList report, 11/09/2006, 18:16:05
StartupList version: 1.52.2
Started from : C:\Program Files\HJT\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\HJT\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\User\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ehTray = C:\WINDOWS\ehome\ehtray.exe
igfxtray = C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe
igfxpers = C:\WINDOWS\system32\igfxpers.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
IntelMeM = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
ISUSPM Startup = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
DLA = C:\WINDOWS\System32\DLA\DLACTRLW.EXE
Lexmark X1100 Series = "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
MSKDetectorExe = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
ShStatEXE = "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI = "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
Network Associates Error Reporting Service = "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
SpeedTouch USB Diagnostics = "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
NWEReboot =
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

DellSupport = "C:\Program Files\Dell Support\DSAgnt.exe" /startup
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /HideWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[>{B7E159FE-AAAD-4D37-AAEE-CABD9E742C82}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[KB910393] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{407408d4-94ed-4d86-ab69-a7f649d112ee}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser

[{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
StubPath = rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: *Registry value not found*
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\mcafee.com\mps\mcbrhlpr.dll - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E}
(no name) - c:\program files\mcafee.com\mps\popupkiller.dll - {3EC8255F-E043-4cae-8B3B-B191550C2A22}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\System32\DLA\DLASHX_W.DLL - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Trend Micro ActiveX Scan Agent 6.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll
CODEBASE = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

[{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157827580671

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\Zintro.ocx
CODEBASE = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

[{DECEAAA2-370A-49BB-9362-68C3A58DDC62}]
CODEBASE = http://static.zangocash.com/cab/Zan...17ae0d655d23:3e3654fb7f06cf939d3cafd35fff1431

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart)
USB ADSL WAN Adapter: system32\DRIVERS\adiusbaw.sys (manual start)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\DRIVERS\agp440.sys (disabled)
Compaq AGP Bus Filter: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)
SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): system32\DRIVERS\alcan5wn.sys (manual start)
SpeedTouch ADSL Modem ATM Transport: system32\DRIVERS\alcaudsl.sys (manual start)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\system32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled)
STK014 Camera: system32\DRIVERS\STK014W2.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
DLABOIOM: System32\DLA\DLABOIOM.SYS (autostart)
DLACDBHM: System32\Drivers\DLACDBHM.SYS (system)
DLADResN: System32\DLA\DLADResN.SYS (autostart)
DLAIFS_M: System32\DLA\DLAIFS_M.SYS (autostart)
DLAOPIOM: System32\DLA\DLAOPIOM.SYS (autostart)
DLAPoolM: System32\DLA\DLAPoolM.SYS (autostart)
DLARTL_N: System32\Drivers\DLARTL_N.SYS (system)
DLAUDFAM: System32\DLA\DLAUDFAM.SYS (autostart)
DLAUDF_M: System32\DLA\DLAUDF_M.SYS (autostart)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
DRVMCDB: System32\Drivers\DRVMCDB.SYS (system)
DRVNDDM: System32\Drivers\DRVNDDM.SYS (autostart)
Intel(R) PRO Network Connection Driver: system32\DRIVERS\e100b325.sys (manual start)
Media Center Receiver Service: C:\WINDOWS\eHome\ehRecvr.exe (autostart)
Media Center Scheduler Service: C:\WINDOWS\eHome\ehSched.exe (autostart)
EntDrv51: \??\C:\WINDOWS\system32\drivers\EntDrv51.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
ewido anti-spyware 4.0 driver: \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys (system)
ewido anti-spyware 4.0 guard: C:\Program Files\ewido anti-spyware 4.0\guard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Hauppauge WinTV PVR PCI II ([23|25|26]xxx): system32\DRIVERS\hcwPP2.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Infrared HID Driver: system32\DRIVERS\hidir.sys (manual start)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\ialmnt5.sys (manual start)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled)
IntelC51: system32\DRIVERS\IntelC51.sys (manual start)
IntelC52: system32\DRIVERS\IntelC52.sys (manual start)
IntelC53: system32\DRIVERS\IntelC53.sys (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
Infrared bus filter driver for eHome remote controls: system32\DRIVERS\IrBus.sys (manual start)
IrDA Protocol: system32\DRIVERS\irda.sys (autostart)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
Infrared Monitor: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
LMImirr: system32\DRIVERS\LMImirr.sys (manual start)
Macromedia Licensing Service: "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" (manual start)
McAfee Framework Service: C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart (autostart)
McAfee WSC Integration: c:\program files\mcafee.com\agent\mcdetect.exe (autostart)
Media Center Extender Service: C:\WINDOWS\ehome\mcrdsvc.exe (autostart)
Network Associates McShield: "C:\Program Files\Network Associates\VirusScan\mcshield.exe" (autostart)
Network Associates Task Manager: "C:\Program Files\Network Associates\VirusScan\vstskmgr.exe" (autostart)
McAfee Task Scheduler: c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (autostart)
McAfee SecurityCenter Update Manager: C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (manual start)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
MHN: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
MHN driver: system32\DRIVERS\mhndrv.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
mohfilt: system32\DRIVERS\mohfilt.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
NaiAvFilter1: system32\drivers\naiavf5x.sys (manual start)
NaiAvTdi1: system32\drivers\mvstdi5x.sys (system)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (IrDA): system32\DRIVERS\rasirda.sys (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
High-Capacity Floppy Disk Drive: system32\DRIVERS\sfloppy.sys (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
SigmaTel High Definition Audio CODEC: system32\drivers\sthda.sys (manual start)
SigmaTel USB-IrDA Dongle: system32\DRIVERS\irstusb.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{6F6160A9-C71A-4D34-91A0-5B9E71074979} (manual start)
symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled)
sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)
TosIde: \SystemRoot\system32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\system32\DRIVERS\ultra.sys (disabled)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (manual start)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
NETGEAR DG632 USB MODEM: system32\DRIVERS\usb8023.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\system32\DRIVERS\viaide.sys (disabled)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 42,922 bytes
Report generated in 0.140 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

Hey BluRay,

Make sure to delete actskn45.ocx, it will be listed in blue, it will only appear in safe mode if you have showed hidden files and folders (including system files).

C:\WINDOWS\system32\actskn45.ocx <<<<------File

Theres no need for the HJT startup list now, just another one of my craxy theroes, but I'd like you go get a winPFind log up, I won't anaylse it, I dont currently work with thoose logs, so there will be a short pause in my replys, I will get a expert to review it and get back to you.

Please do the following:

Please download WinPFind2.

*Extract the files to a folder(eg: C:\WinPFind2).
*Double click WinPFind2.exe to start the program.
*Click the Select All button in the File Options box of the Configuration tab(this is the tab the program opens up to by default).
*Click the Run all Scans button.
*When its finished scanning you will see Scans Complete! at the bottom left of the program.
*Click the Export to Text button.
*Notepad will open with the results of the scan and the log will be saved to the folder that you extracted the program to(C:\WinPFind2\WinPFind2.txt)
*Post the log in your next reply please. You may need to split the log over a couple posts so that it doesn't get cut off. If so please use the [Start Post #1] and [Start Post #2] deliminators in the log to split the log up.

Cheers,

 

i cant find actskn.ocx, what am i doing wrong?

maybe i dont have actskn45.ocx, how would it get there?
i booted up in safe mode had show hidden files on and i went to c:\WINDOWS\system32\actskn45.ocx and it says incorrect directory, i searched system32 and i still could not find it.

out of interest how would i have gotten this actskn45 file anyway?

 

Hey BluRay,

Ok, its alright, I guess Ewido deleted it (which is very likely looking at the log), all is great

Its actually linked to IST.bar (an infection).

 

i cant run winfind

 

Hey,

That happends when you run the file directly from a ZIP, unzip it then run it.

Good luck.

 

ok Rav.
I never extracted the files properly.

In the post after this one you will find the simple report.

 

Logfile created on: 09/11/2006 20:53
WinPFind2 by OldTimer - Version 1.0.8 Folder = C:\winpfind2\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< Processes (Non-Microsoft Only) >
c:\windows\system32\dla\dlactrlw.exe - (Sonic Solutions )
c:\program files\network associates\common framework\frameworkservice.exe - (Network Associates, Inc. )
c:\program files\ewido anti-spyware 4.0\guard.exe - (Anti-Malware Development a.s. )
c:\windows\system32\hkcmd.exe - (Intel Corporation )
c:\windows\system32\igfxpers.exe - (Intel Corporation )
c:\program files\intel\modem event monitor\intelmem.exe - (Intel Corporation )
c:\program files\common files\installshield\updateservice\issch.exe - (InstallShield Software Corporation )
c:\program files\java\jre1.5.0_06\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\windows\system32\lexbces.exe - (Lexmark International, Inc. )
c:\windows\system32\lexpps.exe - (Lexmark International, Inc. )
c:\program files\mcafee.com\agent\mcdetect.exe - (McAfee, Inc )
c:\program files\network associates\virusscan\mcshield.exe - (Network Associates, Inc. )
c:\progra~1\mcafee.com\agent\mctskshd.exe - (McAfee, Inc )
c:\progra~1\networ~1\common~1\naprdmgr.exe - (Network Associates, Inc. )
c:\program files\network associates\virusscan\shstat.exe - (Network Associates, Inc. )
c:\program files\common files\network associates\talkback\tbmon.exe - (Network Associates, Inc. )
c:\program files\network associates\common framework\updaterui.exe - (Network Associates, Inc. )
c:\windows\system32\zonelabs\vsmon.exe - (Zone Labs, LLC )
c:\program files\network associates\virusscan\vstskmgr.exe - (Network Associates, Inc. )
c:\winpfind2\winpfind2\winpfind2.exe - (OldTimer Tools )
c:\program files\zone labs\zonealarm\zlclient.exe - (Zone Labs, LLC )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM->Main\\Default_Page_URL - http://www.savewealth.com
HKLM->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page - http://www.savewealth.com/
HKCU->Main\\Search Bar - http://www.savewealth.com/support/ie6/search/
HKCU->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU->Main\\Local Page - C:\WINDOWS\system32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM->Search\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU->Search\\CustomizeSearch - Reg Data missing or invalid
HKCU->Search\\SearchAssistant - Reg Data missing or invalid
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride -

[>> BHO's <<]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. )
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - McBrwHelper Class = c:\program files\mcafee.com\mps\mcbrhlpr.dll (McAfee, Inc. )
{3EC8255F-E043-4cae-8B3B-B191550C2A22} - McAfee Privacy Service Popup Blocker = c:\program files\mcafee.com\mps\popupkiller.dll (McAfee, Inc. )
{53707962-6F74-2D53-2644-206D7942484F} - = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited )
{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions )
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. )
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} - ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation )
{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar2.dll (Google Inc. )
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll (Microsoft Corporation )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 - Sun Java Console
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8193 -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 - Windows Messenger
NextId - 8195

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc. )
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. )
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - MenuText: = Reg Data missing or invalid (File not found))
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data missing or invalid (File not found))
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found))
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found))
{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions )
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found))
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found))
{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (File not found))
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found))
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc. )
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} - PowerISO = Reg Data missing or invalid (File not found))
{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (File not found))
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = Reg Data missing or invalid (File not found))

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
* - VirusScan - {cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll (Network Associates, Inc. )
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
* - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
Directory - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
Directory - PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = Reg Data missing or invalid (File not found))
Directory - VirusScan - {cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll (Network Associates, Inc. )
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Directory - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
Directory\Background - igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation )
Folder - PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = Reg Data missing or invalid (File not found))
Folder - VirusScan - {cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll (Network Associates, Inc. )
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]
Folder - {7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalColumnHandler Class = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (File not found))

[>> Registry Run Keys <<]
HKLM->Run\\DLA - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions )
HKLM->Run\\ehTray - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation )
HKLM->Run\\igfxhkcmd - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation )
HKLM->Run\\igfxpers - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation )
HKLM->Run\\igfxtray - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation )
HKLM->Run\\IntelMeM - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation )
HKLM->Run\\ISUSPM Startup - "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup (InstallShield Software Corporation )
HKLM->Run\\ISUSScheduler - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation )
HKLM->Run\\Lexmark X1100 Series - "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" (Lexmark International, Inc. )
HKLM->Run\\McAfeeUpdaterUI - "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey (Network Associates, Inc. )
HKLM->Run\\MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc )
HKLM->Run\\MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe (McAfee, Inc )
HKLM->Run\\MSKDetectorExe - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall (McAfee, Inc. )
HKLM->Run\\Network Associates Error Reporting Service - "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" (Network Associates, Inc. )
HKLM->Run\\NWEReboot - (File not found))
HKLM->Run\\ShStatEXE - "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE (Network Associates, Inc. )
HKLM->Run\\SpeedTouch USB Diagnostics - "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon (THOMSON Telecom Belgium )
HKLM->Run\\SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc. )
HKLM->Run\\Zone Labs Client - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation )
HKCU->Run\\DellSupport - "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd. )
HKCU->Run\\MSMSGS - "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation )

[>> Startup Lnks <<]
HKLM->Common Startup - desktop.ini - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ( )
HKCU->Startup - desktop.ini - C:\Documents and Settings\User\Start Menu\Programs\Startup\desktop.ini ( )

[>> Disabled MSConfig Items <<]

[>> User Agent Post Platform <<]
SaveWealth - IEAK
SV1 -

[>> AppInit DLLs <<]

[>> Image File Execution Options <<]
Your Image File Name Here without a path - Debugger = ntsd -d

[>> Shell Service Object Delay Load <<]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation )

[>> Shell Execute Hooks <<]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s. )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[>> Shared Task Scheduler <<]

[>> Winlogon <<]
UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
Shell - Explorer.exe (Microsoft Corporation )
System - (File not found))
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\igfxcui - igfxdev.dll (Intel Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{B771A296-5C88-4EA1-A645-E4AC3677CD8C} - ()
{B892C70B-CA59-4A51-8643-699E89B600CE} - (Intel(R) PRO/100 VE Network Connection)

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found))
msdaipp - (File not found))

[>> Protocol Filters (Non-Microsoft only) <<]
application/x-internet-signup - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ( )

< Services (Non-Microsoft Only) >
ewido anti-spyware 4.0 guard (ewido anti-spyware 4.0 guard) - C:\Program Files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
LexBce Server (LexBceS) - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc. ) [Automatic - Running - Win32, running in it's own process]
McAfee Framework Service (McAfeeFramework) - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart (Network Associates, Inc. ) [Automatic - Running - Win32, running in it's own process]
McAfee WSC Integration (McDetect.exe) - c:\program files\mcafee.com\agent\mcdetect.exe (McAfee, Inc ) [Automatic - Running - Win32, running in it's own process]
Network Associates McShield (McShield) - "C:\Program Files\Network Associates\VirusScan\mcshield.exe" (Network Associates, Inc. ) [Automatic - Running - Win32, running in it's own process]
Network Associates Task Manager (McTaskManager) - "C:\Program Files\Network Associates\VirusScan\vstskmgr.exe" (Network Associates, Inc. ) [Automatic - Running - Win32, running in it's own process]
McAfee Task Scheduler (McTskshd.exe) - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (McAfee, Inc ) [Automatic - Running - Win32, running in it's own process]
TrueVector Internet Monitor (vsmon) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (Zone Labs, LLC ) [Automatic - Running - Win32, running in it's own process]

< Files >

%SystemDrive%

%ProgramFilesDir%

%WinDir%

%System%
C:\WINDOWS\SYSTEM32\avisynth.dll - UPX! (The Public [Ver = 2, 5, 5, 0 | Size = 284672 bytes | Date = 09/01/2004 15:49 | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_25.dll - aspack (Microsoft Corporation [Ver = 9.06.168.0000 | Size = 2337488 bytes | Date = 03/18/2005 17:19 | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_26.dll - aspack (Microsoft Corporation [Ver = 9.07.239.0000 | Size = 2297552 bytes | Date = 05/26/2005 15:34 | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_27.dll - aspack (Microsoft Corporation [Ver = 9.08.299.0000 | Size = 2319568 bytes | Date = 07/22/2005 19:59 | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_28.dll - aspack (Microsoft Corporation [Ver = 9.10.455.0000 | Size = 2323664 bytes | Date = 12/05/2005 18:09 | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_29.dll - aspack (Microsoft Corporation [Ver = 9.11.519.0000 | Size = 2332368 bytes | Date = 02/03/2006 08:43 | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_30.dll - aspack (Microsoft Corporation [Ver = 9.12.589.0000 | Size = 2388176 bytes | Date = 03/31/2006 12:40 | Attr = ])
C:\WINDOWS\SYSTEM32\dfrg.msc - PEC2 ( [Ver = | Size = 41397 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\DivX.dll - PEC2 (DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Date = 07/03/2006 22:40 | Attr = ])
C:\WINDOWS\SYSTEM32\DivX.dll - PECompact2 (DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Date = 07/03/2006 22:40 | Attr = ])
C:\WINDOWS\SYSTEM32\LegitCheckControl.dll - PTech (Microsoft Corporation [Ver = 1.5.0532.0 | Size = 579888 bytes | Date = 05/23/2006 17:26 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.18.1507.0 | Size = 6757792 bytes | Date = 07/07/2006 02:21 | Attr = ])
C:\WINDOWS\SYSTEM32\ntbackup.exe - WSUD (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\ntdll.dll - aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\rasdlg.dll - Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\WgaTray.exe - PTech (Microsoft Corporation [Ver = 1.5.0532.0 | Size = 285488 bytes | Date = 05/23/2006 17:25 | Attr = ])

%System%\Drivers folder and sub-folders

%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\bootstat.dat - ( [Ver = | Size = 2048 bytes | Date = 09/11/2006 19:32 | Attr = S])
C:\WINDOWS\repair\ntuser.dat.LOG - ( [Ver = | Size = 1024 bytes | Date = 08/24/2006 14:21 | Attr = H ])
C:\WINDOWS\system32\E2F53DEB73.sys - ( [Ver = | Size = 104 bytes | Date = 09/11/2006 18:05 | Attr = RHS])
C:\WINDOWS\system32\KGyGaAvL.sys - ( [Ver = | Size = 5852 bytes | Date = 09/11/2006 18:05 | Attr = HS])
C:\WINDOWS\system32\vsconfig.xml - ( [Ver = | Size = 48878 bytes | Date = 09/11/2006 19:36 | Attr = H ])
C:\WINDOWS\system32\zllictbl.dat - ( [Ver = | Size = 4212 bytes | Date = 07/21/2006 01:09 | Attr = H ])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat - ( [Ver = | Size = 10925 bytes | Date = 07/14/2006 17:13 | Attr = S])
C:\WINDOWS\system32\config\default.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/11/2006 20:52 | Attr = H ])
C:\WINDOWS\system32\config\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/11/2006 20:39 | Attr = H ])
C:\WINDOWS\system32\config\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/11/2006 19:42 | Attr = H ])
C:\WINDOWS\system32\config\software.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/11/2006 20:53 | Attr = H ])
C:\WINDOWS\system32\config\system.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/11/2006 20:39 | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG - ( [Ver = | Size = 1024 bytes | Date = 08/24/2006 14:21 | Attr = H ])
C:\WINDOWS\system32\DirectX\Dinput\Thumbs.db - ( [Ver = | Size = 233472 bytes | Date = 09/09/2006 20:20 | Attr = HS])
C:\WINDOWS\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 09/11/2006 19:32 | Attr = H ])
C:\WINDOWS\Temp\History\History.IE5\desktop.ini - ( [Ver = | Size = 113 bytes | Date = 09/09/2006 21:17 | Attr = HS])
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 09/09/2006 21:17 | Attr = HS])
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\HBLXJKZP\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 09/09/2006 21:17 | Attr = HS])
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IK0MBKH4\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 09/09/2006 21:17 | Attr = HS])
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OT6BCDYJ\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 09/09/2006 21:17 | Attr = HS])
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\XACC766Q\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 09/09/2006 21:17 | Attr = HS])
CPL files -
C:\WINDOWS\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\CMDVDPak.cpl - (Sonic Solutions [Ver = 2.5.00.0138 | Size = 1019904 bytes | Date = 10/25/2005 02:00 | Attr = ])
C:\WINDOWS\SYSTEM32\cpl_moh.cpl - ( [Ver = | Size = 24576 bytes | Date = 09/18/2003 04:18 | Attr = R ])
C:\WINDOWS\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\igfxcpl.cpl - (Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Date = 10/14/2005 21:49 | Attr = ])
C:\WINDOWS\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\ISUSPM.cpl - (InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 73728 bytes | Date = 06/10/2005 11:43 | Attr = ])
C:\WINDOWS\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 49265 bytes | Date = 11/10/2005 13:03 | Attr = ])
C:\WINDOWS\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\nwc.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\PRApplet.cpl - (Intel(R) Corporation [Ver = 7.2.3.2 | Size = 77824 bytes | Date = 11/18/2004 11:02 | Attr = ])
C:\WINDOWS\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 04:16 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/10/2004 06:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 04:16 | Attr = ])

AllUsers Startup Folder
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 08/16/2005 05:43 | Attr = HS])

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 08/16/2005 05:33 | Attr = HS])

CurrentUser Startup Folder
C:\Documents and Settings\User\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 08/16/2005 05:43 | Attr = HS])

CurrentUser ApplicationData Folder
C:\Documents and Settings\User\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 08/16/2005 05:33 | Attr = HS])

DPF files
{14B87622-7E19-4EA8-93B3-97215F77A6BC} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{215B8138-A3CF-44C5-803F-8226143CFC0A} - Trend Micro ActiveX Scan Agent 6.5 - CodeBase = http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
{33564D57-0000-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157827580671
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{B8BE5E93-A60C-4D26-A2DC-220313175592} - ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
{DECEAAA2-370A-49BB-9362-68C3A58DDC62} - - CodeBase = http://static.zangocash.com/cab/Zan...17ae0d655d23:3e3654fb7f06cf939d3cafd35fff1431

Hosts file = 734 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright (c) 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -

< End of report >

 

EXTENDED REPORT START POST#1

Logfile created on: 09/11/2006 20:53
WinPFind2 by OldTimer - Version 1.0.8 Folder = C:\winpfind2\WinPFind2\
Microsoft Windows XP (Version = Service Pack 2)
Internet Explorer (Version - 6.0.2900.2180)


[Start Post #1]

Processes
Image Name---------------ProcessID--Thread Count--Parent ID--Base Priority--
#Full Path
##(Version Info)

dlactrlw.exe-------------003008-----0004----------002052-----Normal---------
#c:\windows\system32\dla\dlactrlw.exe
##(Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Date = 09/08/2005 06:20 | Attr = ])

frameworkservice.exe-----001936-----0010----------000784-----Normal---------
#c:\program files\network associates\common framework\frameworkservice.exe
##(Network Associates, Inc. [Ver = 3.5.0.412 | Size = 102463 bytes | Date = 08/06/2004 03:50 | Attr = ])

guard.exe----------------001804-----0008----------000784-----Normal---------
#c:\program files\ewido anti-spyware 4.0\guard.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/16/2006 15:38 | Attr = ])

hkcmd.exe----------------001688-----0003----------002052-----Normal---------
#c:\windows\system32\hkcmd.exe
##(Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Date = 10/14/2005 21:46 | Attr = ])

igfxpers.exe-------------003196-----0004----------002052-----Normal---------
#c:\windows\system32\igfxpers.exe
##(Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Date = 10/14/2005 21:50 | Attr = ])

intelmem.exe-------------000636-----0002----------002052-----Normal---------
#c:\program files\intel\modem event monitor\intelmem.exe
##(Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Date = 09/03/2003 21:12 | Attr = ])

issch.exe----------------003180-----0001----------002052-----Normal---------
#c:\program files\common files\installshield\updateservice\issch.exe
##(InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Date = 06/10/2005 11:44 | Attr = ])

jusched.exe--------------002452-----0001----------002052-----Normal---------
#c:\program files\java\jre1.5.0_06\bin\jusched.exe
##(Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Date = 11/10/2005 13:03 | Attr = ])

lexbces.exe--------------001420-----0010----------000784-----Normal---------
#c:\windows\system32\lexbces.exe
##(Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Date = 08/18/2003 10:37 | Attr = ])

lexpps.exe---------------002360-----0010----------002052-----Normal---------
#c:\windows\system32\lexpps.exe
##(Lexmark International, Inc. [Ver = 8.29 | Size = 174592 bytes | Date = 08/18/2003 10:32 | Attr = ])

mcdetect.exe-------------002000-----0005----------000784-----Normal---------
#c:\program files\mcafee.com\agent\mcdetect.exe
##(McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Date = 10/13/2005 19:56 | Attr = ])

mcshield.exe-------------003092-----0030----------000784-----High-----------
#c:\program files\network associates\virusscan\mcshield.exe
##(Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Date = 09/22/2004 20:00 | Attr = ])

mctskshd.exe-------------000288-----0002----------000784-----Normal---------
#c:\progra~1\mcafee.com\agent\mctskshd.exe
##(McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Date = 08/24/2005 17:01 | Attr = ])

naprdmgr.exe-------------000188-----0004----------000984-----Normal---------
#c:\progra~1\networ~1\common~1\naprdmgr.exe
##(Network Associates, Inc. [Ver = 3.5.0.412 | Size = 237623 bytes | Date = 08/06/2004 03:50 | Attr = ])

shstat.exe---------------002512-----0007----------002052-----Normal---------
#c:\program files\network associates\virusscan\shstat.exe
##(Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Date = 09/22/2004 20:00 | Attr = ])

tbmon.exe----------------003228-----0002----------002052-----Normal---------
#c:\program files\common files\network associates\talkback\tbmon.exe
##(Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Date = 10/07/2003 09:48 | Attr = ])

updaterui.exe------------002272-----0005----------002052-----Normal---------
#c:\program files\network associates\common framework\updaterui.exe
##(Network Associates, Inc. [Ver = 3.5.0.412 | Size = 139320 bytes | Date = 08/06/2004 03:50 | Attr = ])

vsmon.exe----------------001732-----0024----------000784-----Normal---------
#c:\windows\system32\zonelabs\vsmon.exe
##(Zone Labs, LLC [Ver = 6.5.722.000 | Size = 75768 bytes | Date = 06/18/2006 17:54 | Attr = ])

vstskmgr.exe-------------000252-----0011----------000784-----Normal---------
#c:\program files\network associates\virusscan\vstskmgr.exe
##(Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Date = 09/22/2004 20:00 | Attr = ])

winpfind2.exe------------004008-----0001----------002052-----Normal---------
#c:\winpfind2\winpfind2\winpfind2.exe
##(OldTimer Tools [Ver = 1.0.8.0 | Size = 386560 bytes | Date = 09/02/2006 12:31 | Attr = ])

zlclient.exe-------------002584-----0008----------002052-----Normal---------
#c:\program files\zone labs\zonealarm\zlclient.exe
##(Zone Labs, LLC [Ver = 6.5.722.000 | Size = 968696 bytes | Date = 06/18/2006 17:54 | Attr = ])


Registry Entries

#Value
##(Version Info)

<<< >> Internet Explorer Settings << >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL
#http://www.savewealth.com
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#%SystemRoot%\system32\blank.htm
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.savewealth.com/
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar
#http://www.savewealth.com/support/ie6/search/
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#C:\WINDOWS\system32\blank.htm
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch
#http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant
#http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch
#Reg Data missing or invalid
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant
#Reg Data missing or invalid
##

HKCU\Software\Microsoft\Internet Explorer\urlSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
#Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2919 (xpsp.060529-0207) | Size = 1496576 bytes | Date = 05/29/2006 16:32 | Attr = ])

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable
#0
##

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride
#
##

<<< >> BHO's << >>>

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
#Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
##(Yahoo! Inc. [Ver = 2005, 12, 7, 1 | Size = 399424 bytes | Date = 12/07/2005 15:06 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
#AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
##(Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Date = 11/03/2003 15:17 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}
#McBrwHelper Class = c:\program files\mcafee.com\mps\mcbrhlpr.dll
##(McAfee, Inc. [Ver = 8.0.0.149 | Size = 147456 bytes | Date = 07/26/2005 14:53 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EC8255F-E043-4cae-8B3B-B191550C2A22}
#McAfee Privacy Service Popup Blocker = c:\program files\mcafee.com\mps\popupkiller.dll
##(McAfee, Inc. [Ver = 8.0.0.149 | Size = 126976 bytes | Date = 07/26/2005 14:50 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
# = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
##(Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Date = 05/31/2005 01:04 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
#DriveLetterAccess = C:\WINDOWS\System32\DLA\DLASHX_W.DLL
##(Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Date = 09/08/2005 06:20 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
#SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Date = 11/10/2005 13:22 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
#ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
##(Microsoft Corporation [Ver = 01.02.3000.1001 | Size = 155648 bytes | Date = 08/13/2004 17:42 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
#Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
#MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
##(Microsoft Corporation [Ver = 01.02.5000.1021 | Size = 282624 bytes | Date = 01/17/2006 16:04 | Attr = ])

<<< >> Internet Explorer Bars, Toolbars and Extensions << >>>

<<< HKLM-> Internet Explorer Bars >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
#Reg Data missing or invalid = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
#&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2919 (xpsp.060529-0207) | Size = 1496576 bytes | Date = 05/29/2006 16:32 | Attr = ])

<<< HKCU-> Internet Explorer ToolBars >>>

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp.060509-0230) | Size = 1022976 bytes | Date = 05/10/2006 06:25 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp.060509-0230) | Size = 1022976 bytes | Date = 05/10/2006 06:25 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
#&Links = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Date = 03/17/2006 05:03 | Attr = ])

<<< HKCU-> Internet Explorer CmdMapping >>>

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#8192 - Sun Java Console
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
#8193 -
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683}
#8194 - Windows Messenger
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\NextId
#8195
##

<<< HKLM-> Internet Explorer Extensions >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
##(Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Date = 11/10/2005 13:22 | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Date = 11/10/2005 13:22 | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
#MenuText: = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
#ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe
##(Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Date = 10/13/2004 17:24 | Attr = ])

<<< >> Approved Shell Extensions (Non-Microsoft only) << >>>

<<< HKLM-> Approved Shell Extensions >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}
#Autoplay for SlideShow = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
#Taskbar and Start Menu = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42071714-76d4-11d1-8b24-00a0c9068ff3}
#Display Panning CPL Extension = deskpan.dll
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CA3D70E-1895-11CF-8E15-001234567890}
#DriveLetterAccess = C:\WINDOWS\System32\DLA\DLASHX_W.DLL
##(Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Date = 09/08/2005 06:20 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{764BF0E1-F219-11ce-972D-00AA00A14F56}
#Shell extensions for file compression = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A9D77BD-5403-11d2-8785-2E0420524153}
#User Accounts = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F1CF152-04F8-453A-B34C-E609530A9DC8}
#NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
#Encryption Context Menu = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8}
#HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll
##(Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
#PowerISO = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B327765E-D724-4347-8B16-78AE18552FC3}
#NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
#WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 125440 bytes | Date = 10/07/2005 15:05 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79304-84BE-11CE-9641-444553540000}
#WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
##(WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Date = 12/17/2004 10:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79305-84BE-11CE-9641-444553540000}
#WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
##(WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Date = 12/17/2004 10:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79306-84BE-11CE-9641-444553540000}
#WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
##(WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Date = 12/17/2004 10:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79307-84BE-11CE-9641-444553540000}
#WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
##(WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Date = 12/17/2004 10:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
#Shell Extensions for RealOne Player = Reg Data missing or invalid
##(File not found)

<<< >> ContextMenuHandlers (Non-Microsoft only) << >>>

<<< HKLM-> ContextMenuHandlers >>>

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ewido anti-spyware
#{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/16/2006 15:38 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\VirusScan
#{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
##(Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Date = 09/22/2004 20:00 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 125440 bytes | Date = 10/07/2005 15:05 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinZip
#{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
##(WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Date = 12/17/2004 10:00 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
#{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/16/2006 15:38 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PowerISO
#{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\VirusScan
#{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
##(Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Date = 09/22/2004 20:00 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 125440 bytes | Date = 10/07/2005 15:05 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
#{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
##(WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Date = 12/17/2004 10:00 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\BackGround\shellex\ContextMenuHandlers\igfxcui
#{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\system32\igfxpph.dll
##(Intel Corporation [Ver = 3.0.0.4410 | Size = 147456 bytes | Date = 10/14/2005 21:49 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PowerISO
#{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VirusScan
#{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
##(Network Associates, Inc. [Ver = 8.0.0.912 | Size = 13824 bytes | Date = 09/22/2004 20:00 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 125440 bytes | Date = 10/07/2005 15:05 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
#{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
##(WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 5120 bytes | Date = 12/17/2004 10:00 | Attr = ])

<<< >> ColumnHandlers (Non-Microsoft only) << >>>

<<< HKLM-> ColumnHandlers >>>

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
#NeroDigitalColumnHandler Class = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(File not found)

<<< >> Registry Run Keys << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DLA
#C:\WINDOWS\System32\DLA\DLACTRLW.EXE
##(Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Date = 09/08/2005 06:20 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ehTray
#C:\WINDOWS\ehome\ehtray.exe
##(Microsoft Corporation [Ver = 5.1.2715.2765 (xpsp(wmbla).050928-2135) | Size = 67584 bytes | Date = 09/29/2005 15:01 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\igfxhkcmd
#C:\WINDOWS\system32\hkcmd.exe
##(Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Date = 10/14/2005 21:46 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\igfxpers
#C:\WINDOWS\system32\igfxpers.exe
##(Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Date = 10/14/2005 21:50 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\igfxtray
#C:\WINDOWS\system32\igfxtray.exe
##(Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Date = 10/14/2005 21:49 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IntelMeM
#C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
##(Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Date = 09/03/2003 21:12 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup
#"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
##(InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Date = 06/10/2005 11:44 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler
#"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
##(InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Date = 06/10/2005 11:44 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lexmark X1100 Series
#"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
##(Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Date = 08/19/2003 10:43 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\McAfeeUpdaterUI
#"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
##(Network Associates, Inc. [Ver = 3.5.0.412 | Size = 139320 bytes | Date = 08/06/2004 03:50 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MCAgentExe
#c:\PROGRA~1\mcafee.com\agent\mcagent.exe
##(McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Date = 09/22/2005 18:29 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MCUpdateExe
#C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
##(McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Date = 01/11/2006 12:05 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSKDetectorExe
#C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
##(McAfee, Inc. [Ver = 7.0.1.3 | Size = 1117184 bytes | Date = 07/12/2005 19:05 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Network Associates Error Reporting Service
#"C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
##(Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Date = 10/07/2003 09:48 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NWEReboot
#
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ShStatEXE
#"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
##(Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Date = 09/22/2004 20:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpeedTouch USB Diagnostics
#"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
##(THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Date = 01/26/2004 11:38 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched
#C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
##(Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Date = 11/10/2005 13:03 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Zone Labs Client
#"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
##(Zone Labs, LLC [Ver = 6.5.722.000 | Size = 968696 bytes | Date = 06/18/2006 17:54 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
#Installed = 1
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
#Installed = 1
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
#Installed = 1
##

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe
#C:\WINDOWS\system32\ctfmon.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DellSupport
#"C:\Program Files\Dell Support\DSAgnt.exe" /startup
##(Gteko Ltd. [Ver = 1, 1, 0, 73 | Size = 306688 bytes | Date = 07/19/2004 08:51 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSMSGS
#"C:\Program Files\Messenger\msmsgs.exe" /background
##(Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Date = 10/13/2004 17:24 | Attr = ])


#
##

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
#C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
##( [Ver = | Size = 84 bytes | Date = 08/16/2005 05:43 | Attr = HS])

C:\Documents and Settings\User\Start Menu\Programs\Startup\desktop.ini
#C:\Documents and Settings\User\Start Menu\Programs\Startup\desktop.ini
##( [Ver = | Size = 84 bytes | Date = 08/16/2005 05:43 | Attr = HS])

<<< >> Disabled MSConfig Items << >>>

<<< >> User Agent Post Platform << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\SaveWealth
#IEAK
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\SV1
#
##

<<< >> AppInit DLLs << >>>

<<< >> Image File Execution Options << >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
#Debugger = ntsd -d
##

<<< >> Shell Service Object Delay Load << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn
#{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Date = 03/17/2006 05:03 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder
#{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Date = 03/17/2006 05:03 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray
#{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck
#{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Date = 08/10/2004 06:00 | Attr = ])

<<< >> Shell Execute Hooks << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}
#CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 73728 bytes | Date = 06/16/2006 15:38 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972}
#URL Exec Hook = shell32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Date = 03/17/2006 05:03 | Attr = ])

<<< >> Shared Task Scheduler << >>>

<<< >> Winlogon << >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
#C:\WINDOWS\system32\userinit.exe,
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
#Explorer.exe
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System
#
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
#crypt32.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
#cryptnet.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
#cscdll.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
#igfxdev.dll
##(Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Date = 10/14/2005 21:45 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
#sclgntfy.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
#WlNotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
#WgaLogon.dll
##(Microsoft Corporation [Ver = 1.5.0532.0 | Size = 402736 bytes | Date = 05/23/2006 17:25 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 06:00 | Attr = ])

<<< >> DNS Name Servers << >>>

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B771A296-5C88-4EA1-A645-E4AC3677CD8C}
# ()
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B892C70B-CA59-4A51-8643-699E89B600CE}
# (Intel(R) PRO/100 VE Network Connection)
##

<<< >> All Winsock2 Catalogs << >>>

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
#%SystemRoot%\System32\winrnr.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16896 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 06:00 | Attr = ])

<<< >> Protocol Handlers (Non-Microsoft only) << >>>

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ipp
#
##(File not found)

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp
#
##(File not found)

<<< >> Protocol Filters (Non-Microsoft only) << >>>

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-internet-signup
#C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
##( [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Date = 07/01/2004 10:32 | Attr = ])

 

EXTENDED REPORT START POST #2

[Start Post #2]

Services
Name--Internal Name--Startup Type--State--Service Type--
#Path
##(Version Info)

ewido anti-spyware 4.0 guard--ewido anti-spyware 4.0 guard--Automatic--Running--Win32, running in it's own process--
#C:\Program Files\ewido anti-spyware 4.0\guard.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/16/2006 15:38 | Attr = ])

LexBce Server--LexBceS--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\LEXBCES.EXE
##(Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Date = 08/18/2003 10:37 | Attr = ])

McAfee Framework Service--McAfeeFramework--Automatic--Running--Win32, running in it's own process--
#C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart
##(Network Associates, Inc. [Ver = 3.5.0.412 | Size = 102463 bytes | Date = 08/06/2004 03:50 | Attr = ])

McAfee WSC Integration--McDetect.exe--Automatic--Running--Win32, running in it's own process--
#c:\program files\mcafee.com\agent\mcdetect.exe
##(McAfee, Inc [Ver = 6, 0, 0, 19 | Size = 126976 bytes | Date = 10/13/2005 19:56 | Attr = ])

Network Associates McShield--McShield--Automatic--Running--Win32, running in it's own process--
#"C:\Program Files\Network Associates\VirusScan\mcshield.exe"
##(Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Date = 09/22/2004 20:00 | Attr = ])

Network Associates Task Manager--McTaskManager--Automatic--Running--Win32, running in it's own process--
#"C:\Program Files\Network Associates\VirusScan\vstskmgr.exe"
##(Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Date = 09/22/2004 20:00 | Attr = ])

McAfee Task Scheduler--McTskshd.exe--Automatic--Running--Win32, running in it's own process--
#c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
##(McAfee, Inc [Ver = 6, 0, 0, 13 | Size = 122368 bytes | Date = 08/24/2005 17:01 | Attr = ])

TrueVector Internet Monitor--vsmon--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
##(Zone Labs, LLC [Ver = 6.5.722.000 | Size = 75768 bytes | Date = 06/18/2006 17:54 | Attr = ])


Files
Full Path
#Details

%SystemDrive%
#

%ProgramFilesDir%
#

%WinDir%
#

%System%
#

C:\WINDOWS\SYSTEM32\avisynth.dll
#UPX! (The Public [Ver = 2, 5, 5, 0 | Size = 284672 bytes | Date = 09/01/2004 15:49 | Attr = ])

C:\WINDOWS\SYSTEM32\d3dx9_25.dll
#aspack (Microsoft Corporation [Ver = 9.06.168.0000 | Size = 2337488 bytes | Date = 03/18/2005 17:19 | Attr = ])

C:\WINDOWS\SYSTEM32\d3dx9_26.dll
#aspack (Microsoft Corporation [Ver = 9.07.239.0000 | Size = 2297552 bytes | Date = 05/26/2005 15:34 | Attr = ])

C:\WINDOWS\SYSTEM32\d3dx9_27.dll
#aspack (Microsoft Corporation [Ver = 9.08.299.0000 | Size = 2319568 bytes | Date = 07/22/2005 19:59 | Attr = ])

C:\WINDOWS\SYSTEM32\d3dx9_28.dll
#aspack (Microsoft Corporation [Ver = 9.10.455.0000 | Size = 2323664 bytes | Date = 12/05/2005 18:09 | Attr = ])

C:\WINDOWS\SYSTEM32\d3dx9_29.dll
#aspack (Microsoft Corporation [Ver = 9.11.519.0000 | Size = 2332368 bytes | Date = 02/03/2006 08:43 | Attr = ])

C:\WINDOWS\SYSTEM32\d3dx9_30.dll
#aspack (Microsoft Corporation [Ver = 9.12.589.0000 | Size = 2388176 bytes | Date = 03/31/2006 12:40 | Attr = ])

C:\WINDOWS\SYSTEM32\dfrg.msc
#PEC2 ( [Ver = | Size = 41397 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\DivX.dll
#PEC2 (DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Date = 07/03/2006 22:40 | Attr = ])

C:\WINDOWS\SYSTEM32\DivX.dll
#PECompact2 (DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Date = 07/03/2006 22:40 | Attr = ])

C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
#PTech (Microsoft Corporation [Ver = 1.5.0532.0 | Size = 579888 bytes | Date = 05/23/2006 17:26 | Attr = ])

C:\WINDOWS\SYSTEM32\MRT.exe
#aspack (Microsoft Corporation [Ver = 1.18.1507.0 | Size = 6757792 bytes | Date = 07/07/2006 02:21 | Attr = ])

C:\WINDOWS\SYSTEM32\ntbackup.exe
#WSUD (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\ntdll.dll
#aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\nusrmgr.cpl
#WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\rasdlg.dll
#Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\wbdbase.deu
#winsync ( [Ver = | Size = 1309184 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\WgaTray.exe
#PTech (Microsoft Corporation [Ver = 1.5.0532.0 | Size = 285488 bytes | Date = 05/23/2006 17:25 | Attr = ])

%System%\Drivers folder and sub-folders
#

%windir% + sub-dirs for System or Hidden files less than 60 days old
#

C:\WINDOWS\bootstat.dat
# ( [Ver = | Size = 2048 bytes | Date = 09/11/2006 19:32 | Attr = S])

C:\WINDOWS\repair\ntuser.dat.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/24/2006 14:21 | Attr = H ])

C:\WINDOWS\system32\E2F53DEB73.sys
# ( [Ver = | Size = 104 bytes | Date = 09/11/2006 18:05 | Attr = RHS])

C:\WINDOWS\system32\KGyGaAvL.sys
# ( [Ver = | Size = 5852 bytes | Date = 09/11/2006 18:05 | Attr = HS])

C:\WINDOWS\system32\vsconfig.xml
# ( [Ver = | Size = 48878 bytes | Date = 09/11/2006 19:36 | Attr = H ])

C:\WINDOWS\system32\zllictbl.dat
# ( [Ver = | Size = 4212 bytes | Date = 07/21/2006 01:09 | Attr = H ])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat
# ( [Ver = | Size = 10925 bytes | Date = 07/14/2006 17:13 | Attr = S])

C:\WINDOWS\system32\config\default.LOG
# ( [Ver = | Size = 1024 bytes | Date = 09/11/2006 20:52 | Attr = H ])

C:\WINDOWS\system32\config\SAM.LOG
# ( [Ver = | Size = 1024 bytes | Date = 09/11/2006 20:39 | Attr = H ])

C:\WINDOWS\system32\config\SECURITY.LOG
# ( [Ver = | Size = 1024 bytes | Date = 09/11/2006 19:42 | Attr = H ])

C:\WINDOWS\system32\config\software.LOG
# ( [Ver = | Size = 1024 bytes | Date = 09/11/2006 20:53 | Attr = H ])

C:\WINDOWS\system32\config\system.LOG
# ( [Ver = | Size = 1024 bytes | Date = 09/11/2006 20:39 | Attr = H ])

C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/24/2006 14:21 | Attr = H ])

C:\WINDOWS\system32\DirectX\Dinput\Thumbs.db
# ( [Ver = | Size = 233472 bytes | Date = 09/09/2006 20:20 | Attr = HS])

C:\WINDOWS\Tasks\SA.DAT
# ( [Ver = | Size = 6 bytes | Date = 09/11/2006 19:32 | Attr = H ])

C:\WINDOWS\Temp\History\History.IE5\desktop.ini
# ( [Ver = | Size = 113 bytes | Date = 09/09/2006 21:17 | Attr = HS])

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 09/09/2006 21:17 | Attr = HS])

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\HBLXJKZP\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 09/09/2006 21:17 | Attr = HS])

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IK0MBKH4\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 09/09/2006 21:17 | Attr = HS])

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OT6BCDYJ\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 09/09/2006 21:17 | Attr = HS])

C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\XACC766Q\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 09/09/2006 21:17 | Attr = HS])

CPL files
#

C:\WINDOWS\SYSTEM32\access.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\appwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\bthprops.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\CMDVDPak.cpl
# (Sonic Solutions [Ver = 2.5.00.0138 | Size = 1019904 bytes | Date = 10/25/2005 02:00 | Attr = ])

C:\WINDOWS\SYSTEM32\cpl_moh.cpl
# ( [Ver = | Size = 24576 bytes | Date = 09/18/2003 04:18 | Attr = R ])

C:\WINDOWS\SYSTEM32\desk.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\firewall.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\hdwwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\igfxcpl.cpl
# (Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Date = 10/14/2005 21:49 | Attr = ])

C:\WINDOWS\SYSTEM32\inetcpl.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\intl.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\irprops.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\ISUSPM.cpl
# (InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 73728 bytes | Date = 06/10/2005 11:43 | Attr = ])

C:\WINDOWS\SYSTEM32\joy.cpl
# (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\jpicpl32.cpl
# (Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 49265 bytes | Date = 11/10/2005 13:03 | Attr = ])

C:\WINDOWS\SYSTEM32\main.cpl
# (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\mmsys.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\ncpa.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\netsetup.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\nusrmgr.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\nwc.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\odbccp32.cpl
# (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\powercfg.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\PRApplet.cpl
# (Intel(R) Corporation [Ver = 7.2.3.2 | Size = 77824 bytes | Date = 11/18/2004 11:02 | Attr = ])

C:\WINDOWS\SYSTEM32\sysdm.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\telephon.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\timedate.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\wscui.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\wuaucpl.cpl
# (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 04:16 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\access.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/10/2004 06:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
# (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 04:16 | Attr = ])

AllUsers Startup Folder
#

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
# ( [Ver = | Size = 84 bytes | Date = 08/16/2005 05:43 | Attr = HS])

AllUsers ApplicationData Folder
#

C:\Documents and Settings\All Users\Application Data\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 08/16/2005 05:33 | Attr = HS])

CurrentUser Startup Folder
#

C:\Documents and Settings\User\Start Menu\Programs\Startup\desktop.ini
# ( [Ver = | Size = 84 bytes | Date = 08/16/2005 05:43 | Attr = HS])

CurrentUser ApplicationData Folder
#

C:\Documents and Settings\User\Application Data\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 08/16/2005 05:33 | Attr = HS])

DPF files
#

{14B87622-7E19-4EA8-93B3-97215F77A6BC}
#MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

{166B1BCA-3F9C-11CF-8075-444553540000}
#Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

{215B8138-A3CF-44C5-803F-8226143CFC0A}
#Trend Micro ActiveX Scan Agent 6.5 - CodeBase = http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

{33564D57-0000-0010-8000-00AA00389B71}
# - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
#McAfee.com Operating System Class - CodeBase = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
# - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab

{6414512B-B978-451D-A0D8-FCFDF33E833C}
#WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157827580671

{8AD9C840-044E-11D1-B3E9-00805F499D93}
#Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{B8BE5E93-A60C-4D26-A2DC-220313175592}
#ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
#Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
#Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
#Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000}
# - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

{DECEAAA2-370A-49BB-9362-68C3A58DDC62}
# - CodeBase = http://static.zangocash.com/cab/Zan...17ae0d655d23:3e3654fb7f06cf939d3cafd35fff1431

Hosts file = 734 bytes. Reading all entries.
#C:\WINDOWS\System32\drivers\etc\Hosts

# Copyright (c) 1993-1999 Microsoft Corp.
#

#
#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#

#
#

# This file contains the mappings of IP addresses to host names. Each
#

# entry should be kept on an individual line. The IP address should
#

# be placed in the first column followed by the corresponding host name.
#

# The IP address and the host name should be separated by at least one
#

# space.
#

#
#

# Additionally, comments (such as these) may be inserted on individual
#

# lines or following the machine name denoted by a '#' symbol.
#

#
#

# For example:
#

#
#

# 102.54.94.97 rhino.acme.com # source server
#

# 38.25.63.10 x.acme.com # x client host
#


#

127.0.0.1 localhost
#

 

Hey Rav, have you got someone to check that log from the last few posts?
because i realy think there is something still not quite right about my comp.
dont want to rush you though.

Kind Regards BluRay.

 

Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm
When the scan is finished, save the results from the scan!

Come back here and post a new Hijack This log along with the logs from the Panda scans.