1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win Anti Virus Pro & Drive Cleaner Removal Help

Discussion in 'Virus & Other Malware Removal' started by USMCBUCK10, Jan 21, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Logfile created on: 1/24/2007 11:52:38 AM
    WinPFind v1.5.0 Folder = C:\Documents and Settings\TEMP\Desktop\WinPFind\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 6.0.2900.2180)

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...

    Checking %System% folder...
    WSUD 9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
    UPX! 1/5/2007 7:00:22 PM HS 22541 C:\WINDOWS\SYSTEM32\cbxvtur.dll ()
    aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
    aspack 5/26/2005 2:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
    aspack 7/22/2005 6:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
    aspack 12/5/2005 5:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
    aspack 2/3/2006 7:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
    aspack 3/31/2006 11:40:58 AM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
    PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
    UPX! 9/13/2004 2:39:54 PM 69632 C:\WINDOWS\SYSTEM32\first.awp ()
    UPX! 1/21/2007 1:26:28 PM 76412 C:\WINDOWS\SYSTEM32\fmhedcys.dll ()
    UPX! 1/16/2007 5:22:00 PM 44060 C:\WINDOWS\SYSTEM32\fuiqvcdn.dll ()
    UPX! 1/5/2007 7:06:26 PM 44060 C:\WINDOWS\SYSTEM32\gaopntlj.dll ()
    PTech 6/10/2004 12:47:02 AM H 3279394 C:\WINDOWS\SYSTEM32\kyf.dat ()
    UPX! 4/11/2000 8:44:56 PM 85504 C:\WINDOWS\SYSTEM32\lame_enc.dll ()
    PTech 6/19/2006 3:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
    PECompact2 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
    WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    aspack 3/26/2004 1:06:40 AM 2316336 C:\WINDOWS\SYSTEM32\NY Nights.scr (Axialis Software)
    WSUD 6/12/2004 2:12:30 PM HS 2926 C:\WINDOWS\SYSTEM32\qyrwi.dat ()
    Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
    UPX! 1/5/2007 7:07:36 PM 88340 C:\WINDOWS\SYSTEM32\saxaxbdk.exe ()
    UPX! 9/13/2004 2:39:56 PM 46080 C:\WINDOWS\SYSTEM32\second.awp ()
    UPX! 1/15/2007 5:22:04 PM 118804 C:\WINDOWS\SYSTEM32\skvjhtig.dll ()
    UPX! 4/27/2006 4:49:30 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
    UPX! 8/29/2006 6:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
    UPX! 1/9/2006 9:36:06 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
    UPX! 12/1/2006 5:20:34 AM 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe (SteelWerX)
    UPX! 10/22/2004 4:46:50 AM 33280 C:\WINDOWS\SYSTEM32\tasklist.exe (Microsoft Corporation)
    UPX! 1/23/2007 9:08:54 PM 76412 C:\WINDOWS\SYSTEM32\vcunqjpt.dll ()
    UPX! 1/18/2007 10:55:54 AM 76412 C:\WINDOWS\SYSTEM32\vypcsbqk.dll ()
    winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
    PTech 6/19/2006 3:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)
    UPX! 1/15/2007 5:21:54 PM 44060 C:\WINDOWS\SYSTEM32\ynsyjfuf.dll ()

    Checking %System%\Drivers folder and sub-folders...
    PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    1/24/2007 11:47:40 AM S 2048 C:\WINDOWS\bootstat.dat ()
    1/23/2007 7:02:30 PM H 54156 C:\WINDOWS\QTFont.qfn ()
    1/21/2007 3:24:52 PM RHS 168 C:\WINDOWS\system32\B89AC51B07.sys ()
    1/5/2007 7:00:22 PM HS 22541 C:\WINDOWS\system32\cbxvtur.dll ()
    1/13/2007 3:26:22 PM HS 867022 C:\WINDOWS\system32\edeeg.bak1 ()
    1/14/2007 1:30:50 PM HS 861617 C:\WINDOWS\system32\edeeg.bak2 ()
    1/8/2007 3:59:04 AM HS 914072 C:\WINDOWS\system32\edeeg.ini ()
    1/8/2007 3:59:36 AM HS 914072 C:\WINDOWS\system32\edeeg.tmp ()
    1/15/2007 1:06:20 PM HS 916403 C:\WINDOWS\system32\edeeg.tmp2 ()
    1/15/2007 5:16:16 PM HS 22029 C:\WINDOWS\system32\gebcayv.dll ()
    1/24/2007 7:00:32 AM HS 886 C:\WINDOWS\system32\githjvks.ini ()
    1/21/2007 5:47:28 PM HS 6320 C:\WINDOWS\system32\KGyGaAvL.sys ()
    1/23/2007 9:10:06 PM HS 989586 C:\WINDOWS\system32\ppqss.bak1 ()
    1/24/2007 12:11:20 PM HS 1043994 C:\WINDOWS\system32\ppqss.ini ()
    12/7/2006 8:30:20 PM S 9057 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
    12/22/2006 11:53:02 AM S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
    1/24/2007 11:47:56 AM H 16384 C:\WINDOWS\system32\config\default.LOG ()
    1/24/2007 11:48:24 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
    1/24/2007 11:47:44 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
    1/24/2007 11:51:02 AM H 1024 C:\WINDOWS\system32\config\software.LOG ()
    1/24/2007 11:48:30 AM H 1024 C:\WINDOWS\system32\config\system.LOG ()
    1/10/2007 3:22:26 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
    1/7/2007 1:26:00 AM S 1039 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
    1/7/2007 1:26:00 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
    1/17/2007 7:04:18 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1d577e61-58b0-4558-bbd6-d93be246bc3d ()
    1/17/2007 7:04:18 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
    1/23/2007 5:32:36 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

    Checking for CPL files...
    8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
    9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
    8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
    4/26/2002 6:33:40 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl ()
    8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
    5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
    8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
    6/10/2005 10:43:18 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
    8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
    11/9/2006 3:07:28 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
    8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    7/28/2003 1:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
    8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
    3/3/1999 2:10:02 AM 49152 C:\WINDOWS\SYSTEM32\speech.cpl (Microsoft)
    8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
    5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
    5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
    5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl (Intel Corporation)
    6/20/2002 1:58:44 AM 629248 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\ALSNDMGR.CPL (Avance Logic, Inc.)

    Checking for Downloaded Program Files...
    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
    {11260943-421B-11D0-8EAC-0000C07D88CF} - iPIX ActiveX Control - CodeBase = http://www.ipix.com/viewers/ipixx.cab
    {166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab
    {17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
    {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - - CodeBase = http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - - CodeBase =
    {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - DownloadManager Control - CodeBase = http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
    {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
    {406B5949-7190-4245-91A9-30A17DE16AD0} - Snapfish Activia - CodeBase = http://www1.snapfish.com/SnapfishActivia.cab
    {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
    {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - - CodeBase = http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab
    {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    {639658F3-B141-4D6B-B936-226F75A5EAC3} - CPlayFirstDinerDash2Control Object - CodeBase = http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
    {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    {B9191F79-5613-4C76-AA2A-398534BB8999} - - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - DwnldGroupMgr Class - CodeBase = http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - Invoke Solutions Participant Control(MR) - CodeBase = http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
    {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - CPlayFirstDinerDashControl Object - CodeBase = http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
    {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - PopCapLoader Object - CodeBase = http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
    Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    7/23/2002 7:10:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
    1/20/2007 1:39:46 AM 1132112 C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe ()
    12/16/2006 5:22:22 PM 1353 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

    Checking files in %USERPROFILE%\Startup folder...
    7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

    Checking files in %USERPROFILE%\Application Data folder...
    10/20/2004 5:59:30 PM 12358 C:\Documents and Settings\TEMP\Application Data\PFP100JCM.{PB ()
    10/20/2004 5:59:30 PM 61678 C:\Documents and Settings\TEMP\Application Data\PFP100JPR.{PB ()

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    >>> Internet Explorer Settings <<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.yahoo.com/
    \\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    \\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    \\Default_Page_URL - http://www.yahoo.com/
    \\Default_Search_URL - http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    \\Local Page - %SystemRoot%\system32\blank.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.yahoo.com/
    \\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    \\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    \\Local Page - C:\WINDOWS\system32\blank.htm

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    \\CustomizeSearch -
    \\SearchAssistant -


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    \\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - AOLTBSearch Class = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    \\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    \\{00A6FAF6-072E-44cf-8957-5838F569A31D} - = C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL (MyWebSearch.com)
    \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - = ()

    >>> BHO's <<<
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    \SOFTWARE - = ()
    \{00A6FAF1-072E-44cf-8957-5838F569A31D} - MyWebSearch Search Assistant BHO = C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL (MyWebSearch.com)
    \{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    \{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
    \{07B18EA1-A523-4961-B6BB-170DE4475CCA} - mwsBar BHO = C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL (MyWebSearch.com)
    \{3E15928A-26B2-40b2-A4CA-408720C444BA} - COLLEGETOOLBAR = C:\PROGRA~1\THECOL~1\COLLEG~1.DLL (College Toolbars)
    \{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    \{664A7BBA-92C4-4086-8B63-D029A149629E} - = C:\WINDOWS\system32\gebcayv.dll ()
    \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
    \{7A3B3BC3-9D0F-46B6-97A7-54D097D43ACF} - = C:\WINDOWS\system32\ssqpp.dll ()
    \{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    \{7DA39570-5FD2-4f18-94B4-20730CB3F727} - = C:\WINDOWS\system32\fuiqvcdn.dll ()

    >>> Internet Explorer Bars, Toolbars and Extensions <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    \{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
    \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
    \{8F4902B6-6C04-4ade-8052-AA58578A21BD} - hp toolkit = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
    \{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    \{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \{32683183-48a0-441b-a342-7c2a440a9478} - = ()
    \{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
    \{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
    \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    \\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
    \\{BA52B914-B692-46c4-B683-905236F6F655} - = ()
    \\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    \\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)
    \\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    \ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
    \ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
    \ShellBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)
    \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    \WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
    \WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
    \WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} - AIM Search = C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
    \WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = ()
    \WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    \WebBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
    \\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - 8192 =
    \\NEXTID - 8202
    \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
    \\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8195 =
    \\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8196 =
    \\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8197 =
    \\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8198 =
    \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8199 = Windows Messenger
    \\{3369AF0D-62E9-4bda-8103-B4C75499B578} - 8200 =
    \\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8201 = @xpsp3res.dll,-20001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    \CmdMapping - MenuText: = ()
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
    \{3369AF0D-62E9-4bda-8103-B4C75499B578} - ButtonText: AOL Toolbar =
    \{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services =
    \{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
    \{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =
    \{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
    \{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

    >>> Approved Shell Extensions (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
    \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
    \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
    \\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
    \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
    \\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
    \\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
    \\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
    \\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
    \\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
    \\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
    \\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
    \\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
    \\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    >>> Context Menu Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
    \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

    [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
    \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
    \00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\System32\igfxpph.dll (Intel Corporation)
    \NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

    [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

    >>> Column Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
     
  2. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    >>> Registry Run Keys <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    hpsysdrv - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
    NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
    nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
    CamMonitor - c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
    KBD - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
    StorageGuard - C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
    dla - C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
    Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ()
    IgfxTray - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
    HotKeysCmds - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
    PS2 - C:\WINDOWS\system32\ps2.exe ()
    Ejfb - C:\documents and settings\owner\local settings\temp\Ejfb.exe ()
    2P6WFAX43ZHE7C - C:\WINDOWS\System32\NjpM9X44.exe ()
    tF3P3pR - mcadss.exe ()
    AlcxMonitor - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
    MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (Networks Associates Technology, Inc)
    MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe (Networks Associates Technology, Inc)
    HostManager - C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe (America Online, Inc.)
    rDM - C:\windows\system32\rDM.exe ()
    ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    ISUSScheduler - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    AOLSPScheduler - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe (America Online)
    sscRun - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe (America Online)
    OASClnt - C:\Program Files\mcafee.com\antivirus\oasclnt.exe (McAfee, Inc.)
    EmailScan - C:\Program Files\mcafee.com\antivirus\mcvsescn.exe (McAfee, Inc.)
    MPFExe - C:\Program Files\mcafee.com\personal firewall\MPfTray.exe (McAfee Security)
    NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
    SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
    ASM - C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe (AOL LLC)
    WT GameChannel - C:\Program Files\WildTangent\Apps\GameChannel.exe (WildTangent)
    TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
    iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
    MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe (MyWebSearch.com)
    {4858F78A-09DC-1033-1011-020409020001} - C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe ()
    CTDrive - rundll32.exe C:\WINDOWS\system32\drvzox.dll ()
    DllRunning - rundll32.exe "C:\WINDOWS\system32\skvjhtig.dll ()
    !AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    cosFRfdFl - mdatoenr.exe ()
    Weather - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
    Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    AOL Fast Start - C:\Program Files\America Online 9.0a\AOL.EXE (America Online, Inc.)
    ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    EA Core - C:\Program Files\Electronic Arts\EA Link\Core.exe (Electronic Arts)
    Aim6 - Reg Data missing or invalid ()
    MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe (MyWebSearch.com)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    >>> Startup Links <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
    C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

    >>> MSConfig Disabled Items <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    [All Users Startup Folder Disabled Items]

    [Current User Startup Folder Disabled Items]

    >>> User Agent Post Platform <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    \\SV1 -
    \\FunWebProducts -

    >>> AppInit Dll's <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
    C:\WINDOWS\System32\ipxpromn1053p.dll = ()

    >>> Image File Execution Options <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    \Your Image File Name Here without a path - Debugger = ntsd -d

    >>> Shell Service Object Delay Load <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
    \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

    >>> Shell Execute Hooks <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
    \\{664A7BBA-92C4-4086-8B63-D029A149629E} - = C:\WINDOWS\system32\gebcayv.dll ()
    \\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

    >>> Shared Task Scheduler <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

    >>> Winlogon <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    \\UserInit = C:\WINDOWS\system32\userinit.exe,
    \\Shell = Explorer.exe
    \\System =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    \crypt32chain - crypt32.dll = (Microsoft Corporation)
    \cryptnet - cryptnet.dll = (Microsoft Corporation)
    \cscdll - cscdll.dll = (Microsoft Corporation)
    \gebcayv - gebcayv.dll = ()
    \igfxcui - igfxsrvc.dll = (Intel Corporation)
    \ScCertProp - wlnotify.dll = (Microsoft Corporation)
    \Schedule - wlnotify.dll = (Microsoft Corporation)
    \sclgntfy - sclgntfy.dll = (Microsoft Corporation)
    \SensLogn - WlNotify.dll = (Microsoft Corporation)
    \ssqpp - C:\WINDOWS\system32\ssqpp.dll = ()
    \termsrv - wlnotify.dll = (Microsoft Corporation)
    \WgaLogon - WgaLogon.dll = (Microsoft Corporation)
    \winips32 - winips32.dll = ()
    \wlballoon - wlnotify.dll = (Microsoft Corporation)

    >>> DNS Name Servers <<<
    {070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - ()
    {2F84A874-8445-4F31-B901-FB97629E9204} - (Realtek RTL8139 Family PCI Fast Ethernet NIC)
    {60382598-025F-419D-9D2B-1D0AB7AD2246} - (1394 Net Adapter)

    >>> All Winsock2 Catalogs <<<
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
    \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
    \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
    \000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

    >>> Protocol Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
    \ipp - ()
    \msdaipp - ()

    >>> Protocol Filters (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

    >>> Selected AddOn's <<<

    >>>>Output for AddOn file Policies.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
    policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
    policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
    policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
    policies\system\\dontdisplaylastusername - 0
    policies\system\\legalnoticecaption -
    policies\system\\legalnoticetext -
    policies\system\\shutdownwithoutlogon - 1
    policies\system\\undockwithoutlogon - 1

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
    policies\Explorer\\NoDriveTypeAutoRun - 145
    policies\System\\DisableRegistryTools - 0

    >>>>Output for AddOn file Security.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    Security Center\\AntiVirusDisableNotify - 0
    Security Center\\FirewallDisableNotify - 0
    Security Center\\UpdatesDisableNotify - 0
    Security Center\\AntiVirusOverride - 0
    Security Center\\FirewallOverride - 0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
    BITS\\Type - 32
    BITS\\Start - 3
    BITS\\ErrorControl - 1
    BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
    BITS\\DisplayName - Background Intelligent Transfer Service
    BITS\\DependOnService - Rpcss;
    BITS\\DependOnGroup -
    BITS\\ObjectName - LocalSystem
    BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
    BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
    BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
    BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    BITS\Enum\\0 - Root\LEGACY_BITS\0000
    BITS\Enum\\Count - 1
    BITS\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
    SharedAccess\\Type - 32
    SharedAccess\\Start - 2
    SharedAccess\\ErrorControl - 1
    SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
    SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
    SharedAccess\\DependOnService - Netman;WinMgmt;
    SharedAccess\\DependOnGroup -
    SharedAccess\\ObjectName - LocalSystem
    SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    SharedAccess\Epoch\\Epoch - 262580
    SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe:*:Enabled:AOL Services
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions - 0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications - 0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\P2P Networking\P2P Networking.exe - C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:p2P Networking
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe - C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe - C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0k\waol.exe - C:\Program Files\America Online 9.0k\waol.exe:*:Enabled:America Online 9.0k
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0f\waol.exe - C:\Program Files\America Online 9.0f\waol.exe:*:Enabled:America Online 9.0f
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0m\waol.exe - C:\Program Files\America Online 9.0m\waol.exe:*:Enabled:AOL
     
  3. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe - C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe - C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe - C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WinMX\WinMX.exe - C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe - C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe:*:Disabled:AOLHostManager Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0d\waol.exe - C:\Program Files\America Online 9.0d\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe - C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe:*:Enabled:MusicNet on AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee.com\agent\mcagent.exe - C:\Program Files\McAfee.com\agent\mcagent.exe:*:Disabled:McAfee SecurityCenter Agent
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe - C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe - C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\TEMP\Local Settings\Temp\~os275.tmp\ossproxy.exe - C:\Documents and Settings\TEMP\Local Settings\Temp\~os275.tmp\ossproxy.exe:*:Enabled:eek:ssproxy.exe
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kiwi Alpha\KiwiAlpha.exe - C:\Program Files\Kiwi Alpha\KiwiAlpha.exe:*:Enabled:KiwiAlpha
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\TEMP\Local Settings\Temp\~os4A.tmp\ossproxy.exe - C:\Documents and Settings\TEMP\Local Settings\Temp\~os4A.tmp\ossproxy.exe:*:Enabled:eek:ssproxy.exe
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe - C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\windows\system32\rlvknlg.exe - c:\windows\system32\rlvknlg.exe:*:Enabled:rlvknlg.exe
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe - C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe:*:Enabled:AOL Services
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe:*:Enabled:AIM
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\windows\system32\rk.exe - c:\windows\system32\rk.exe:*:Enabled:rk.exe
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe - C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe:*:Enabled:AOL Services
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe - C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe:*:Enabled:AOL OpenRide
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\TEMP\LOCALS~1\Temp\win1B63.tmp.exe - C:\DOCUME~1\TEMP\LOCALS~1\Temp\win1B63.tmp.exe:*:Enabled:win1B63.tmp
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\winF2.tmp.exe - C:\WINDOWS\TEMP\winF2.tmp.exe:*:Enabled:winF2.tmp
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP - 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    SharedAccess\Setup\\ServiceUpgrade - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{86E02BD3-50CC-48B1-94C1-4CDAFCE1BBC7} - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2F84A874-8445-4F31-B901-FB97629E9204} - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{60382598-025F-419D-9D2B-1D0AB7AD2246} - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - 1
    SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
    SharedAccess\Enum\\Count - 1
    SharedAccess\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
    wuauserv\\Type - 32
    wuauserv\\Start - 2
    wuauserv\\ErrorControl - 1
    wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
    wuauserv\\DisplayName - Automatic Updates
    wuauserv\\ObjectName - LocalSystem
    wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
    wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
    wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
    wuauserv\Enum\\Count - 1
    wuauserv\Enum\\NextInstance - 1

    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
     
  4. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    Logfile of HijackThis v1.99.1
    Scan saved at 1:25:50 PM, on 1/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\aolsoftware.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AOL\Active Security Monitor\ASMPatchManager.exe
    c:\program files\common files\aol\1106867256\ee\aolssc.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: The College Toolbar - {50EC13F9-D1F6-4012-A076-F73088D8241C} - C:\Program Files\The College Toolbar\collegetoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local settings\temp\Ejfb.exe
    O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\NjpM9X44.exe
    O4 - HKLM\..\Run: [tF3P3pR] mcadss.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [rDM] C:\windows\system32\rDM.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [{4858F78A-09DC-1033-1011-020409020001}] "C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe" mc-110-12-0000272
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzox.dll,startup
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\skvjhtig.dll",setvm
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [cosFRfdFl] mdatoenr.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYUS
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\ipxpromn1053p.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,602
    Please download VundoFix.exe to your desktop.

    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
     
  6. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    VundoFix V6.3.2

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.4

    Java version is 1.5.0.6

    Scan started at 2:51:22 PM 1/24/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\cbxvtur.dll
    C:\WINDOWS\system32\fuiqvcdn.dll
    C:\WINDOWS\system32\gebcayv.dll
    C:\WINDOWS\system32\githjvks.ini
    C:\WINDOWS\system32\saxaxbdk.exe
    C:\WINDOWS\system32\skvjhtig.dll
    C:\WINDOWS\system32\ssqpp.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\cbxvtur.dll
    C:\WINDOWS\system32\cbxvtur.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fuiqvcdn.dll
    C:\WINDOWS\system32\fuiqvcdn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebcayv.dll
    C:\WINDOWS\system32\gebcayv.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\githjvks.ini
    C:\WINDOWS\system32\githjvks.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\saxaxbdk.exe
    C:\WINDOWS\system32\saxaxbdk.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\skvjhtig.dll
    C:\WINDOWS\system32\skvjhtig.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqpp.dll
    C:\WINDOWS\system32\ssqpp.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\gebcayv.dll
    C:\WINDOWS\system32\gebcayv.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.2

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.4

    Java version is 1.5.0.6

    Scan started at 4:08:09 PM 1/24/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\fuiqvcdn.dll

    Beginning removal...

    Performing Repairs to the registry.
    Done!
     
  7. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    Logfile of HijackThis v1.99.1
    Scan saved at 6:02:54 PM, on 1/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
    C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
    C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Common Files\AOL\1106867256\ee\aolsoftware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\AOL\Active Security Monitor\ASMPatchManager.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {2ABD2D6E-8A13-4C72-841D-2B04CEC37131} - C:\WINDOWS\system32\ssqpp.dll (file missing)
    O2 - BHO: COLLEGETOOLBAR - {3E15928A-26B2-40b2-A4CA-408720C444BA} - C:\PROGRA~1\THECOL~1\COLLEG~1.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {664A7BBA-92C4-4086-8B63-D029A149629E} - C:\WINDOWS\system32\gebcayv.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\fuiqvcdn.dll (file missing)
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: The College Toolbar - {50EC13F9-D1F6-4012-A076-F73088D8241C} - C:\Program Files\The College Toolbar\collegetoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Ejfb] C:\documents and settings\owner\local settings\temp\Ejfb.exe
    O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\NjpM9X44.exe
    O4 - HKLM\..\Run: [tF3P3pR] mcadss.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [rDM] C:\windows\system32\rDM.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
    O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [{4858F78A-09DC-1033-1011-020409020001}] "C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe" mc-110-12-0000272
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzox.dll,startup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [cosFRfdFl] mdatoenr.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYUS
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
    O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) - http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\ipxpromn1053p.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winips32 - winips32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,602
    Please run Panda again and post the results along with a new log from WinpFind please.
     
  9. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    Potentially unwanted tool:Application/MyWebSearch Not disinfected c:\progra~1\mywebs~1\bar\6.bin\mwsoemon.exe
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoestb.dll
    Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr
    Spyware:spyware/whazit Not disinfected c:\windows\system32\fiz1
    Adware:adware/adlogix Not disinfected c:\windows\system32\retpdat32.xml
    Adware:adware/iedriver Not disinfected c:\windows\system32\sub.dll
    Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
    Adware:adware/statblaster Not disinfected c:\windows\downloaded program files\WildApp.inf
    Adware:adware/comet Not disinfected c:\windows\inf\dm.inf
    Adware:adware/gator Not disinfected c:\windows\GatorHDPlugin.log-old.log
    Dialer:dialer.bny Not disinfected c:\windows\pcconfig.dat
    Adware:adware/ncase Not disinfected c:\temp\FLEOK
    Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
    Adware:adware/quicksearch Not disinfected c:\program files\QuickSearch
    Adware:adware/transponder Not disinfected Windows Registry
    Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
    Adware:adware/dyfuca Not disinfected Windows Registry
    Adware:adware/wupd Not disinfected Windows Registry
    Adware:Adware/Transponder Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf]
    Hacktool:Exploit/ObjectData Not disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MB8C4Y9R\str8_pending[1].html[C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\MB8C4Y9R\str8_pending[1].html]
    Hacktool:Exploit/ObjectData Not disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\TMXN2UVD\str8_pending[1].html
    Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\bi.inf
    Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\ss_cdt_setup.exe[² =.dll]
    Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\ss_cdt_setup.exe[offline.htm]
    Adware:Adware/eZula Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\TopTextiLookup.htm
    Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\Kayla\Local Settings\Temp\UpdatedUpdaterInstall.exe
    Spyware:Spyware/MarketScore Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\ab1.exe
    Adware:Adware/AdLogix Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\adlinstallwin32.exe[SWin32.dll]
    Adware:Adware/AdLogix Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\adlinstallwin32.exe[automove.exe]
    Adware:Adware/AdLogix Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\adlinstallwin32.exe[trans.exe]
    Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\adlinstallwin32.exe[istinstall_adlogix.exe]
    Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[SaveInstCsSm.exe]
    Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[dist1_1_00.exe]
    Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe]
    Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][dp-him.exe]
    Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][IEHost.EXE]
    Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][Searchx.htm]
    Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][terrabyte.exe]
    Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[Overpro323.exe][ms.exe]
    Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[may17_loader.exe]
    Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[bdl14185.exe]
    Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\all_files9.exe[ClrSchP072.exe]
    Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\ss_cdt_setup.exe[² =.dll]
    Adware:Adware/SideSearch Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\ss_cdt_setup.exe[offline.htm]
    Adware:Adware/StatBlaster Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\tracker9.exe
    Adware:Adware/zSearch Not disinfected C:\Documents and Settings\Kayla.BASEMENT\Local Settings\Temp\zsupdater.exe
    Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Owner\Application Data\rawh\ctxad-204.0000[NDrv.dll]
    Adware:Adware/Transponder Not disinfected C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf]
    Virus:Trj/Bhotcher.A Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\all_files7.exe[iMeshInst.exe][WBCM_Installer.exe][BHOW.exe]
    Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ctxad.exe[NDrv.dll]
    Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\ctxad.exe[NDrv.exe]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.atwola.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.go.com/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.drivecleaner.com/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[www.drivecleaner.com/]
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[stats.drivecleaner.com/]
    Spyware:Cookie/Winantivirus Not disinfected
     
  10. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    Incident Status Location
    C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.winantivirus.com/]
    Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.errorsafe.com/]
    Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.bravenet.com/]
    Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\24nghuhq.default\cookies.txt[.systemdoctor.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][3].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][1].txt
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\TEMP\Cookies\[email protected][2].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SDFix.exe[SDFix\apps\Process.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix\Process.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\TEMP\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
    Adware:Adware/Transponder Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf]
    Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[inetsvc.exe]
    Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[inetmgr.exe]
    Spyware:Spyware/CommonName Not disinfected C:\Documents and Settings\TEMP\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\94643832-10A2-4018-8728-EDD372\8AB9B36D-BF85-42E0-AD02-EB6BDC[² =]
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected]la[2].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][1].txt
    Spyware:Cookie/Target Not disinfected C:\Documents and Settings\TEMP\Local Settings\Temp\Cookies\[email protected][2].txt
    Adware:Adware/Transponder Not disinfected C:\Documents and Settings\tre.KAYLA\Local Settings\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050923215629.zip[WINDOWS/inf/Pynix.inf]
    Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
    Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{3858F78A-09DC-1033-1011-020409020001}\UnInstall.exe
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Internet Explorer\msimg32.dll
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar[contents.rdf]
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar[menu.xul]
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar[toolbarembed.html]
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.manifest
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3BROVLY.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected
     
  11. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    C:\Program Files\MyWebSearch\bar\6.bin\F3CJPEG.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3DTACTL.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3HISTSW.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3HTTPCT.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3IMSTUB.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3POPSWT.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3PSSAVR.SCR
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3REPROX.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3RESTUB.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3SCHMON.EXE
    Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3SCRCTR.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3SHLLVW.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\F3WPHOOK.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3FFXTBR.JAR[contents.rdf]
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3FFXTBR.JAR[menu.xul]
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3FFXTBR.JAR[toolbarembed.html]
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3FFXTBR.MANIFEST
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3HTML.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3IDLE.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3MSG.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3OUTLCN.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\M3SKIN.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\MWSOEPLG.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\6.bin\MWSOESTB.DLL
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
    Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\saxaxbdk.exe.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\skvjhtig.dll.bad
    Potentially unwanted tool:Application/Altnet Not disinfected C:\WildMedia.exe[IdmUP.dll]
    Adware:Adware Program Not disinfected C:\WildMedia.exe[Topicks.reg]
    Potentially unwanted tool:Application/Altnet Not disinfected C:\WildMedia.exe[TPReg.dll]
    Adware:Adware Program Not disinfected C:\WildMedia.exe[FileVersions.ini]
    Potentially unwanted tool:Application/Altnet Not disinfected C:\WildMedia.exe[HtCheck2.dll]
    Potentially unwanted tool:Application/Altnet Not disinfected C:\WildMedia.exe[Idhost.exe]
    Adware:Adware/EliteBar Not disinfected C:\WINDOWS\blocklist.reg
    Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
    Hacktool:Exploit/ObjectData Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MB8C4Y9R\str8_pending[1].html[C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MB8C4Y9R\str8_pending[1].html]
    Hacktool:Exploit/ObjectData Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\TMXN2UVD\str8_pending[1].html
    Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\fmhedcys.dll
    Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
    Adware:Adware/InstDollars Not disinfected C:\WINDOWS\system32\second.awp
    Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\vcunqjpt.dll
    Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\vypcsbqk.dll
    Adware:Adware/ILookup Not disinfected C:\WINDOWS\system32\windec33.dll
    Adware:Adware/IEDriver Not disinfected C:\WINDOWS\Temp\setup4.exe
     
  12. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Logfile created on: 1/24/2007 11:06:30 PM
    WinPFind v1.5.0 Folder = C:\Documents and Settings\TEMP\Desktop\WinPFind\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 6.0.2900.2180)

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...

    Checking %System% folder...
    WSUD 9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
    aspack 3/18/2005 4:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
    aspack 5/26/2005 2:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
    aspack 7/22/2005 6:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
    aspack 12/5/2005 5:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
    aspack 2/3/2006 7:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
    aspack 3/31/2006 11:40:58 AM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
    PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
    UPX! 9/13/2004 2:39:54 PM 69632 C:\WINDOWS\SYSTEM32\first.awp ()
    UPX! 1/21/2007 1:26:28 PM 76412 C:\WINDOWS\SYSTEM32\fmhedcys.dll ()
    UPX! 1/5/2007 7:06:26 PM 44060 C:\WINDOWS\SYSTEM32\gaopntlj.dll ()
    UPX! 1/24/2007 3:11:00 PM HS 277104 C:\WINDOWS\SYSTEM32\jkkll.dll ()
    PTech 6/10/2004 12:47:02 AM H 3279394 C:\WINDOWS\SYSTEM32\kyf.dat ()
    UPX! 4/11/2000 8:44:56 PM 85504 C:\WINDOWS\SYSTEM32\lame_enc.dll ()
    PTech 6/19/2006 3:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
    PECompact2 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 1/2/2007 6:19:44 PM 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
    WSUD 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    aspack 3/26/2004 1:06:40 AM 2316336 C:\WINDOWS\SYSTEM32\NY Nights.scr (Axialis Software)
    WSUD 6/12/2004 2:12:30 PM HS 2926 C:\WINDOWS\SYSTEM32\qyrwi.dat ()
    Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
    UPX! 9/13/2004 2:39:56 PM 46080 C:\WINDOWS\SYSTEM32\second.awp ()
    UPX! 4/27/2006 4:49:30 PM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
    UPX! 8/29/2006 6:43:54 PM 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
    UPX! 1/9/2006 9:36:06 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
    UPX! 12/1/2006 5:20:34 AM 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe (SteelWerX)
    UPX! 10/22/2004 4:46:50 AM 33280 C:\WINDOWS\SYSTEM32\tasklist.exe (Microsoft Corporation)
    UPX! 1/23/2007 9:08:54 PM 76412 C:\WINDOWS\SYSTEM32\vcunqjpt.dll ()
    UPX! 1/18/2007 10:55:54 AM 76412 C:\WINDOWS\SYSTEM32\vypcsbqk.dll ()
    winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
    PTech 6/19/2006 3:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)
    UPX! 1/15/2007 5:21:54 PM 44060 C:\WINDOWS\SYSTEM32\ynsyjfuf.dll ()

    Checking %System%\Drivers folder and sub-folders...
    PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    1/24/2007 10:58:14 PM S 2048 C:\WINDOWS\bootstat.dat ()
    1/24/2007 7:34:28 PM H 54156 C:\WINDOWS\QTFont.qfn ()
    1/21/2007 3:24:52 PM RHS 168 C:\WINDOWS\system32\B89AC51B07.sys ()
    1/13/2007 3:26:22 PM HS 867022 C:\WINDOWS\system32\edeeg.bak1 ()
    1/14/2007 1:30:50 PM HS 861617 C:\WINDOWS\system32\edeeg.bak2 ()
    1/8/2007 3:59:04 AM HS 914072 C:\WINDOWS\system32\edeeg.ini ()
    1/8/2007 3:59:36 AM HS 914072 C:\WINDOWS\system32\edeeg.tmp ()
    1/15/2007 1:06:20 PM HS 916403 C:\WINDOWS\system32\edeeg.tmp2 ()
    1/24/2007 3:11:00 PM HS 277104 C:\WINDOWS\system32\jkkll.dll ()
    1/21/2007 5:47:28 PM HS 6320 C:\WINDOWS\system32\KGyGaAvL.sys ()
    1/23/2007 9:10:06 PM HS 989586 C:\WINDOWS\system32\ppqss.bak1 ()
    1/24/2007 3:04:28 PM HS 1044435 C:\WINDOWS\system32\ppqss.ini ()
    12/7/2006 8:30:20 PM S 9057 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
    12/22/2006 11:53:02 AM S 7894 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat ()
    1/24/2007 10:57:58 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
    1/24/2007 10:58:50 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
    1/24/2007 10:58:18 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
    1/24/2007 10:59:00 PM H 90112 C:\WINDOWS\system32\config\software.LOG ()
    1/24/2007 10:58:26 PM H 1138688 C:\WINDOWS\system32\config\system.LOG ()
    1/10/2007 3:22:26 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
    1/7/2007 1:26:00 AM S 1039 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
    1/7/2007 1:26:00 AM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
    1/17/2007 7:04:18 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1d577e61-58b0-4558-bbd6-d93be246bc3d ()
    1/17/2007 7:04:18 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
    1/24/2007 5:55:08 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

    Checking for CPL files...
    8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
    9/20/2004 3:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
    8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
    4/26/2002 6:33:40 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl ()
    8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
    5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
    8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
    6/10/2005 10:43:18 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
    8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
    11/9/2006 3:07:28 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
    8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    7/28/2003 1:19:00 PM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
    8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
    3/3/1999 2:10:02 AM 49152 C:\WINDOWS\SYSTEM32\speech.cpl (Microsoft)
    8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
    8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
    5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
    8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
    5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
    5/15/2002 5:24:56 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl (Intel Corporation)
    6/20/2002 1:58:44 AM 629248 C:\WINDOWS\SYSTEM32\ReinstallBackups\0011\DriverFiles\ALSNDMGR.CPL (Avance Logic, Inc.)
     
  13. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    Checking for Downloaded Program Files...
    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
    {11260943-421B-11D0-8EAC-0000C07D88CF} - iPIX ActiveX Control - CodeBase = http://www.ipix.com/viewers/ipixx.cab
    {166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab
    {17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
    {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - - CodeBase = http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - - CodeBase =
    {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - DownloadManager Control - CodeBase = http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
    {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
    {406B5949-7190-4245-91A9-30A17DE16AD0} - Snapfish Activia - CodeBase = http://www1.snapfish.com/SnapfishActivia.cab
    {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
    {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - - CodeBase = http://ezgreets.aavalue.com/EZG/Toolbar/EZG-toolbar.cab
    {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    {639658F3-B141-4D6B-B936-226F75A5EAC3} - CPlayFirstDinerDash2Control Object - CodeBase = http://aolsvc.aol.com/onlinegames/trydinerdash2/DinerDash2.1.0.0.67.cab
    {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    {B9191F79-5613-4C76-AA2A-398534BB8999} - - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - DwnldGroupMgr Class - CodeBase = http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - Invoke Solutions Participant Control(MR) - CodeBase = http://online.invokesolutions.com/events/bin/media/5.1.2.1427-3.0.0.7207/MILive.cab
    {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - CPlayFirstDinerDashControl Object - CodeBase = http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
    {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - PopCapLoader Object - CodeBase = http://aolsvc.aol.com/onlinegames/pcastropop/popcaploader_v7.cab
    Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    7/23/2002 7:10:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
    1/20/2007 1:39:46 AM 1132112 C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe ()
    12/16/2006 5:22:22 PM 1353 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

    Checking files in %USERPROFILE%\Startup folder...
    7/24/2002 2:18:36 AM HS 84 C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

    Checking files in %USERPROFILE%\Application Data folder...
    10/20/2004 5:59:30 PM 12358 C:\Documents and Settings\TEMP\Application Data\PFP100JCM.{PB ()
    10/20/2004 5:59:30 PM 61678 C:\Documents and Settings\TEMP\Application Data\PFP100JPR.{PB ()

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    >>> Internet Explorer Settings <<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.yahoo.com/
    \\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    \\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    \\Default_Page_URL - http://www.yahoo.com/
    \\Default_Search_URL - http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    \\Local Page - %SystemRoot%\system32\blank.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.yahoo.com/
    \\Search Bar - http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    \\Search Page - http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    \\Local Page - C:\WINDOWS\system32\blank.htm

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    \\CustomizeSearch -
    \\SearchAssistant -


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    \\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - AOLTBSearch Class = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    \\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    \\{00A6FAF6-072E-44cf-8957-5838F569A31D} - = C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL (MyWebSearch.com)
    \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - = ()

    >>> BHO's <<<
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    \SOFTWARE - = ()
    \{00A6FAF1-072E-44cf-8957-5838F569A31D} - MyWebSearch Search Assistant BHO = C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL (MyWebSearch.com)
    \{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    \{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
    \{07B18EA1-A523-4961-B6BB-170DE4475CCA} - mwsBar BHO = C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL (MyWebSearch.com)
    \{2ABD2D6E-8A13-4C72-841D-2B04CEC37131} - = C:\WINDOWS\system32\ssqpp.dll ()
    \{3E15928A-26B2-40b2-A4CA-408720C444BA} - COLLEGETOOLBAR = C:\PROGRA~1\THECOL~1\COLLEG~1.DLL (College Toolbars)
    \{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    \{664A7BBA-92C4-4086-8B63-D029A149629E} - = C:\WINDOWS\system32\gebcayv.dll ()
    \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
    \{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - AOL Toolbar Launcher = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    \{7DA39570-5FD2-4f18-94B4-20730CB3F727} - = C:\WINDOWS\system32\fuiqvcdn.dll ()

    >>> Internet Explorer Bars, Toolbars and Extensions <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    \{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
    \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
    \{8F4902B6-6C04-4ade-8052-AA58578A21BD} - hp toolkit = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
    \{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    \{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \{32683183-48a0-441b-a342-7c2a440a9478} - = ()
    \{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
    \{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
    \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    \\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
    \\{BA52B914-B692-46c4-B683-905236F6F655} - = ()
    \\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    \\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)
    \\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    \ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
    \ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
    \ShellBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)
    \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    \WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit = C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
    \WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
    \WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} - AIM Search = C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
    \WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = ()
    \WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar = C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
    \WebBrowser\\{50EC13F9-D1F6-4012-A076-F73088D8241C} - The College Toolbar = C:\Program Files\The College Toolbar\collegetoolbar.dll (College Toolbars)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
    \\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - 8192 =
    \\NEXTID - 8202
    \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
    \\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8195 =
    \\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8196 =
    \\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8197 =
    \\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8198 =
    \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8199 = Windows Messenger
    \\{3369AF0D-62E9-4bda-8103-B4C75499B578} - 8200 =
    \\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8201 = @xpsp3res.dll,-20001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    \CmdMapping - MenuText: = ()
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
    \{3369AF0D-62E9-4bda-8103-B4C75499B578} - ButtonText: AOL Toolbar =
    \{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services =
    \{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.)
    \{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =
    \{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
    \{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

    >>> Approved Shell Extensions (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = ()
    \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
    \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
    \\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
    \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
    \\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
    \\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
    \\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.)
    \\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
    \\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
    \\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
    \\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
    \\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
    \\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    >>> Context Menu Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
    \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

    [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
    \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
    \00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\System32\igfxpph.dll (Intel Corporation)
    \NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

    [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

    >>> Column Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

    >>> Registry Run Keys <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    hpsysdrv - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
    NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
    nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
    CamMonitor - c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe ()
    KBD - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
    StorageGuard - C:\Program Files\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.)
    dla - C:\WINDOWS\system32\dla\tfswctrl.exe (VERITAS Software, Inc.)
    Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ()
    IgfxTray - C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
    HotKeysCmds - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
    PS2 - C:\WINDOWS\system32\ps2.exe ()
    Ejfb - C:\documents and settings\owner\local settings\temp\Ejfb.exe ()
    2P6WFAX43ZHE7C - C:\WINDOWS\System32\NjpM9X44.exe ()
    tF3P3pR - mcadss.exe ()
    AlcxMonitor - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
    MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (Networks Associates Technology, Inc)
    MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe (Networks Associates Technology, Inc)
    HostManager - C:\Program Files\Common Files\AOL\1106867256\ee\AOLSoftware.exe (America Online, Inc.)
    rDM - C:\windows\system32\rDM.exe ()
    ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    ISUSScheduler - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    AOLSPScheduler - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe (America Online)
    sscRun - C:\Program Files\Common Files\AOL\1106867256\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe (America Online)
    OASClnt - C:\Program Files\mcafee.com\antivirus\oasclnt.exe (McAfee, Inc.)
    EmailScan - C:\Program Files\mcafee.com\antivirus\mcvsescn.exe (McAfee, Inc.)
    MPFExe - C:\Program Files\mcafee.com\personal firewall\MPfTray.exe (McAfee Security)
    NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
    SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
    ASM - C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe (AOL LLC)
    WT GameChannel - C:\Program Files\WildTangent\Apps\GameChannel.exe (WildTangent)
    TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
    iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
    MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe (MyWebSearch.com)
    {4858F78A-09DC-1033-1011-020409020001} - C:\Program Files\Common Files\{4858F78A-09DC-1033-1011-020409020001}\Update.exe ()
    CTDrive - rundll32.exe C:\WINDOWS\system32\drvzox.dll ()
    !AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
     
  14. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    cosFRfdFl - mdatoenr.exe ()
    Weather - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
    Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    AOL Fast Start - C:\Program Files\America Online 9.0a\AOL.EXE (America Online, Inc.)
    ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    EA Core - C:\Program Files\Electronic Arts\EA Link\Core.exe (Electronic Arts)
    Aim6 - Reg Data missing or invalid ()
    MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwsoemon.exe (MyWebSearch.com)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    >>> Startup Links <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
    C:\Documents and Settings\TEMP\Start Menu\Programs\Startup\desktop.ini ()

    >>> MSConfig Disabled Items <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    [All Users Startup Folder Disabled Items]

    [Current User Startup Folder Disabled Items]

    >>> User Agent Post Platform <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    \\SV1 -
    \\FunWebProducts -

    >>> AppInit Dll's <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
    C:\WINDOWS\System32\ipxpromn1053p.dll = ()

    >>> Image File Execution Options <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    \Your Image File Name Here without a path - Debugger = ntsd -d

    >>> Shell Service Object Delay Load <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
    \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

    >>> Shell Execute Hooks <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
    \\{664A7BBA-92C4-4086-8B63-D029A149629E} - = C:\WINDOWS\system32\gebcayv.dll ()
    \\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

    >>> Shared Task Scheduler <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

    >>> Winlogon <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    \\UserInit = C:\WINDOWS\system32\userinit.exe,
    \\Shell = Explorer.exe
    \\System =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    \crypt32chain - crypt32.dll = (Microsoft Corporation)
    \cryptnet - cryptnet.dll = (Microsoft Corporation)
    \cscdll - cscdll.dll = (Microsoft Corporation)
    \igfxcui - igfxsrvc.dll = (Intel Corporation)
    \ScCertProp - wlnotify.dll = (Microsoft Corporation)
    \Schedule - wlnotify.dll = (Microsoft Corporation)
    \sclgntfy - sclgntfy.dll = (Microsoft Corporation)
    \SensLogn - WlNotify.dll = (Microsoft Corporation)
    \termsrv - wlnotify.dll = (Microsoft Corporation)
    \WgaLogon - WgaLogon.dll = (Microsoft Corporation)
    \winips32 - winips32.dll = ()
    \wlballoon - wlnotify.dll = (Microsoft Corporation)

    >>> DNS Name Servers <<<
    {070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - ()
    {2F84A874-8445-4F31-B901-FB97629E9204} - (Realtek RTL8139 Family PCI Fast Ethernet NIC)
    {60382598-025F-419D-9D2B-1D0AB7AD2246} - (1394 Net Adapter)

    >>> All Winsock2 Catalogs <<<
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
    \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
    \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
    \000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

    >>> Protocol Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
    \ipp - ()
    \msdaipp - ()

    >>> Protocol Filters (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

    >>> Selected AddOn's <<<

    >>>>Output for AddOn file Policies.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
    policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
    policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
    policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
    policies\system\\dontdisplaylastusername - 0
    policies\system\\legalnoticecaption -
    policies\system\\legalnoticetext -
    policies\system\\shutdownwithoutlogon - 1
    policies\system\\undockwithoutlogon - 1

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
    policies\Explorer\\NoDriveTypeAutoRun - 145
    policies\System\\DisableRegistryTools - 0

    >>>>Output for AddOn file Security.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    Security Center\\AntiVirusDisableNotify - 0
    Security Center\\FirewallDisableNotify - 0
    Security Center\\UpdatesDisableNotify - 0
    Security Center\\AntiVirusOverride - 0
    Security Center\\FirewallOverride - 0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
    BITS\\Type - 32
    BITS\\Start - 3
    BITS\\ErrorControl - 1
    BITS\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
    BITS\\DisplayName - Background Intelligent Transfer Service
    BITS\\DependOnService - Rpcss;
    BITS\\DependOnGroup -
    BITS\\ObjectName - LocalSystem
    BITS\\Description - Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
    BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
    BITS\Parameters\\ServiceDll - C:\WINDOWS\System32\qmgr.dll
    BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    BITS\Enum\\0 - Root\LEGACY_BITS\0000
    BITS\Enum\\Count - 1
    BITS\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
    SharedAccess\\Type - 32
    SharedAccess\\Start - 2
    SharedAccess\\ErrorControl - 1
    SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
    SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
    SharedAccess\\DependOnService - Netman;WinMgmt;
    SharedAccess\\DependOnGroup -
    SharedAccess\\ObjectName - LocalSystem
    SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    SharedAccess\Epoch\\Epoch - 262752
    SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLServiceHost.exe:*:Enabled:AOL Services
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall - 0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions - 0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications - 0
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\P2P Networking\P2P Networking.exe - C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:p2P Networking
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe - C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe - C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0k\waol.exe - C:\Program Files\America Online 9.0k\waol.exe:*:Enabled:America Online 9.0k
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0f\waol.exe - C:\Program Files\America Online 9.0f\waol.exe:*:Enabled:America Online 9.0f
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0m\waol.exe - C:\Program Files\America Online 9.0m\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe - C:\Program Files\Common Files\AOL\1106303724\EE\AOLServiceHost.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe - C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe - C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe - C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0a\waol.exe - C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WinMX\WinMX.exe - C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0b\waol.exe - C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe - C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLHostManager.exe:*:Disabled:AOLHostManager Service
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0c\waol.exe - C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0d\waol.exe - C:\Program Files\America Online 9.0d\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe - C:\Program Files\MusicNetOnAOL\client\bin\AOLMN.exe:*:Enabled:MusicNet on AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee.com\agent\mcagent.exe - C:\Program Files\McAfee.com\agent\mcagent.exe:*:Disabled:McAfee SecurityCenter Agent
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0e\waol.exe - C:\Program Files\America Online 9.0e\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe - C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe - C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\TEMP\Local Settings\Temp\~os275.tmp\ossproxy.exe - C:\Documents and Settings\TEMP\Local Settings\Temp\~os275.tmp\ossproxy.exe:*:Enabled:eek:ssproxy.exe
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kiwi Alpha\KiwiAlpha.exe - C:\Program Files\Kiwi Alpha\KiwiAlpha.exe:*:Enabled:KiwiAlpha
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\TEMP\Local Settings\Temp\~os4A.tmp\ossproxy.exe - C:\Documents and Settings\TEMP\Local Settings\Temp\~os4A.tmp\ossproxy.exe:*:Enabled:eek:ssproxy.exe
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe - C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe - C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\windows\system32\rlvknlg.exe - c:\windows\system32\rlvknlg.exe:*:Enabled:rlvknlg.exe
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe - C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aolsoftware.exe:*:Enabled:AOL Services
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe - C:\Program Files\Common Files\AOL\1106867256\EE\aim6.exe:*:Enabled:AIM
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\windows\system32\rk.exe - c:\windows\system32\rk.exe:*:Enabled:rk.exe
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe - C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe - C:\Program Files\Common Files\AOL\1106867256\ee\aolservicehost.exe:*:Enabled:AOL Services
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe - C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe - C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe - %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe - C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe - C:\Program Files\Common Files\AOL\1106867256\EE\AOLOpenRide.exe:*:Enabled:AOL OpenRide
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\TEMP\LOCALS~1\Temp\win1B63.tmp.exe - C:\DOCUME~1\TEMP\LOCALS~1\Temp\win1B63.tmp.exe:*:Enabled:win1B63.tmp
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\winF2.tmp.exe - C:\WINDOWS\TEMP\winF2.tmp.exe:*:Enabled:winF2.tmp
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP - 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP - 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP - 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP - 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP - 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP - 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP - 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    SharedAccess\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    SharedAccess\Setup\\ServiceUpgrade - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{86E02BD3-50CC-48B1-94C1-4CDAFCE1BBC7} - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{2F84A874-8445-4F31-B901-FB97629E9204} - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{60382598-025F-419D-9D2B-1D0AB7AD2246} - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{070E907D-9EC7-419C-BCDB-6BB1F0656C4B} - 1
    SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
    SharedAccess\Enum\\Count - 1
    SharedAccess\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
    wuauserv\\Type - 32
    wuauserv\\Start - 2
    wuauserv\\ErrorControl - 1
    wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
    wuauserv\\DisplayName - Automatic Updates
    wuauserv\\ObjectName - LocalSystem
    wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
    wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
    wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
    wuauserv\Enum\\Count - 1
    wuauserv\Enum\\NextInstance - 1


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
     
  15. USMCBUCK10

    USMCBUCK10 Thread Starter

    Joined:
    Jan 21, 2007
    Messages:
    97
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/537170

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice