1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows Cannot Start Windows Firewall

Discussion in 'Virus & Other Malware Removal' started by desktop1, Sep 10, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. desktop1

    desktop1 Thread Starter

    Joined:
    Sep 10, 2006
    Messages:
    69
    Logfile of HijackThis v1.99.1
    Scan saved at 5:58:12 PM, on 10/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Denys Lagacy\Desktop\HijackThis.exe

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: Adobe Acrobat Control for ActiveX - {CA8A9780-280D-11CF-A24D-444553540000} - C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: desktop(2)(2)(2)(2).ini
    O4 - Startup: desktop(2)(2)(2).ini
    O4 - Startup: desktop(2)(2)(3).ini
    O4 - Startup: desktop(2)(2).ini
    O4 - Startup: desktop(2)(3)(2).ini
    O4 - Startup: desktop(2)(3).ini
    O4 - Startup: desktop(2)(4).ini
    O4 - Startup: desktop(2).ini
    O4 - Startup: desktop(3)(2)(2).ini
    O4 - Startup: desktop(3)(2).ini
    O4 - Startup: desktop(3)(3).ini
    O4 - Startup: desktop(3).ini
    O4 - Startup: desktop(4)(2).ini
    O4 - Startup: desktop(4).ini
    O4 - Startup: desktop(5).ini
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: desktop(2)(2)(2)(2).ini
    O4 - Global Startup: desktop(2)(2)(2).ini
    O4 - Global Startup: desktop(2)(2)(3).ini
    O4 - Global Startup: desktop(2)(2).ini
    O4 - Global Startup: desktop(2)(3)(2).ini
    O4 - Global Startup: desktop(2)(3).ini
    O4 - Global Startup: desktop(2)(4).ini
    O4 - Global Startup: desktop(2).ini
    O4 - Global Startup: desktop(3)(2)(2).ini
    O4 - Global Startup: desktop(3)(2).ini
    O4 - Global Startup: desktop(3)(3).ini
    O4 - Global Startup: desktop(3).ini
    O4 - Global Startup: desktop(4)(2).ini
    O4 - Global Startup: desktop(4).ini
    O4 - Global Startup: desktop(5).ini
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
     
  2. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Hi and welcome. Just posting this to bump you back to the top. Looks like you have a bit of a mess there.
     
  3. desktop1

    desktop1 Thread Starter

    Joined:
    Sep 10, 2006
    Messages:
    69
    Yes quite the mess, i feel like your cat i'd shoot my computer
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,847
    Hi and welcome to TSG,

    Go to the following link and download the sharedaccess.reg file and save it to your desktop:

    http://windowsxp.mvps.org/reg/sharedaccess.reg

    Then double-click the file to merge the contents to the registry. The Services entry will be created. Restart Windows

    After restarting Windows, click Start – Run and type in cmd.exe. At the command prompt type the following, being careful to include the spaces:

    NETSH FIREWALL RESET

    Launch the firewall applet from Control Panel, and then configure your Windows Firewall settings.


    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires it becomes freeware with reduced functions but still worth keeping.



    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the Ewido and Panda scans.
     
  5. desktop1

    desktop1 Thread Starter

    Joined:
    Sep 10, 2006
    Messages:
    69
    Hi and thanks for your help
    followed your instruction to get firewall going, to no avail, firewall still not working.

    here are logs for hjt, ewido and panda
    thanks again

    Logfile of HijackThis v1.99.1
    Scan saved at 4:15:28 PM, on 12/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Denys Lagacy\Desktop\HijackThis.exe

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: Adobe Acrobat Control for ActiveX - {CA8A9780-280D-11CF-A24D-444553540000} - C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: desktop(2)(2)(2)(2).ini
    O4 - Startup: desktop(2)(2)(2).ini
    O4 - Startup: desktop(2)(2)(3).ini
    O4 - Startup: desktop(2)(2).ini
    O4 - Startup: desktop(2)(3)(2).ini
    O4 - Startup: desktop(2)(3).ini
    O4 - Startup: desktop(2)(4).ini
    O4 - Startup: desktop(2).ini
    O4 - Startup: desktop(3)(2)(2).ini
    O4 - Startup: desktop(3)(2).ini
    O4 - Startup: desktop(3)(3).ini
    O4 - Startup: desktop(3).ini
    O4 - Startup: desktop(4)(2).ini
    O4 - Startup: desktop(4).ini
    O4 - Startup: desktop(5).ini
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: desktop(2)(2)(2)(2).ini
    O4 - Global Startup: desktop(2)(2)(2).ini
    O4 - Global Startup: desktop(2)(2)(3).ini
    O4 - Global Startup: desktop(2)(2).ini
    O4 - Global Startup: desktop(2)(3)(2).ini
    O4 - Global Startup: desktop(2)(3).ini
    O4 - Global Startup: desktop(2)(4).ini
    O4 - Global Startup: desktop(2).ini
    O4 - Global Startup: desktop(3)(2)(2).ini
    O4 - Global Startup: desktop(3)(2).ini
    O4 - Global Startup: desktop(3)(3).ini
    O4 - Global Startup: desktop(3).ini
    O4 - Global Startup: desktop(4)(2).ini
    O4 - Global Startup: desktop(4).ini
    O4 - Global Startup: desktop(5).ini
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 5:44:12 PM 12/09/2006

    + Scan result:



    HKU\S-1-5-21-3293767613-4255347582-1620114591-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-19\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    C:\Documents and Settings\Denys Lagacy\Cookies\denys [email protected][2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).


    ::Report end


    Incident Status Location

    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Denys Lagacy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-47723671-3342cbcc.zip[NewSecurityClassLoader.class]
    Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Denys Lagacy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-5c362d1c-5f2423b0.zip[Dummy.class]
    Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Denys Lagacy\Cookies\denys [email protected][2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Denys Lagacy\Cookies\denys [email protected][1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Denys Lagacy\Desktop\New Folder\SmitfraudFix.zip[SmitfraudFix/Process.exe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Denys Lagacy\Desktop\smithfraud\SmitfraudFix\Process.exe
    Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Denys Lagacy\Local Settings\Temporary Internet Files\Content.IE5\G1ETC3IN\get[1].htm
    Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Denys Lagacy\Local Settings\Temporary Internet Files\Content.IE5\KEKT0N29\sm-c1029a[1].exe[run.exe]
    Adware:Adware/PCodec Not disinfected C:\RECYCLER\S-1-5-21-3293767613-4255347582-1620114591-1004\Dc69.exe
    Adware:Adware/PCodec Not disinfected C:\RECYCLER\S-1-5-21-3293767613-4255347582-1620114591-1004\Dc70.exe[run.exe]
    Adware:Adware/PCodec Not disinfected C:\RECYCLER\S-1-5-21-3293767613-4255347582-1620114591-1004\Dc75\isauninst.exe
    Adware:Adware/PCodec Not disinfected C:\RECYCLER\S-1-5-21-3293767613-4255347582-1620114591-1004\Dc75\uninst.exe
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,847
    Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Don’t do anything with it yet!


    Click here for info on how to boot to safe mode if you don't already know how.


    Reboot into Safe Mode.


    Double click WinPFind.exe
    • Click “Configure scan options”
    • Under “Run AdOns” select the following:
      • Policies.def
      • Security.def
    • Click “apply”
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.

    Reboot back to Normal Mode!

    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Copy and paste the contents of WinPFind.txt in your next reply please.
     
  7. desktop1

    desktop1 Thread Starter

    Joined:
    Sep 10, 2006
    Messages:
    69
    here is that log file form winpfind

    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Logfile created on: 12/09/2006 10:34:58 PM
    WinPFind v1.5.0 Folder = C:\Documents and Settings\Denys Lagacy\Desktop\winp\WinPFind\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 6.0.2900.2180)

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...
    PTech 27/05/2005 10:17:22 PM 2383 C:\WINDOWS\Contour.INI ()

    Checking %System% folder...
    aspack 18/03/2005 6:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
    aspack 26/05/2005 4:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
    aspack 22/07/2005 8:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
    PEC2 04/08/2004 9:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(2).dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(2).dll (DivXNetworks, Inc.)
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(3).dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(3).dll (DivXNetworks, Inc.)
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(4).dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(4).dll (DivXNetworks, Inc.)
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(5).dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(5).dll (DivXNetworks, Inc.)
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks, Inc.)
    PTech 19/06/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl(2).dll (Microsoft Corporation)
    PTech 19/06/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
    PECompact2 09/08/2006 4:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT(2).exe (Microsoft Corporation)
    aspack 09/08/2006 4:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT(2).exe (Microsoft Corporation)
    PECompact2 09/08/2006 4:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 09/08/2006 4:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    WSUD 04/08/2004 9:00:00 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup(2).exe (Microsoft Corporation)
    WSUD 04/08/2004 9:00:00 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll(2).dll (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll(3).dll (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll(4).dll (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll(5).dll (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
    WSUD 04/08/2004 9:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    Umonitor 04/08/2004 9:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg(2).dll (Microsoft Corporation)
    Umonitor 04/08/2004 9:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg(3).dll (Microsoft Corporation)
    Umonitor 04/08/2004 9:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
    winsync 04/08/2004 9:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
    PTech 19/06/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray(2).exe (Microsoft Corporation)
    PTech 19/06/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray(3).exe (Microsoft Corporation)
    PTech 19/06/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

    Checking %System%\Drivers folder and sub-folders...

    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    12/09/2006 10:29:54 PM S 2048 C:\WINDOWS\bootstat.dat ()
    31/08/2006 5:18:42 PM H 54156 C:\WINDOWS\QTFont.qfn ()
    19/08/2006 4:09:42 PM H 33785 C:\WINDOWS\system32\Wnccdctl.dll (Elaborate Bytes)
    28/07/2006 9:16:08 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat ()
    27/07/2006 11:00:28 AM S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat ()
    21/07/2006 6:03:14 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat ()
    12/09/2006 10:29:44 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
    12/09/2006 10:30:04 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
    12/09/2006 10:29:56 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
    12/09/2006 10:30:36 PM H 65536 C:\WINDOWS\system32\config\software.LOG ()
    12/09/2006 10:29:56 PM H 5132288 C:\WINDOWS\system32\config\system.LOG ()
    16/08/2006 7:50:20 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
    30/08/2006 6:14:38 PM S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
    30/08/2006 6:14:40 PM S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
    30/08/2006 6:14:38 PM S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
    30/08/2006 6:14:38 PM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
    30/08/2006 6:14:40 PM S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
    30/08/2006 6:14:38 PM S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
    17/07/2006 10:55:14 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b88fb8e5-55e3-446a-9048-ee20e4d3f319 ()
    17/07/2006 10:55:14 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
    12/09/2006 10:28:40 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

    Checking for CPL files...
    25/05/2004 12:06:58 PM 417792 C:\WINDOWS\SYSTEM32\ac3filter.cpl ()
    04/08/2004 9:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
    13/08/2004 1:49:42 AM 278528 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
    04/08/2004 9:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
    19/11/1999 2:59:10 PM 26624 C:\WINDOWS\SYSTEM32\camcpl.cpl (FotoNation inc.)
    06/10/2001 2:20:34 PM 316416 C:\WINDOWS\SYSTEM32\csacpl.cpl (Conexant Systems)
    04/08/2004 9:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
    10/11/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
    04/08/2004 9:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    29/10/2004 9:50:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
    04/08/2004 9:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
    17/05/2002 6:04:56 PM 45154 C:\WINDOWS\SYSTEM32\plugincpl131_04.cpl (Sun Microsystems)
    04/08/2004 9:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
    26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
    26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
    06/10/2001 2:20:34 PM 316416 C:\WINDOWS\SYSTEM32\ReinstallBackups\0015\DriverFiles\csacpl.cpl (Conexant Systems)

    Checking for Downloaded Program Files...
    {00B71CFB-6864-4346-A978-C0A14556272C} - Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
    {14B87622-7E19-4EA8-93B3-97215F77A6BC} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    {166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    {B8BE5E93-A60C-4D26-A2DC-220313175592} - ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} - Java Plug-in 1.3.1_04 - CodeBase = http://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab
    {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - Java Plug-in 1.5.0_01 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
    {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    04/02/2005 8:21:16 AM 920 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(3)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(4).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(4)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(4).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(5).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
    07/02/2005 11:13:00 PM 1735 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    30/08/2004 11:00:04 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
    03/04/2005 7:47:56 PM 12 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt ()
    19/08/2006 3:45:56 PM 12 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt ()
    31/08/2006 5:19:02 PM 2938 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

    Checking files in %USERPROFILE%\Startup folder...
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(3)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(4).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(4)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(4).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(5).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop.ini ()

    Checking files in %USERPROFILE%\Application Data folder...
    30/08/2004 11:00:04 AM HS 62 C:\Documents and Settings\Denys Lagacy\Application Data\desktop(2).ini ()
    30/08/2004 11:00:04 AM HS 62 C:\Documents and Settings\Denys Lagacy\Application Data\desktop(3).ini ()
    30/08/2004 11:00:04 AM HS 62 C:\Documents and Settings\Denys Lagacy\Application Data\desktop.ini ()

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    >>> Internet Explorer Settings <<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Local Page - C:\windows\system32\blank.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.google.com/
    \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Local Page - C:\windows\system32\blank.htm

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    >>> BHO's <<<
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    \{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (PC Tools)
    \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    \{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    \{B56A7D7D-6927-48C8-A975-17DF180C71AC} - PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (PC Tools)
    \{CA8A9780-280D-11CF-A24D-444553540000} - Adobe Acrobat Control for ActiveX = C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx (Adobe Systems Incorporated)

    >>> Internet Explorer Bars, Toolbars and Extensions <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    \{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
    \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
     
  8. desktop1

    desktop1 Thread Starter

    Joined:
    Sep 10, 2006
    Messages:
    69
    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Logfile created on: 12/09/2006 10:34:58 PM
    WinPFind v1.5.0 Folder = C:\Documents and Settings\Denys Lagacy\Desktop\winp\WinPFind\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 6.0.2900.2180)

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...
    PTech 27/05/2005 10:17:22 PM 2383 C:\WINDOWS\Contour.INI ()

    Checking %System% folder...
    aspack 18/03/2005 6:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
    aspack 26/05/2005 4:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
    aspack 22/07/2005 8:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
    PEC2 04/08/2004 9:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(2).dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(2).dll (DivXNetworks, Inc.)
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(3).dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(3).dll (DivXNetworks, Inc.)
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(4).dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(4).dll (DivXNetworks, Inc.)
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(5).dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(5).dll (DivXNetworks, Inc.)
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks, Inc.)
    PTech 19/06/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl(2).dll (Microsoft Corporation)
    PTech 19/06/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
    PECompact2 09/08/2006 4:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT(2).exe (Microsoft Corporation)
    aspack 09/08/2006 4:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT(2).exe (Microsoft Corporation)
    PECompact2 09/08/2006 4:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 09/08/2006 4:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    WSUD 04/08/2004 9:00:00 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup(2).exe (Microsoft Corporation)
    WSUD 04/08/2004 9:00:00 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll(2).dll (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll(3).dll (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll(4).dll (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll(5).dll (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
    WSUD 04/08/2004 9:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    Umonitor 04/08/2004 9:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg(2).dll (Microsoft Corporation)
    Umonitor 04/08/2004 9:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg(3).dll (Microsoft Corporation)
    Umonitor 04/08/2004 9:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
    winsync 04/08/2004 9:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
    PTech 19/06/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray(2).exe (Microsoft Corporation)
    PTech 19/06/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray(3).exe (Microsoft Corporation)
    PTech 19/06/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

    Checking %System%\Drivers folder and sub-folders...

    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    12/09/2006 10:29:54 PM S 2048 C:\WINDOWS\bootstat.dat ()
    31/08/2006 5:18:42 PM H 54156 C:\WINDOWS\QTFont.qfn ()
    19/08/2006 4:09:42 PM H 33785 C:\WINDOWS\system32\Wnccdctl.dll (Elaborate Bytes)
    28/07/2006 9:16:08 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat ()
    27/07/2006 11:00:28 AM S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat ()
    21/07/2006 6:03:14 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat ()
    12/09/2006 10:29:44 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
    12/09/2006 10:30:04 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
    12/09/2006 10:29:56 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
    12/09/2006 10:30:36 PM H 65536 C:\WINDOWS\system32\config\software.LOG ()
    12/09/2006 10:29:56 PM H 5132288 C:\WINDOWS\system32\config\system.LOG ()
    16/08/2006 7:50:20 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
    30/08/2006 6:14:38 PM S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
    30/08/2006 6:14:40 PM S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
    30/08/2006 6:14:38 PM S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
    30/08/2006 6:14:38 PM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
    30/08/2006 6:14:40 PM S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
    30/08/2006 6:14:38 PM S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
    17/07/2006 10:55:14 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b88fb8e5-55e3-446a-9048-ee20e4d3f319 ()
    17/07/2006 10:55:14 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
    12/09/2006 10:28:40 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

    Checking for CPL files...
    25/05/2004 12:06:58 PM 417792 C:\WINDOWS\SYSTEM32\ac3filter.cpl ()
    04/08/2004 9:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
    13/08/2004 1:49:42 AM 278528 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
    04/08/2004 9:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
    19/11/1999 2:59:10 PM 26624 C:\WINDOWS\SYSTEM32\camcpl.cpl (FotoNation inc.)
    06/10/2001 2:20:34 PM 316416 C:\WINDOWS\SYSTEM32\csacpl.cpl (Conexant Systems)
    04/08/2004 9:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
    10/11/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
    04/08/2004 9:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    29/10/2004 9:50:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
    04/08/2004 9:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
    17/05/2002 6:04:56 PM 45154 C:\WINDOWS\SYSTEM32\plugincpl131_04.cpl (Sun Microsystems)
    04/08/2004 9:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
    26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
    26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
    06/10/2001 2:20:34 PM 316416 C:\WINDOWS\SYSTEM32\ReinstallBackups\0015\DriverFiles\csacpl.cpl (Conexant Systems)

    Checking for Downloaded Program Files...
    {00B71CFB-6864-4346-A978-C0A14556272C} - Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
    {14B87622-7E19-4EA8-93B3-97215F77A6BC} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    {166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    {B8BE5E93-A60C-4D26-A2DC-220313175592} - ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} - Java Plug-in 1.3.1_04 - CodeBase = http://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab
    {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - Java Plug-in 1.5.0_01 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
    {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    04/02/2005 8:21:16 AM 920 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(3)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(4).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(4)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(4).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(5).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
    07/02/2005 11:13:00 PM 1735 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    30/08/2004 11:00:04 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
    03/04/2005 7:47:56 PM 12 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt ()
    19/08/2006 3:45:56 PM 12 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt ()
    31/08/2006 5:19:02 PM 2938 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

    Checking files in %USERPROFILE%\Startup folder...
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(3)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(4).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(4)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(4).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(5).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop.ini ()

    Checking files in %USERPROFILE%\Application Data folder...
    30/08/2004 11:00:04 AM HS 62 C:\Documents and Settings\Denys Lagacy\Application Data\desktop(2).ini ()
    30/08/2004 11:00:04 AM HS 62 C:\Documents and Settings\Denys Lagacy\Application Data\desktop(3).ini ()
    30/08/2004 11:00:04 AM HS 62 C:\Documents and Settings\Denys Lagacy\Application Data\desktop.ini ()

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    >>> Internet Explorer Settings <<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Local Page - C:\windows\system32\blank.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.google.com/
    \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Local Page - C:\windows\system32\blank.htm

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    >>> BHO's <<<
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    \{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (PC Tools)
    \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    \{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    \{B56A7D7D-6927-48C8-A975-17DF180C71AC} - PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (PC Tools)
    \{CA8A9780-280D-11CF-A24D-444553540000} - Adobe Acrobat Control for ActiveX = C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx (Adobe Systems Incorporated)

    >>> Internet Explorer Bars, Toolbars and Extensions <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    \{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
    \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    \ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \WebBrowser\\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} - = ()
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,847
    That's not the entire log. Please copy and paste the entire report.
     
  10. desktop1

    desktop1 Thread Starter

    Joined:
    Sep 10, 2006
    Messages:
    69
    sorry i'll have to break it up cause it's telling me that my post is to long

    2nd part of log

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    >>> Internet Explorer Settings <<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Local Page - C:\windows\system32\blank.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.google.com/
    \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Local Page - C:\windows\system32\blank.htm

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    >>> BHO's <<<
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    \{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (PC Tools)
    \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    \{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    \{B56A7D7D-6927-48C8-A975-17DF180C71AC} - PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (PC Tools)
    \{CA8A9780-280D-11CF-A24D-444553540000} - Adobe Acrobat Control for ActiveX = C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx (Adobe Systems Incorporated)

    >>> Internet Explorer Bars, Toolbars and Extensions <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    \{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
    \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    \ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \WebBrowser\\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} - = ()

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
    \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8192 =
    \\NEXTID - 8195
    \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
    \\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8194 =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
    \{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =

    >>> Approved Shell Extensions (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
    \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
    \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
    \\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
    \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
    \\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
    \\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
    \\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
    \\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
    \\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
    \\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
    \\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
    \\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
    \\{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.5 Context Menu Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH)
    \\{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.5 DragDrop Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH)
    \\{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.5 Context Menu Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH)
    \\{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.5 Property Sheet Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH)
    \\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
    \\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
    \\{32020A01-506E-484D-A2A8-BE3CF17601C3} - AlcoholShellEx = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll (Alcohol Soft Development Team)
    \\{5E44E225-A408-11CF-B581-008029601108} - Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll (Roxio)
    \\{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC} - My Media = C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll (Roxio, Inc.)
    \\{C56C4E21-706D-11d0-AFC5-444553540002} - My Digital Camera = C:\Program Files\Common Files\FotoNation\camview.dll (FotoNation Inc.)
    \\{54457175-AE62-422f-8042-3188BA18A703} - FileProperty Shell Extension = C:\Program Files\Winsim\sa_FileVer.dll (Sage Software, Inc.)
    \\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


    >>> Context Menu Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
    \ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
    \Kaspersky Anti-Virus - {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll (Kaspersky Lab)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
    \ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll (e-merge GmbH)

    [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
    \ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
    \ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll (e-merge GmbH)

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
    \00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

    [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
    \Kaspersky Anti-Virus - {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll (Kaspersky Lab)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

    >>> Column Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

    >>> Registry Run Keys <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
    nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
    NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
    High Definition Audio Property Page Shortcut - C:\WINDOWS\SYSTEM32\HDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
    SoundMan - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    AlcWzrd - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
    Alcmtr - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    type32 - C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
    CARPService - C:\WINDOWS\SYSTEM32\carpserv.exe (Conexant Systems)
    SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
    LXBTCATS - rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll ()
    - Reg Data missing or invalid ()
    Lexmark 5200 series - C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe (Lexmark International, Inc.)
    iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
    NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    RoxioEngineUtility - C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
    RoxioDragToDisc - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
    RoxioAudioCentral - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
    UserFaultCheck - ()
    CloneDVDElbyDelay - C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe (Elaborate Bytes AG)
    KAVPersonal50 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe (Kaspersky Lab)
    CloneCDTray - C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
    QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
    SunServer - C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe (Sunbelt Software)
    !ewido - C:\Program Files\ewido anti-spyware 4.0\ewido.exe (Anti-Malware Development a.s.)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    Spyware Doctor - Reg Data missing or invalid ()

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    >>> Startup Links <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(2)(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(3).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(3)(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(3).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(4).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(2)(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(3).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(4)(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(4).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(5).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(2)(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(3).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(3)(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(3).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(4).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(2)(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(3).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(4)(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(4).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(5).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop.ini ()

    >>> MSConfig Disabled Items <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FaxCenterServer
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item fm3032
    hkey HKLM
    command "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPDJ Taskbar Utility
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item hpztsb05
    hkey HKLM
    command C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 0
    services 0
    startup 2


    [All Users Startup Folder Disabled Items]

    [Current User Startup Folder Disabled Items]

    >>> User Agent Post Platform <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    \\SV1 -

    >>> AppInit Dll's <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

    >>> Image File Execution Options <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    \Your Image File Name Here without a path - Debugger = ntsd -d

    >>> Shell Service Object Delay Load <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
    \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

    >>> Shell Execute Hooks <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
    \\{076394AD-7FDD-44EF-A075-32C68DBAB99B} - GIANT AntiSpyware Service Hook = C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll (Sunbelt Software)
    \\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)

    >>> Shared Task Scheduler <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

    >>> Winlogon <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    \\UserInit = C:\WINDOWS\system32\userinit.exe,
    \\Shell = Explorer.exe
    \\System =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    \crypt32chain - crypt32.dll = (Microsoft Corporation)
    \cryptnet - cryptnet.dll = (Microsoft Corporation)
    \cscdll - cscdll.dll = (Microsoft Corporation)
    \ScCertProp - wlnotify.dll = (Microsoft Corporation)
    \Schedule - wlnotify.dll = (Microsoft Corporation)
    \sclgntfy - sclgntfy.dll = (Microsoft Corporation)
    \SensLogn - WlNotify.dll = (Microsoft Corporation)
    \termsrv - wlnotify.dll = (Microsoft Corporation)
    \WgaLogon - WgaLogon.dll = (Microsoft Corporation)
    \wlballoon - wlnotify.dll = (Microsoft Corporation)

    >>> DNS Name Servers <<<
    {2D2795B0-5B08-4083-ABAA-594EBE3692C6} - (Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)

    >>> All Winsock2 Catalogs <<<
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
    \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
    \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
    \000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

    >>> Protocol Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
    \ipp - ()
    \msdaipp - ()

    >>> Protocol Filters (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

    >>> Selected AddOn's <<<

    >>>>Output for AddOn file Policies.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
    policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
    policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
    policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
    policies\system\\dontdisplaylastusername - 0
    policies\system\\legalnoticecaption -
    policies\system\\legalnoticetext -
    policies\system\\shutdownwithoutlogon - 1
    policies\system\\undockwithoutlogon - 1

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
    policies\Explorer\\NoDriveTypeAutoRun - B5 00 00 00
    policies\System\\DisableRegistryTools - 0

    >>>>Output for AddOn file Security.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    Security Center\\FirstRunDisabled - 0
    Security Center\\AntiVirusDisableNotify - 0
    Security Center\\FirewallDisableNotify - 0
    Security Center\\UpdatesDisableNotify - 0
    Security Center\\AntiVirusOverride - 0
    Security Center\\FirewallOverride - 0
    Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
    BITS\\Type - 32
    BITS\\Start - 3
    BITS\\ErrorControl - 1
    BITS\\ImagePath - %SystemRoot%\system32\svchost.exe -k netsvcs
    BITS\\DisplayName - Background Intelligent Transfer Service
    BITS\\DependOWARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Logfile created on: 12/09/2006 10:34:58 PM
    WinPFind v1.5.0 Folder = C:\Documents and Settings\Denys Lagacy\Desktop\winp\WinPFind\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 6.0.2900.2180)

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...
    PTech 27/05/2005 10:17:22 PM 2383 C:\WINDOWS\Contour.INI ()

    Checking %System% folder...
    aspack 18/03/2005 6:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
    aspack 26/05/2005 4:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
    aspack 22/07/2005 8:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
    PEC2 04/08/2004 9:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(2).dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(2).dll (DivXNetworks, Inc.)
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(3).dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(3).dll (DivXNetworks, Inc.)
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(4).dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(4).dll (DivXNetworks, Inc.)
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(5).dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX(5).dll (DivXNetworks, Inc.)
    PEC2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks, Inc.)
    PECompact2 26/10/2004 7:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll (DivXNetworks, Inc.)
    PTech 19/06/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl(2).dll (Microsoft Corporation)
    PTech 19/06/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
    PECompact2 09/08/2006 4:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT(2).exe (Microsoft Corporation)
    aspack 09/08/2006 4:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT(2).exe (Microsoft Corporation)
    PECompact2 09/08/2006 4:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 09/08/2006 4:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    WSUD 04/08/2004 9:00:00 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup(2).exe (Microsoft Corporation)
    WSUD 04/08/2004 9:00:00 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll(2).dll (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll(3).dll (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll(4).dll (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll(5).dll (Microsoft Corporation)
    aspack 04/08/2004 9:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
    WSUD 04/08/2004 9:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    Umonitor 04/08/2004 9:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg(2).dll (Microsoft Corporation)
    Umonitor 04/08/2004 9:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg(3).dll (Microsoft Corporation)
    Umonitor 04/08/2004 9:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
    winsync 04/08/2004 9:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
    PTech 19/06/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray(2).exe (Microsoft Corporation)
    PTech 19/06/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray(3).exe (Microsoft Corporation)
    PTech 19/06/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

    Checking %System%\Drivers folder and sub-folders...
     
  11. desktop1

    desktop1 Thread Starter

    Joined:
    Sep 10, 2006
    Messages:
    69
    3rd part of log

    Checking %System%\Drivers folder and sub-folders...

    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    12/09/2006 10:29:54 PM S 2048 C:\WINDOWS\bootstat.dat ()
    31/08/2006 5:18:42 PM H 54156 C:\WINDOWS\QTFont.qfn ()
    19/08/2006 4:09:42 PM H 33785 C:\WINDOWS\system32\Wnccdctl.dll (Elaborate Bytes)
    28/07/2006 9:16:08 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat ()
    27/07/2006 11:00:28 AM S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat ()
    21/07/2006 6:03:14 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat ()
    12/09/2006 10:29:44 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
    12/09/2006 10:30:04 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
    12/09/2006 10:29:56 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
    12/09/2006 10:30:36 PM H 65536 C:\WINDOWS\system32\config\software.LOG ()
    12/09/2006 10:29:56 PM H 5132288 C:\WINDOWS\system32\config\system.LOG ()
    16/08/2006 7:50:20 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
    30/08/2006 6:14:38 PM S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
    30/08/2006 6:14:40 PM S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
    30/08/2006 6:14:38 PM S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
    30/08/2006 6:14:38 PM S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
    30/08/2006 6:14:40 PM S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
    30/08/2006 6:14:38 PM S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
    17/07/2006 10:55:14 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b88fb8e5-55e3-446a-9048-ee20e4d3f319 ()
    17/07/2006 10:55:14 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
    12/09/2006 10:28:40 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

    Checking for CPL files...
    25/05/2004 12:06:58 PM 417792 C:\WINDOWS\SYSTEM32\ac3filter.cpl ()
    04/08/2004 9:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
    13/08/2004 1:49:42 AM 278528 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
    04/08/2004 9:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
    19/11/1999 2:59:10 PM 26624 C:\WINDOWS\SYSTEM32\camcpl.cpl (FotoNation inc.)
    06/10/2001 2:20:34 PM 316416 C:\WINDOWS\SYSTEM32\csacpl.cpl (Conexant Systems)
    04/08/2004 9:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
    10/11/2005 2:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
    04/08/2004 9:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    29/10/2004 9:50:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
    04/08/2004 9:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
    17/05/2002 6:04:56 PM 45154 C:\WINDOWS\SYSTEM32\plugincpl131_04.cpl (Sun Microsystems)
    04/08/2004 9:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
    26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
    04/08/2004 9:00:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
    26/05/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
    06/10/2001 2:20:34 PM 316416 C:\WINDOWS\SYSTEM32\ReinstallBackups\0015\DriverFiles\csacpl.cpl (Conexant Systems)

    Checking for Downloaded Program Files...
    {00B71CFB-6864-4346-A978-C0A14556272C} - Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
    {14B87622-7E19-4EA8-93B3-97215F77A6BC} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    {166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    {B8BE5E93-A60C-4D26-A2DC-220313175592} - ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} - Java Plug-in 1.3.1_04 - CodeBase = http://java.sun.com/products/plugin/1.3.1/jinstall-131_04-win.cab
    {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - Java Plug-in 1.5.0_01 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
    {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    04/02/2005 8:21:16 AM 920 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(3)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(4).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(4)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(4).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(5).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
    07/02/2005 11:13:00 PM 1735 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    30/08/2004 11:00:04 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
    03/04/2005 7:47:56 PM 12 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt ()
    19/08/2006 3:45:56 PM 12 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt ()
    31/08/2006 5:19:02 PM 2938 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

    Checking files in %USERPROFILE%\Startup folder...
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(3)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(4).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(2)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(4)(2).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(4).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(5).ini ()
    30/08/2004 6:05:32 PM HS 84 C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop.ini ()

    Checking files in %USERPROFILE%\Application Data folder...
    30/08/2004 11:00:04 AM HS 62 C:\Documents and Settings\Denys Lagacy\Application Data\desktop(2).ini ()
    30/08/2004 11:00:04 AM HS 62 C:\Documents and Settings\Denys Lagacy\Application Data\desktop(3).ini ()
    30/08/2004 11:00:04 AM HS 62 C:\Documents and Settings\Denys Lagacy\Application Data\desktop.ini ()

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    >>> Internet Explorer Settings <<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Local Page - C:\windows\system32\blank.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.google.com/
    \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    \\Local Page - C:\windows\system32\blank.htm

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    >>> BHO's <<<
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    \{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (PC Tools)
    \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    \{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    \{B56A7D7D-6927-48C8-A975-17DF180C71AC} - PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (PC Tools)
    \{CA8A9780-280D-11CF-A24D-444553540000} - Adobe Acrobat Control for ActiveX = C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx (Adobe Systems Incorporated)

    >>> Internet Explorer Bars, Toolbars and Extensions <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    \{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
    \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    \ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \WebBrowser\\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} - = ()

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
    \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8192 =
    \\NEXTID - 8195
    \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
    \\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8194 =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
    \{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =

    >>> Approved Shell Extensions (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
    \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
    \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
    \\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
    \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
    \\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
    \\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
    \\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
    \\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
    \\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
    \\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
    \\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
    \\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
    \\{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.5 Context Menu Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH)
    \\{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.5 DragDrop Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH)
    \\{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.5 Context Menu Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH)
    \\{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.5 Property Sheet Shell Extension = C:\Program Files\WinAce\arcext.dll (e-merge GmbH)
    \\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
    \\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
    \\{32020A01-506E-484D-A2A8-BE3CF17601C3} - AlcoholShellEx = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll (Alcohol Soft Development Team)
    \\{5E44E225-A408-11CF-B581-008029601108} - Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll (Roxio)
    \\{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC} - My Media = C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll (Roxio, Inc.)
    \\{C56C4E21-706D-11d0-AFC5-444553540002} - My Digital Camera = C:\Program Files\Common Files\FotoNation\camview.dll (FotoNation Inc.)
    \\{54457175-AE62-422f-8042-3188BA18A703} - FileProperty Shell Extension = C:\Program Files\Winsim\sa_FileVer.dll (Sage Software, Inc.)
    \\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


    >>> Context Menu Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
    \ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
    \Kaspersky Anti-Virus - {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll (Kaspersky Lab)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
    \ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll (e-merge GmbH)

    [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
    \ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
    \ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll (e-merge GmbH)

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
    \00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
    \NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

    [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
    \Kaspersky Anti-Virus - {dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll (Kaspersky Lab)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)

    >>> Column Handlers (Non-Microsoft Only) <<<
     
  12. desktop1

    desktop1 Thread Starter

    Joined:
    Sep 10, 2006
    Messages:
    69
    4th and final part

    >>> Column Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

    >>> Registry Run Keys <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
    nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
    NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
    High Definition Audio Property Page Shortcut - C:\WINDOWS\SYSTEM32\HDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
    SoundMan - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    AlcWzrd - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
    Alcmtr - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    type32 - C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
    CARPService - C:\WINDOWS\SYSTEM32\carpserv.exe (Conexant Systems)
    SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
    LXBTCATS - rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll ()
    - Reg Data missing or invalid ()
    Lexmark 5200 series - C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe (Lexmark International, Inc.)
    iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
    NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    RoxioEngineUtility - C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
    RoxioDragToDisc - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
    RoxioAudioCentral - C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
    UserFaultCheck - ()
    CloneDVDElbyDelay - C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe (Elaborate Bytes AG)
    KAVPersonal50 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe (Kaspersky Lab)
    CloneCDTray - C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
    QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
    SunServer - C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe (Sunbelt Software)
    !ewido - C:\Program Files\ewido anti-spyware 4.0\ewido.exe (Anti-Malware Development a.s.)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    Spyware Doctor - Reg Data missing or invalid ()

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    >>> Startup Links <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(2)(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2)(3).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(3)(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(3).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2)(4).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(2)(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3)(3).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(3).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(4)(2).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(4).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop(5).ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(2)(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2)(3).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(3)(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(3).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2)(4).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(2)(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3)(3).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(3).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(4)(2).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(4).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop(5).ini ()
    C:\Documents and Settings\Denys Lagacy\Start Menu\Programs\Startup\desktop.ini ()

    >>> MSConfig Disabled Items <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FaxCenterServer
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item fm3032
    hkey HKLM
    command "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPDJ Taskbar Utility
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item hpztsb05
    hkey HKLM
    command C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 0
    services 0
    startup 2


    [All Users Startup Folder Disabled Items]

    [Current User Startup Folder Disabled Items]

    >>> User Agent Post Platform <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    \\SV1 -

    >>> AppInit Dll's <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

    >>> Image File Execution Options <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    \Your Image File Name Here without a path - Debugger = ntsd -d

    >>> Shell Service Object Delay Load <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
    \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

    >>> Shell Execute Hooks <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
    \\{076394AD-7FDD-44EF-A075-32C68DBAB99B} - GIANT AntiSpyware Service Hook = C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll (Sunbelt Software)
    \\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)

    >>> Shared Task Scheduler <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
    \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

    >>> Winlogon <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    \\UserInit = C:\WINDOWS\system32\userinit.exe,
    \\Shell = Explorer.exe
    \\System =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    \crypt32chain - crypt32.dll = (Microsoft Corporation)
    \cryptnet - cryptnet.dll = (Microsoft Corporation)
    \cscdll - cscdll.dll = (Microsoft Corporation)
    \ScCertProp - wlnotify.dll = (Microsoft Corporation)
    \Schedule - wlnotify.dll = (Microsoft Corporation)
    \sclgntfy - sclgntfy.dll = (Microsoft Corporation)
    \SensLogn - WlNotify.dll = (Microsoft Corporation)
    \termsrv - wlnotify.dll = (Microsoft Corporation)
    \WgaLogon - WgaLogon.dll = (Microsoft Corporation)
    \wlballoon - wlnotify.dll = (Microsoft Corporation)

    >>> DNS Name Servers <<<
    {2D2795B0-5B08-4083-ABAA-594EBE3692C6} - (Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller)

    >>> All Winsock2 Catalogs <<<
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
    \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
    \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
    \000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

    >>> Protocol Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
    \ipp - ()
    \msdaipp - ()

    >>> Protocol Filters (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

    >>> Selected AddOn's <<<

    >>>>Output for AddOn file Policies.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
    policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
    policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
    policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
    policies\system\\dontdisplaylastusername - 0
    policies\system\\legalnoticecaption -
    policies\system\\legalnoticetext -
    policies\system\\shutdownwithoutlogon - 1
    policies\system\\undockwithoutlogon - 1

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
    policies\Explorer\\NoDriveTypeAutoRun - B5 00 00 00
    policies\System\\DisableRegistryTools - 0

    >>>>Output for AddOn file Security.def<<<<
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    Security Center\\FirstRunDisabled - 0
    Security Center\\AntiVirusDisableNotify - 0
    Security Center\\FirewallDisableNotify - 0
    Security Center\\UpdatesDisableNotify - 0
    Security Center\\AntiVirusOverride - 0
    Security Center\\FirewallOverride - 0
    Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
    BITS\\Type - 32
    BITS\\Start - 3
    BITS\\ErrorControl - 1
    BITS\\ImagePath - %SystemRoot%\system32\svchost.exe -k netsvcs
    BITS\\DisplayName - Background Intelligent Transfer Service
    BITS\\DependOnService - RpcSs;
    BITS\\DependOnGroup -
    BITS\\ObjectName - LocalSystem
    BITS\\Description - Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
    BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
    BITS\Parameters\\ServiceDll - C:\WINDOWS\system32\qmgr.dll
    BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    BITS\Enum\\0 - Root\LEGACY_BITS\0000
    BITS\Enum\\Count - 1
    BITS\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
    SharedAccess\\DependOnGroup -
    SharedAccess\\DependOnService - Netman;WinMgmt;
    SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
    SharedAccess\\ErrorControl - 1
    SharedAccess\\ImagePath - %SystemRoot%\system32\svchost.exe -k netsvcs
    SharedAccess\\ObjectName - LocalSystem
    SharedAccess\\Start - 2
    SharedAccess\\Type - 32
    SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
    SharedAccess\Enum\\Count - 1
    SharedAccess\Enum\\NextInstance - 1
    SharedAccess\Epoch\\Epoch - 11472
    SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Setup\\ServiceUpgrade - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
    wuauserv\\Type - 32
    wuauserv\\Start - 2
    wuauserv\\ErrorControl - 1
    wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
    wuauserv\\DisplayName - Automatic Updates
    wuauserv\\ObjectName - LocalSystem
    wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
    wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
    wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
    wuauserv\Enum\\Count - 1
    wuauserv\Enum\\NextInstance - 1


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    nService - RpcSs;
    BITS\\DependOnGroup -
    BITS\\ObjectName - LocalSystem
    BITS\\Description - Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
    BITS\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00
    BITS\Parameters\\ServiceDll - C:\WINDOWS\system32\qmgr.dll
    BITS\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    BITS\Enum\\0 - Root\LEGACY_BITS\0000
    BITS\Enum\\Count - 1
    BITS\Enum\\NextInstance - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
    SharedAccess\\DependOnGroup -
    SharedAccess\\DependOnService - Netman;WinMgmt;
    SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
    SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
    SharedAccess\\ErrorControl - 1
    SharedAccess\\ImagePath - %SystemRoot%\system32\svchost.exe -k netsvcs
    SharedAccess\\ObjectName - LocalSystem
    SharedAccess\\Start - 2
    SharedAccess\\Type - 32
    SharedAccess\Enum\\0 - Root\LEGACY_SHAREDACCESS\0000
    SharedAccess\Enum\\Count - 1
    SharedAccess\Enum\\NextInstance - 1
    SharedAccess\Epoch\\Epoch - 11472
    SharedAccess\Parameters\\ServiceDll - %SystemRoot%\System32\ipnathlp.dll
    SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe - %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    SharedAccess\Setup\\ServiceUpgrade - 1
    SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All - 1

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - Include SUBKEYS
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
    wuauserv\\Type - 32
    wuauserv\\Start - 2
    wuauserv\\ErrorControl - 1
    wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
    wuauserv\\DisplayName - Automatic Updates
    wuauserv\\ObjectName - LocalSystem
    wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
    wuauserv\Parameters\\ServiceDll - C:\WINDOWS\system32\wuauserv.dll
    wuauserv\Security\\Security - 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
    wuauserv\Enum\\0 - Root\LEGACY_WUAUSERV\0000
    wuauserv\Enum\\Count - 1
    wuauserv\Enum\\NextInstance - 1


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,847
    • Go to the Control Panel and double-click the Java Icon.
    • Under Temporary Internet Files, click the Delete Files button.
    • There are three options in the window to clear the cache - Leave ALL 3 Checked
      • Downloaded Applets
      • Downloaded Applications
      • Other Files
    • Click OK on Delete Temporary Files Window
    • Click OK to leave the Java Control Panel.


    May I see a new HijackThis log please.
     
  14. desktop1

    desktop1 Thread Starter

    Joined:
    Sep 10, 2006
    Messages:
    69
    here you go
    can i ask a stupid question...
    why is there a pile of entries under 04 with startup desktop???


    Logfile of HijackThis v1.99.1
    Scan saved at 9:45:06 PM, on 13/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Denys Lagacy\Desktop\HijackThis.exe

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: Adobe Acrobat Control for ActiveX - {CA8A9780-280D-11CF-A24D-444553540000} - C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: desktop(2)(2)(2)(2).ini
    O4 - Startup: desktop(2)(2)(2).ini
    O4 - Startup: desktop(2)(2)(3).ini
    O4 - Startup: desktop(2)(2).ini
    O4 - Startup: desktop(2)(3)(2).ini
    O4 - Startup: desktop(2)(3).ini
    O4 - Startup: desktop(2)(4).ini
    O4 - Startup: desktop(2).ini
    O4 - Startup: desktop(3)(2)(2).ini
    O4 - Startup: desktop(3)(2).ini
    O4 - Startup: desktop(3)(3).ini
    O4 - Startup: desktop(3).ini
    O4 - Startup: desktop(4)(2).ini
    O4 - Startup: desktop(4).ini
    O4 - Startup: desktop(5).ini
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: desktop(2)(2)(2)(2).ini
    O4 - Global Startup: desktop(2)(2)(2).ini
    O4 - Global Startup: desktop(2)(2)(3).ini
    O4 - Global Startup: desktop(2)(2).ini
    O4 - Global Startup: desktop(2)(3)(2).ini
    O4 - Global Startup: desktop(2)(3).ini
    O4 - Global Startup: desktop(2)(4).ini
    O4 - Global Startup: desktop(2).ini
    O4 - Global Startup: desktop(3)(2)(2).ini
    O4 - Global Startup: desktop(3)(2).ini
    O4 - Global Startup: desktop(3)(3).ini
    O4 - Global Startup: desktop(3).ini
    O4 - Global Startup: desktop(4)(2).ini
    O4 - Global Startup: desktop(4).ini
    O4 - Global Startup: desktop(5).ini
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    111,847
    Basically, those entries mean that certain system files, such as the desktop.ini (there are others as well showing in the Winpfind log) are not being overwritten as they should be when updated. Either the original files were not deleted before new ones were installed or something, such as a security program, is preventing them from being overwritten. This will probably eventually lead to serious corruption that would necessitate a reformat.

    Do you have your XP CD?

    Do you recognize this program?

    O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/500070

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice