Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

01 - hosts keep returning


  • This topic is locked This topic is locked
40 replies to this topic

#16 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 07 March 2007 - 08:43 PM

Please also do the GMER.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

    Advertisements

Register to Remove


#17 auggust

auggust

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 07 March 2007 - 10:37 PM

Ran GMER twice ...... same result .... blue screened me and crashed me, then had windows error on reboot ....

#18 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 07 March 2007 - 10:55 PM

I am sorry about the GMER - let's try Blacklight

Blacklight

Download Blacklight trial from here:
http://www.f-secure.com/blacklight/
  • Hit I accept. It will take you to download page.
  • Download blbeta.exe and save it to the Desktop.
  • Once saved... double click blbeta.exe to install the program.
  • Click accept agreement and Click scan
    This app too may fire off a warning from antivirus. Let the driver load.
    Wait for it to finish.
  • If it displays any items...don't do anything with them yet. Just hit exit (close)
  • It will drop a log on Desktop that starts with fsbl....big number
Please post contents of log.

Also rename your hosts file - like C:\WINDOWS\system32\drivers\etc\hostx then let's see if another one is generated.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#19 auggust

auggust

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 07 March 2007 - 11:03 PM

Ok think prob with GMER was I dl a corrupt file, went back to new location and file was bigger than one i got in the first place so it worked, this is results, do u still want above done too?

GMER

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-03-07 23:58:20
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3016] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 7E1FF205 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3016] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38FEBF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3016] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38FE40 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3016] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38FE84 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3016] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38FDCC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3016] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38FE06 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3016] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38FEFA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3016] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E2215DA C:\WINDOWS\system32\IEFRAME.dll

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8CD285A] avgtdi.sys

---- EOF - GMER 1.0.12 ----

#20 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 07 March 2007 - 11:14 PM

GMER did not find Rootkits.

I think I gave you obsolete Hoster--have you tried this?

HostsXpert

Please download HoxtXpert.
  • Unzip HostXpert.zip
  • Open HostXpert.exe.
  • Then click on "Restore Original Hosts"
  • Close program when complete.
  • Empty Recycle Bin
Go ahead and let me see another hijackthis log after this.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#21 auggust

auggust

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 07 March 2007 - 11:21 PM

yes i had latest 3.8 and when i ran it it elimated all the 01 host files like it has in the past but they reappear with every url i visit

#22 auggust

auggust

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 07 March 2007 - 11:23 PM

here is the flsb from Blacklight 03/08/07 00:07:43 [Info]: BlackLight Engine 1.0.55 initialized 03/08/07 00:07:43 [Info]: OS: 5.1 build 2600 (Service Pack 2) 03/08/07 00:07:44 [Note]: 7019 4 03/08/07 00:07:44 [Note]: 7005 0 03/08/07 00:07:45 [Note]: 7006 0 03/08/07 00:07:45 [Note]: 7011 1456 03/08/07 00:07:45 [Note]: 7026 0 03/08/07 00:07:45 [Note]: 7026 0 03/08/07 00:07:49 [Note]: FSRAW library version 1.7.1021 03/08/07 00:14:57 [Note]: 7007 0

#23 auggust

auggust

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 07 March 2007 - 11:34 PM

hijack log after hostexpert the 01 are gone but will reappear, least always have :)

Logfile of HijackThis v1.99.1
Scan saved at 12:29:42 AM, on 3/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\TWEAKM~1\TMTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\KH Blocker\khb.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\Weather Watcher\ww.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Football\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Fred\Application Data\Mozilla\Profiles\default\olcuyixv.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TweakMASTER] "C:\PROGRA~1\TWEAKM~1\TMTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KH Blocker] C:\Program Files\KH Blocker\khb.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AdsGone 2006.lnk = C:\Program Files\AdsGone\adsgone.exe
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1170805567156
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#24 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 08 March 2007 - 06:56 AM

Have you tried changing the attributes on the host file (after the 01s are gone) to read only? Let me know if this helps.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#25 auggust

auggust

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 08 March 2007 - 11:30 AM

changed to read only and after 5 min on web ran hijackthis and got:

Logfile of HijackThis v1.99.1
Scan saved at 12:27:21 PM, on 3/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\TWEAKM~1\TMTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\KH Blocker\khb.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\Weather Watcher\ww.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Football\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Fred\Application Data\Mozilla\Profiles\default\olcuyixv.slt\prefs.js)
O1 - Hosts: 216.77.188.41 home.bellsouth.net
O1 - Hosts: 209.40.97.64 ad2.m5-systems.com
O1 - Hosts: 63.71.15.89 wellspan-secure.org
O1 - Hosts: 63.71.8.111 web1.zixmail.net
O1 - Hosts: 66.135.202.164 cgi.ebay.com
O1 - Hosts: 66.135.192.34 pages.motors.ebay.com
O1 - Hosts: 70.84.70.85 forums.tomcoyote.org
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O3 - Toolbar: &RoboForm -

    Advertisements

Register to Remove


#26 Divine Design

Divine Design

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 08 March 2007 - 11:46 AM

I am in no way affiliated with the university or this forum other than a member in need, but, just to add my 2cents..... I have noticed that sometimes adsgone has been packaged into weatherwatcher. I had many problems with it myself in the past, mainly cookie related.

#27 auggust

auggust

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 08 March 2007 - 12:03 PM

Thanks for the input, but I loaded weather watcher in my wifes laptop and have run hijackthis and other stuff and her hosts file says same where mine just keeps building and building with every url i go to, actually last nite i found about 100 porn XXX sites in urls in there and never been to any of them or other porn sites ..... so just dunno, am almost to the point to reformat but sure hate too!

#28 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 08 March 2007 - 01:00 PM

Your log from the Winpfind was cut off. I am not sure about some of the files are.
Would you please post a whole Winpfind log also.

======
Please show all files for your system.
You will need to reverse this process when all steps are done.


Submit File to Jotti
Please click on Jotti
Use the "Browse" button and locate the following file on your computer:
C:\WINDOWS\PI4_setup.ini
Click the "Submit" button.
Please copy and post (reply) with the results

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustota...l/index_en.html

Please also check the properties of those files (right-click and select properties from the popupmenu). Look if you can find some company information, etc.

Please repeat the Jotti scan for the following:
C:\WINDOWS\ST6UNST.000
C:\WINDOWS\uccspecc.sys
C:\WINDOWS\usrwiz.ini
C:\WINDOWS\wc98pp.dll



======
ADSpy
  • Run hijackthis
  • Click the tab Open the Misc Tools Section
  • Click the tab Open ADSpy
  • Uncheck the Quick Scan (Windows base folder only)
  • Click the Scan button under Ready
  • Allow the scan to finish and then click Save log tab.
Please post the ADSpy log unless nothing is found.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#29 auggust

auggust

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 08 March 2007 - 01:59 PM

Jotti was run with all the files u stated checked and nothing was found


Adspy was run with nothing found

WinPFind logfile created on: 3/6/2007 5:06:25 PM
WinPFind by OldTimer - v2.0.2 Folder = C:\music dl stuff\WinPFind\

Windows OS and Versions

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 7.0.5730.11

Memory/Drive Info

523276 Kb Total Physical Memory | 209368 Kb Available Physical Memory | 40.01% Memory free
1277876 Kb Paging File | 914020 Kb Available in Paging File | 71.53% Paging File free
Paging file location: C:\pagefile.sys 768 1536

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39045980 Kb Total Space | 29513096 Kb Free Space | 75.59% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Running Processes (Non-Microsoft)

C:\music dl stuff\WinPFind\WinPFind.exe (OldTimer Tools)
C:\Program Files\AdsGone\adsgone.exe (A1Tech, Inc.)
C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgemc.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgrssvc.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgrssvc.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
C:\Program Files\KH Blocker\khb.exe ()
C:\Program Files\TweakMASTER\TMTray.exe (Hagel Technologies Ltd)
C:\Program Files\Weather Watcher\ww.exe (Singer's Creations)
C:\WINDOWS\system32\HPZipm12.exe (HP)
C:\WINDOWS\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)

Win32 Services (Non-Microsoft)

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)

(AvgCoreSvc) AVG7 Resident Shield Service [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG7\avgrssvc.exe (GRISOFT, s.r.o.)

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running]
= C:\Program Files\Grisoft\AVG7\avgemc.exe (GRISOFT, s.r.o.)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped]
= (File not found)

(MaxBackServiceInt) MaxBackServiceInt [Win32_Own | Disabled | Stopped]
= C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (File not found)

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Disabled | Stopped]
= C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Running]
= (File not found)

Driver Services (Non-Microsoft)

(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped]
= (File not found)

(abp480n5) abp480n5 [Kernel | Disabled | Stopped]
= (File not found)

(adpu160m) adpu160m [Kernel | Disabled | Stopped]
= (File not found)

(Aha154x) Aha154x [Kernel | Disabled | Stopped]
= (File not found)

(aic78u2) aic78u2 [Kernel | Disabled | Stopped]
= (File not found)

(aic78xx) aic78xx [Kernel | Disabled | Stopped]
= (File not found)

(AliIde) AliIde [Kernel | Disabled | Stopped]
= (File not found)

(amsint) amsint [Kernel | Disabled | Stopped]
= (File not found)

(AN983) ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)

(asc) asc [Kernel | Disabled | Stopped]
= (File not found)

(asc3350p) asc3350p [Kernel | Disabled | Stopped]
= (File not found)

(asc3550) asc3550 [Kernel | Disabled | Stopped]
= (File not found)

(Atdisk) Atdisk [Kernel | Disabled | Stopped]
= (File not found)

(AvgClean) AVG7 Clean Driver [Kernel | System | Running]
= C:\WINDOWS\system32\drivers\avgclean.sys (GRISOFT, s.r.o.)

(AvgMfx86) AVG Minifilter x86 Resident Driver [File_System | System | Running]
= C:\WINDOWS\system32\drivers\avgmfx86.sys (GRISOFT, s.r.o.)

(AvgTdi) AVG Network Redirector [Kernel | Auto | Running]
= C:\WINDOWS\system32\drivers\avgtdi.sys (GRISOFT, s.r.o.)

(basic2) basic2 [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\basic2.sys (Conexant Systems)

(CA561) ICatch VI PC CAMERA [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\SPCA561.SYS (SP)

(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped]
= (File not found)

(Changer) Changer [Kernel | System | Stopped]
= (File not found)

(CmdIde) CmdIde [Kernel | Disabled | Stopped]
= (File not found)

(Cpqarray) Cpqarray [Kernel | Disabled | Stopped]
= (File not found)

(cvintdrv) cvintdrv [Kernel | Auto | Running]
= C:\WINDOWS\System32\drivers\cvintdrv.sys ()

(dac960nt) dac960nt [Kernel | Disabled | Stopped]
= (File not found)

(dmboot) dmboot [Kernel | Disabled | Stopped]
= C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)

(dmio) dmio [Kernel | Disabled | Stopped]
= C:\WINDOWS\system32\drivers\dmio.sys (Microsoft Corp., Veritas Software)

(dmload) dmload [Kernel | Disabled | Stopped]
= C:\WINDOWS\system32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)

(dpti2o) dpti2o [Kernel | Disabled | Stopped]
= (File not found)

(DTPX00) USB Storage Adapter ISD-X00 (DTP) [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\DTPX00.SYS (Cypress Semiconductor)

(Fallback) Fallback [Kernel | Auto | Running]
= C:\WINDOWS\system32\drivers\fallback.sys (Conexant Systems)

(Fsks) Fsks [Kernel | Auto | Running]
= C:\WINDOWS\system32\drivers\fsksnt.sys (Conexant Systems)

(genmcmnUSB) USB Scroll Mouse Driver [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\gflmouhid.sys ()

(hcdriver) EHCI [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\hcdriver.sys (Intel Corporation)

(hpn) hpn [Kernel | Disabled | Stopped]
= (File not found)

(hpt3xx) hpt3xx [Kernel | Disabled | Stopped]
= (File not found)

(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\HPZid412.sys (HP)

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\HPZius12.sys (HP)

(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\hsfbs2s2.sys (Conexant Systems, Inc.)

(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\hsfdpsp2.sys (Conexant Systems, Inc.)

(hsf_msft) hsf_msft [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\HSF_MSFT.sys (Conexant)

(i2omgmt) i2omgmt [Kernel | System | Stopped]
= (File not found)

(i2omp) i2omp [Kernel | Disabled | Stopped]
= (File not found)

(ini910u) ini910u [Kernel | Disabled | Stopped]
= (File not found)

(K56) K56 [Kernel | Auto | Running]
= C:\WINDOWS\system32\drivers\k56nt.sys (Conexant Systems)

(lbrtfdc) lbrtfdc [Kernel | System | Stopped]
= (File not found)

(LNE100) Linksys LNE100TX(v5) Fast Ethernet Adapter [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\lne100v5.sys (LinkSys Group Inc.)

(mdmxsdk) mdmxsdk [Kernel | Auto | Running]
= C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)

(mraid35x) mraid35x [Kernel | Disabled | Stopped]
= (File not found)

(MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)

(nv) nv [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

(OMCI) OMCI [Kernel | System | Running]
= C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)

(PCIDump) PCIDump [Kernel | System | Stopped]
= (File not found)

(PCIIde) PCIIde [Kernel | Disabled | Stopped]
= (File not found)

(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped]
= (File not found)

(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped]
= (File not found)

(PDRELI) PDRELI [Kernel | On_Demand | Stopped]
= (File not found)

(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped]
= (File not found)

(perc2) perc2 [Kernel | Disabled | Stopped]
= (File not found)

(perc2hib) perc2hib [Kernel | Disabled | Stopped]
= (File not found)

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

(PxHelp20) PxHelp20 [Kernel | Boot | Running]
= C:\WINDOWS\system32\drivers\PxHelp20.sys (Sonic Solutions)

(ql1080) ql1080 [Kernel | Disabled | Stopped]
= (File not found)

(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped]
= (File not found)

(ql12160) ql12160 [Kernel | Disabled | Stopped]
= (File not found)

(ql1240) ql1240 [Kernel | Disabled | Stopped]
= (File not found)

(ql1280) ql1280 [Kernel | Disabled | Stopped]
= (File not found)

(Rksample) Rksample [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\rksample.sys (Conexant Systems)

(Secdrv) Secdrv [Kernel | On_Demand | Stopped]
= C:\WINDOWS\system32\drivers\secdrv.sys ()

(Simbad) Simbad [Kernel | Disabled | Stopped]
= (File not found)

(SoftFax) SoftFax [Kernel | Auto | Running]
= C:\WINDOWS\system32\drivers\faxnt.sys (Conexant Systems)

(Sparrow) Sparrow [Kernel | Disabled | Stopped]
= (File not found)

(SpeakerPhone) SpeakerPhone [Kernel | Auto | Running]
= C:\WINDOWS\system32\drivers\spkpnt.sys (Conexant Systems)

(symc810) symc810 [Kernel | Disabled | Stopped]
= (File not found)

(symc8xx) symc8xx [Kernel | Disabled | Stopped]
= (File not found)

(sym_hi) sym_hi [Kernel | Disabled | Stopped]
= (File not found)

(sym_u3) sym_u3 [Kernel | Disabled | Stopped]
= (File not found)

(tbcspud) Santa Cruz Driver [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\tbcspud.sys (Voyetra Turtle Beach)

(tbcwdm) Santa Cruz WDM Driver [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\tbcwdm.sys (Voyetra Turtle Beach)

(Tones) Tones [Kernel | Auto | Running]
= C:\WINDOWS\system32\drivers\tonesnt.sys (Conexant Systems)

(TosIde) TosIde [Kernel | Disabled | Stopped]
= (File not found)

(ultra) ultra [Kernel | Disabled | Stopped]
= (File not found)

(V124) V124 [Kernel | Auto | Running]
= C:\WINDOWS\system32\drivers\v124nt.sys (Conexant Systems)

(ViaIde) ViaIde [Kernel | Disabled | Stopped]
= (File not found)

(vulfnths) VIA USB Host Controller Lower Filter [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\vulfnth.sys (VIA Technologies, Inc.)

(vulfntrs) VIA USB Roothub Lower Filter [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\vulfntr.sys (VIA Technologies, Inc.)

(WDICA) WDICA [Kernel | On_Demand | Stopped]
= (File not found)

(winachsf) winachsf [Kernel | On_Demand | Running]
= C:\WINDOWS\system32\drivers\hsf_cnxt.sys (Conexant Systems)

Registry Items (Non-Microsoft)

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVG7_CC = C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
KH Blocker = C:\Program Files\KH Blocker\khb.exe ()
NvMediaCenter = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
TraySantaCruz = C:\WINDOWS\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)
TweakMASTER = C:\Program Files\TweakMASTER\TMTray.exe (Hagel Technologies Ltd)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WeatherWatcher = C:\Program Files\Weather Watcher\ww.exe (Singer's Creations)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1

< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AdsGone 2006.lnk
= C:\Program Files\AdsGone\adsgone.exe (A1Tech, Inc.)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

< User Startup Folder = C:\Documents and Settings\Fred\Start Menu\Programs\Startup >
C:\Documents and Settings\Fred\Start Menu\Programs\Startup\desktop.ini ()

>>>>> MsConfig Disabled Items <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
WMPNetworkSvc = 3
Pml Driver HPZ12 = 2
NVSvc = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk (File not found)
backup = C:\WINDOWS\pss\Adobe Reader Speed Launch.lnk (File not found)
location = Common Startup
command = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
item = Adobe Reader Speed Launch

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoolMax XTreme.lnk]
path = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CoolMax XTreme.lnk (File not found)
backup = C:\WINDOWS\pss\CoolMax XTreme.lnk (File not found)
location = Common Startup
command = C:\Program Files\XTreme\XTreme.exe (CoolMax)
item = CoolMax XTreme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.2.lnk]
path = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.2.lnk (File not found)
backup = C:\WINDOWS\pss\eFax 4.2.l (File not found)
location = Common Startup
command = C:\Program Files\eFax Messenger 4.2\J2GTray.exe (j2 Global Communications, Inc.)
item = eFax 4.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk (File not found)
backup = C:\WINDOWS\pss\Google Updater.lnk (File not found)
location = Common Startup
command = C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
item = Google Updater

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk (File not found)
backup = C:\WINDOWS\pss\HP Digital Imaging Monitor.lnk (File not found)
location = Common Startup
command = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
item = HP Digital Imaging Monitor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk (File not found)
backup = C:\WINDOWS\pss\Microsoft Office.lnk (File not found)
location = Common Startup
item = Microsoft Office

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk (File not found)
backup = C:\WINDOWS\pss\ymetray.lnk (File not found)
location = Common Startup
item = ymetray

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^AdsGone.lnk]
path = C:\Documents and Settings\Fred\Start Menu\Programs\Startup\AdsGone.lnk (File not found)
backup = C:\WINDOWS\pss\AdsGone.lnk (File not found)
location = Startup
command = C:\Program Files\AdsGone\adsgone.exe (A1Tech, Inc.)
item = AdsGone

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item =
hkey = HKLM
command =
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aim6]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item =
hkey = HKCU
command =
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DTPBG]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\DTPBG.EXE (Cypress Semiconductor)
hkey = HKLM
command = C:\WINDOWS\DTPBG.EXE (Cypress Semiconductor)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eFax 4.2]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = J2GDllCmd
hkey = HKLM
command = C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe (j2 Global Communications, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FreeRAM XP]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = FreeRAM XP Pro
hkey = HKCU
command = C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe (File not found)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = HPWuSchd2
hkey = HKLM
command = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KingKongCapture]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = KingKongCapture
hkey = HKLM
command = C:\Program Files\King Kong Software\King Kong Capture\KingKongCapture.exe (King Kong Software)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LanguageShortcut]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Language
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MaxtorOneTouch]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Onetouch
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MMTray]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = mm_tray
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Mozilla Quick Launch]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = Netscp
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = msmsgs
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mxomssmenu]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = maxmenumgr
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\nwiz.exe ()
hkey = HKLM
command = C:\WINDOWS\system32\nwiz.exe ()
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = qttask
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = PDVDServ
hkey = HKLM
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoboForm]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = RoboTaskBarIcon
hkey = HKCU
command = C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SP TimeSync]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = SP TimeSync
hkey = HKCU
command = C:\Program Files\SP TimeSync 2.1\SP TimeSync.exe ()
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = jusched
hkey = HKLM
command = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VoSKY IPW]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = UVS6000
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VoSKY IPW Bootup]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = UDR6000
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VoSKY IPW BootupB]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = UDR6000B
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = YAHOOM~1
hkey = HKCU
command = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
system.ini = 1
win.ini = 2
bootini = 0
services = 2
startup = 2

>>>>> Disabled Startup Folder Items <<<<<

>>>>> File Associations <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found

>>>>> Registry Shell Spawning <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -> "%1" %* (File not found)

cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)

exefile [open] -> "%1" %* (File not found)

htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -> "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -> "%1" %* (File not found)

regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

scrfile [config] -> "%1" (File not found)
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)

txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)

Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -> "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -> "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -> "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

>>>>> ActiveX StubPath settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
StubPath = C:\WINDOWS\system32\ieudinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

>>>>> WOW Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

>>>>> Session Manager Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
BootExecute = autocheck autochk *;
ExcludeFromKnownDlls =

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<




>>>>> Security Providers <<<<<

>>>>> Winlogon Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
Control_RunDLL (File not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgwlntf]
DllName = C:\WINDOWS\system32\avgwlntf.dll (GRISOFT, s.r.o.)

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments]
ScanWithAntiVirus = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1
undockwithoutlogon = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
DisableRegistryTools = 0

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer]*

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home

>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 568924 bytes | Modified Date: 3/6/2007 4:58:50 PM)

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://www.yahoo.com/
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://home.bellsouth.net/
Start Page = http://home.bellsouth.net/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn...st/srchcust.htm
SearchAssistant = http://ie.search.msn...st/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.google.com/
Start Page = http://home.bellsouth.net/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com]
https

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
- Adobe PDF Reader Link Helper ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
- Skype add-on (mastermind) ( HKLM = C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
- Reg Data - Value does not exist ( HKLM = C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C}]
- TweakMASTER Component ( HKLM = C:\Program Files\TweakMASTER\TweakBHO.dll (Hagel Technologies Ltd) )

>>>>> Bars, Toolbars and Extensions <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm ( HKLM = C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{724D43A0-0D85-11D4-9908-00400523E39A} - &RoboForm ( HKLM = C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems) )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8193

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Customize Menu &4]
@ = C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Fill Forms &]]
@ = C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htm (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save Forms &[]
@ = C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htm (File not found)

>>>>> Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{00020000-0000-1011-8004-0000C06B5161} = WIBU-SYSTEMS Shell Extension ( CLSID not found! )
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () )
{32683183-48a0-441b-a342-7c2a440a9478} = Media Band ( CLSID not found! )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( CLSID not found! )
{6ff26905-5466-4722-a301-08e22f780280} = HotShellExt ( HKLM = C:\Program Files\eFax Messenger 4.2\J2GShell.dll (j2 Global Communications, Inc.) )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG7 Shell Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} = AVG7 Find Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )
{A70C977A-BF00-412C-90B7-034C51DA2439} = DesktopContext Class ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) )
{FFB699E0-306A-11d3-8BD1-00104B6F7516} = NVIDIA CPL Extension ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} = Web Folders ( HKLM = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL () )

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\HotShellExt_40]
@ = {6FF26905-5466-4722-A301-08E22F780280} ( HKLM = C:\Program Files\eFax Messenger 4.2\J2GShell.dll (j2 Global Communications, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ZONERMenu]
@ = {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} ( HKLM = C:\Program Files\Zoner\Photo Studio 8\Program\SHELLEXT8.DLL (ZONER software) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ZONERMenu]
@ = {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} ( HKLM = C:\Program Files\Zoner\Photo Studio 8\Program\SHELLEXT8.DLL (ZONER software) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\00nView]
@ = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} ( HKLM = C:\WINDOWS\system32\nvshell.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\NvCplDesktopContext]
@ = {A70C977A-BF00-412C-90B7-034C51DA2439} ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ZONERMenu]
@ = {BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B} ( HKLM = C:\Program Files\Zoner\Photo Studio 8\Program\SHELLEXT8.DLL (ZONER software) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- PDF Shell Extension ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )

>>>>> User Agent Post Platform <<<<<

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{117202F4-4C86-48D6-9D3B-C399FD887E3E}] ( Linksys LNE100TX(v5) Fast Ethernet Adapter )
DefaultGateway =
DhcpDefaultGateway = 192.168.0.1;
DhcpIPAddress = 192.168.0.2
DhcpNameServer = 192.168.0.1
DhcpServer = 192.168.0.1
DhcpSubnetMask = 255.255.255.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9523EFA2-C553-4850-8DCB-17CB3175B6C3}]
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Protocol Handlers <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ic32pp]
CLSID = {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - ( HKLM C:\WINDOWS\wc98pp.dll () )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com]
CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - ( HKLM C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) )

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\DownloadInformation]
CODEBASE = http://download.micr...heckControl.cab
INF = C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\DownloadInformation]
CODEBASE = http://cdn.scan.onec...lscbase9602.cab
INF = C:\WINDOWS\Downloaded Program Files\wlscBase.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\DownloadInformation]
CODEBASE = http://update.micros...b?1170805567156
INF = C:\WINDOWS\Downloaded Program Files\wuweb.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE = http://javadl-esd.su...indows-i586.cab
INF = C:\WINDOWS\Downloaded Program Files\jinstall-1_5_0_06.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}\DownloadInformation]
CODEBASE = http://ax.emsisoft.com/asquared.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE = http://fpdownload.ma...ash/swflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

Files Created Within 90 Days

C:\avg7qt(2).dat [Ver = | Size = 12479986 bytes | Created Date = 1/14/2007 4:02:44 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\jgalt.ayn [Ver = | Size = 13 bytes | Created Date = 1/16/2007 4:52:30 PM | Attr = H ]
C:\Documents and Settings\Fred\Application Data\Notification.dll [Ver = | Size = 53248 bytes | Created Date = 3/6/2007 2:08:23 AM | Attr = H ]
C:\Documents and Settings\Fred\Application Data\rbap550.dll [Ver = | Size = 88576 bytes | Created Date = 3/6/2007 2:08:23 AM | Attr = H ]
C:\Documents and Settings\Fred\Application Data\RBInternetEncodings550.dll [Ver = | Size = 29184 bytes | Created Date = 3/6/2007 2:08:23 AM | Attr = H ]
C:\Documents and Settings\Fred\Application Data\RBShell550.dll [Ver = | Size = 38912 bytes | Created Date = 3/6/2007 2:08:23 AM | Attr = H ]
C:\Documents and Settings\Fred\Application Data\WindowsSecurity.dll [Ver = | Size = 65536 bytes | Created Date = 3/6/2007 2:08:23 AM | Attr = H ]
C:\Documents and Settings\Fred\Application Data\ZZipUtilitiesV02.dll [Ver = | Size = 75776 bytes | Created Date = 3/6/2007 2:08:23 AM | Attr = H ]
C:\Documents and Settings\Fred\Local Settings\Application Data\fusioncache.dat [Ver = | Size = 127 bytes | Created Date = 2/12/2007 1:34:00 AM | Attr = ]
C:\Documents and Settings\Fred\Local Settings\Application Data\IconCache.db [Ver = | Size = 6914994 bytes | Created Date = 3/3/2007 11:26:40 PM | Attr = H ]
C:\Documents and Settings\Fred\My Documents\Default.rdp [Ver = | Size = 1690 bytes | Created Date = 1/27/2007 1:26:48 PM | Attr = H ]
C:\Documents and Settings\Fred\Desktop\Radar.url [Ver = | Size = 345 bytes | Created Date = 12/30/2006 3:12:28 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Fred\Desktop\Radar.url:favicon (318 bytes)
C:\WINDOWS\a3kebook.ini [Ver = | Size = 4 bytes | Created Date = 1/22/2007 6:06:54 PM | Attr = H ]
C:\WINDOWS\akebook.ini [Ver = | Size = 20 bytes | Created Date = 1/22/2007 6:06:54 PM | Attr = H ]
C:\WINDOWS\ANS2000.INI [Ver = | Size = 180 bytes | Created Date = 1/22/2007 6:06:54 PM | Attr = ]
C:\WINDOWS\bears.bmp [Ver = | Size = 750174 bytes | Created Date = 1/19/2007 12:27:19 AM | Attr = ]
C:\WINDOWS\chapter.MID [Ver = | Size = 23165 bytes | Created Date = 1/23/2007 12:15:00 AM | Attr = ]
C:\WINDOWS\cviinst.ini [Ver = | Size = 29 bytes | Created Date = 12/25/2006 6:40:29 AM | Attr = ]
C:\WINDOWS\imsins.BAK [Ver = | Size = 1374 bytes | Created Date = 2/15/2007 3:15:27 AM | Attr = ]
C:\WINDOWS\khblocker.lnk [Ver = | Size = 597 bytes | Created Date = 3/6/2007 2:08:17 AM | Attr = ]
C:\WINDOWS\mozver.dat [Ver = | Size = 11024 bytes | Created Date = 12/27/2006 7:08:44 PM | Attr = ]
C:\WINDOWS\NSUninst.exe [Ver = | Size = 90832 bytes | Created Date = 12/27/2006 7:09:08 PM | Attr = ]
C:\WINDOWS\pcdlib32.dll Eastman Kodak [Ver = 3, 0, 0, 0 | Size = 212480 bytes | Created Date = 12/28/2006 11:04:08 AM | Attr = ]
C:\WINDOWS\PI4_setup.ini [Ver = | Size = 21 bytes | Created Date = 12/28/2006 11:04:08 AM | Attr = ]
C:\WINDOWS\Robotz Menu Command.wav [Ver = | Size = 13920 bytes | Created Date = 1/23/2007 12:15:11 AM | Attr = ]
C:\WINDOWS\sandy.bmp [Ver = | Size = 124470 bytes | Created Date = 12/26/2006 11:36:30 PM | Attr = ]
C:\WINDOWS\ST6UNST.000 [Ver = | Size = 5979 bytes | Created Date = 12/20/2006 12:41:08 AM | Attr = ]
C:\WINDOWS\uccspecc.sys [Ver = | Size = 31 bytes | Created Date = 3/4/2007 1:01:03 AM | Attr = H ]
C:\WINDOWS\usrwiz.ini [Ver = | Size = 134 bytes | Create

#30 auggust

auggust

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 08 March 2007 - 02:07 PM

this is rest of cut off last post

C:\WINDOWS\wc98pp.dll [Ver = | Size = 51712 bytes | Created Date = 1/23/2007 12:14:02 AM | Attr = ]
C:\WINDOWS\WindowsShellOld.Manifest.1 [Ver = | Size = 82 bytes | Created Date = 3/4/2007 1:01:03 AM | Attr = H ]
C:\WINDOWS\WinInit.INI [Ver = | Size = 4852 bytes | Created Date = 12/23/2006 1:51:13 PM | Attr = ]
C:\WINDOWS\System32\asuninst.exe Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 2/19/2007 1:16:02 PM | Attr = ]
C:\WINDOWS\System32\Audio3D.dll Sensaura Ltd [Ver = 4.12.01.2008 | Size = 720896 bytes | Created Date = 12/23/2006 2:13:06 PM | Attr = R ]
C:\WINDOWS\System32\avgwlntf.dll GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Created Date = 2/22/2007 9:48:43 AM | Attr = ]
C:\WINDOWS\System32\cdintf250.dll Amyuni Technologies
http://www.amyuni.com [Ver = 2.51 | Size = 1933312 bytes | Created Date = 1/25/2007 2:03:53 PM | Attr = ]
C:\WINDOWS\System32\cvirt.dll National Instruments [Ver = 5.5 | Size = 45056 bytes | Created Date = 12/25/2006 6:40:36 AM | Attr = ]
C:\WINDOWS\System32\cvirte.dll National Instruments [Ver = 5.5.1 | Size = 1925120 bytes | Created Date = 12/25/2006 6:40:36 AM | Attr = ]
C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Created Date = 2/19/2007 1:15:31 PM | Attr = ]
C:\WINDOWS\System32\hhactivex.dll Blue Sky Software Corporation. [Ver = 8.00.125 | Size = 446464 bytes | Created Date = 1/26/2007 5:14:55 PM | Attr = R ]
C:\WINDOWS\System32\java.exe Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 49248 bytes | Created Date = 2/10/2007 9:01:21 PM | Attr = ]
C:\WINDOWS\System32\javaw.exe Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 49250 bytes | Created Date = 2/10/2007 9:01:21 PM | Attr = ]
C:\WINDOWS\System32\javaws.exe Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 127078 bytes | Created Date = 2/10/2007 9:01:21 PM | Attr = ]
C:\WINDOWS\System32\jpicpl32.cpl Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 49265 bytes | Created Date = 2/10/2007 9:01:21 PM | Attr = ]
C:\WINDOWS\System32\PhotoImpression Screen Saver.scr ArcSoft Inc. [Ver = 1.0.0.1 | Size = 163840 bytes | Created Date = 12/28/2006 11:05:18 AM | Attr = ]
C:\WINDOWS\System32\pncrt.dll Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 3/3/2007 10:45:36 AM | Attr = ]
C:\WINDOWS\System32\pndx5016.dll RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 3/3/2007 10:45:38 AM | Attr = ]
C:\WINDOWS\System32\pndx5032.dll RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 3/3/2007 10:45:39 AM | Attr = ]
C:\WINDOWS\System32\RcdScan.dll Dell Computer Corporation [Ver = 1.20.00.00 | Size = 176128 bytes | Created Date = 1/26/2007 5:14:55 PM | Attr = ]
C:\WINDOWS\System32\rmoc3260.dll RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Created Date = 3/3/2007 10:45:54 AM | Attr = ]
C:\WINDOWS\System32\setup.inx [Ver = | Size = 228556 bytes | Created Date = 12/23/2006 2:05:51 PM | Attr = ]
C:\WINDOWS\System32\ssa3d30.ocx Sheridan Software Systems, Inc. [Ver = 3.00.0034 | Size = 328480 bytes | Created Date = 1/26/2007 5:14:54 PM | Attr = ]
C:\WINDOWS\System32\tbc28.tmp Voyetra Turtle Beach [Ver = 5.12.01.4112-3187 | Size = 425472 bytes | Created Date = 12/23/2006 2:08:03 PM | Attr = ]
C:\WINDOWS\System32\tbc35.tmp Voyetra Turtle Beach [Ver = 5.12.01.4112-3187 | Size = 425472 bytes | Created Date = 12/23/2006 2:16:17 PM | Attr = R ]
C:\WINDOWS\System32\tbc5A.tmp Voyetra Turtle Beach [Ver = 5.12.01.4112-3187 | Size = 425472 bytes | Created Date = 12/23/2006 2:19:55 PM | Attr = R ]
C:\WINDOWS\System32\tbc6D.tmp Voyetra Turtle Beach [Ver = 5.12.01.4112-3187 | Size = 425472 bytes | Created Date = 12/23/2006 1:51:05 PM | Attr = R ]
C:\WINDOWS\System32\tbc86.tmp Voyetra Turtle Beach [Ver = 5.12.01.4112-3187 | Size = 425472 bytes | Created Date = 12/23/2006 1:51:50 PM | Attr = R ]
C:\WINDOWS\System32\tbc8F.tmp Voyetra Turtle Beach [Ver = 5.12.01.4112-3187 | Size = 425472 bytes | Created Date = 12/23/2006 1:59:21 PM | Attr = R ]
C:\WINDOWS\System32\tbclang.dll Voyetra Turtle Beach [Ver = 5.12.01.4112-3187 | Size = 425472 bytes | Created Date = 12/23/2006 2:13:00 PM | Attr = R ]
C:\WINDOWS\System32\tbctray.exe Voyetra Turtle Beach, Inc. [Ver = 5.12.01.4112-2929 | Size = 307200 bytes | Created Date = 12/23/2006 2:13:00 PM | Attr = R ]
C:\WINDOWS\System32\tmp509C1.FOT [Ver = | Size = 1409 bytes | Created Date = 1/1/2007 11:34:06 AM | Attr = ]
C:\WINDOWS\System32\tmp978C1.FOT [Ver = | Size = 1409 bytes | Created Date = 1/1/2007 11:34:06 AM | Attr = ]
C:\WINDOWS\System32\tmpDB7C1.FOT [Ver = | Size = 1409 bytes | Created Date = 1/1/2007 11:34:06 AM | Attr = ]
C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Created Date = 2/19/2007 1:15:32 PM | Attr = ]
C:\WINDOWS\System32\vg6000.dll InfoAction Electronics Inc. [Ver = 1, 0, 0, 0 | Size = 32768 bytes | Created Date = 12/22/2006 2:26:46 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Created Date = 2/8/2007 4:10:27 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 2/8/2007 4:10:27 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 2/8/2007 4:10:27 PM | Attr = ]
C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 2/8/2007 4:10:30 PM | Attr = ]
C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Created Date = 2/8/2007 4:10:27 PM | Attr = ]
C:\WINDOWS\System32\drivers\avgtdi.sys GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 2/8/2007 4:10:27 PM | Attr = ]
C:\WINDOWS\System32\drivers\cvintdrv.sys [Ver = | Size = 7140 bytes | Created Date = 12/25/2006 6:40:36 AM | Attr = ]
C:\WINDOWS\System32\drivers\hcdriver.sys Intel Corporation [Ver = 5.2.0.5 built by: WinDDK | Size = 45184 bytes | Created Date = 12/25/2006 6:44:34 AM | Attr = ]
C:\WINDOWS\System32\drivers\tbcos.sys Voyetra Turtle Beach [Ver = 5.12.01.4112-3187 | Size = 3584 bytes | Created Date = 12/23/2006 2:11:51 PM | Attr = R ]
C:\WINDOWS\System32\drivers\tbcspud.sys Voyetra Turtle Beach [Ver = 5.12.01.4112-3187 | Size = 142336 bytes | Created Date = 12/23/2006 2:11:51 PM | Attr = R ]
C:\WINDOWS\System32\drivers\tbcwdm.sys Voyetra Turtle Beach [Ver = 5.12.01.4112-3187 | Size = 524288 bytes | Created Date = 12/23/2006 2:12:59 PM | Attr = R ]
C:\WINDOWS\System32\drivers\etc\HOSTS.bak [Ver = | Size = 568924 bytes | Created Date = 3/4/2007 11:04:05 PM | Attr = ]
C:\WINDOWS\System32\drivers\etc\HOSTS.nbk [Ver = | Size = 189967 bytes | Created Date = 1/30/2007 11:39:35 AM | Attr = ]
C:\WINDOWS\System32\drivers\etc\HOSTS.ORG [Ver = | Size = 194233 bytes | Created Date = 12/23/2006 11:59:08 PM | Attr = RHS]
C:\WINDOWS\System32\drivers\etc\NoAdHOSTS.exe [Ver = | Size = 48945 bytes | Created Date = 2/12/2007 12:59:32 AM | Attr = ]
@Alternate Data Stream - C:\WINDOWS\System32\drivers\etc\NoAdHOSTS.exe:Zone.Identifier (26 bytes)

Files Modified Within 90 Days

C:\avg7qt(2).dat [Ver = | Size = 12479986 bytes | Modified Date = 1/14/2007 4:02:54 AM | Attr = ]
C:\boot.ini [Ver = | Size = 211 bytes | Modified Date = 2/19/2007 11:39:08 PM | Attr = RHS]
C:\swlist.reg [Ver = | Size = 352137 bytes | Modified Date = 3/6/2007 8:25:42 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\jgalt.ayn [Ver = | Size = 13 bytes | Modified Date = 1/16/2007 4:52:32 PM | Attr = H ]
C:\Documents and Settings\Fred\Application Data\Notification.dll [Ver = | Size = 53248 bytes | Modified Date = 3/6/2007 4:13:20 PM | Attr = H ]
C:\Documents and Settings\Fred\Application Data\rbap550.dll [Ver = | Size = 88576 bytes | Modified Date = 3/6/2007 4:13:10 PM | Attr = H ]
C:\Documents and Settings\Fred\Application Data\RBInternetEncodings550.dll [Ver = | Size = 29184 bytes | Modified Date = 3/6/2007 4:13:16 PM | Attr = H ]
C:\Documents and Settings\Fred\Application Data\RBShell550.dll [Ver = | Size = 38912 bytes | Modified Date = 3/6/2007 4:13:14 PM | Attr = H ]
C:\Documents and Settings\Fred\Application Data\WindowsSecurity.dll [Ver = | Size = 65536 bytes | Modified Date = 3/6/2007 4:13:20 PM | Attr = H ]
C:\Documents and Settings\Fred\Application Data\ZZipUtilitiesV02.dll [Ver = | Size = 75776 bytes | Modified Date = 3/6/2007 4:13:24 PM | Attr = H ]
C:\Documents and Settings\Fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 27136 bytes | Modified Date = 1/2/2007 6:58:40 PM | Attr = ]
C:\Documents and Settings\Fred\Local Settings\Application Data\fusioncache.dat [Ver = | Size = 127 bytes | Modified Date = 2/12/2007 1:34:02 AM | Attr = ]
C:\Documents and Settings\Fred\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 64736 bytes | Modified Date = 2/27/2007 6:50:28 PM | Attr = ]
C:\Documents and Settings\Fred\Local Settings\Application Data\IconCache.db [Ver = | Size = 6914994 bytes | Modified Date = 3/6/2007 9:36:16 AM | Attr = H ]
C:\Documents and Settings\Fred\My Documents\Default.rdp [Ver = | Size = 1690 bytes | Modified Date = 1/27/2007 1:28:42 PM | Attr = H ]
C:\Documents and Settings\Fred\Desktop\Radar.url [Ver = | Size = 345 bytes | Modified Date = 3/1/2007 10:12:06 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Fred\Desktop\Radar.url:favicon (318 bytes)
C:\WINDOWS\a3kebook.ini [Ver = | Size = 4 bytes | Modified Date = 1/22/2007 6:06:56 PM | Attr = H ]
C:\WINDOWS\akebook.ini [Ver = | Size = 20 bytes | Modified Date = 1/22/2007 6:06:56 PM | Attr = H ]
C:\WINDOWS\ANS2000.INI [Ver = | Size = 180 bytes | Modified Date = 1/23/2007 12:38:48 AM | Attr = ]
C:\WINDOWS\bears.bmp [Ver = | Size = 750174 bytes | Modified Date = 1/22/2007 12:54:42 AM | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 3/6/2007 2:19:46 PM | Attr = S]
C:\WINDOWS\chapter.MID [Ver = | Size = 23165 bytes | Modified Date = 1/23/2007 12:15:02 AM | Attr = ]
C:\WINDOWS\cviinst.ini [Ver = | Size = 29 bytes | Modified Date = 12/25/2006 6:40:38 AM | Attr = ]
C:\WINDOWS\imsins.BAK [Ver = | Size = 1374 bytes | Modified Date = 2/27/2007 5:55:38 PM | Attr = ]
C:\WINDOWS\khblocker.lnk [Ver = | Size = 597 bytes | Modified Date = 3/6/2007 2:08:18 AM | Attr = ]
C:\WINDOWS\mozver.dat [Ver = | Size = 11024 bytes | Modified Date = 12/27/2006 7:17:54 PM | Attr = ]
C:\WINDOWS\NSUninst.exe [Ver = | Size = 90832 bytes | Modified Date = 12/27/2006 7:09:10 PM | Attr = ]
C:\WINDOWS\ODBC.INI [Ver = | Size = 886 bytes | Modified Date = 2/10/2007 11:40:26 PM | Attr = ]
C:\WINDOWS\ODBCINST.INI [Ver = | Size = 4346 bytes | Modified Date = 12/20/2006 12:46:06 AM | Attr = ]
C:\WINDOWS\QUICKEN.INI [Ver = | Size = 210 bytes | Modified Date = 1/27/2007 1:06:50 PM | Attr = ]
C:\WINDOWS\Robotz Menu Command.wav [Ver = | Size = 13920 bytes | Modified Date = 1/23/2007 12:15:12 AM | Attr = ]
C:\WINDOWS\sandy.bmp [Ver = | Size = 124470 bytes | Modified Date = 12/26/2006 11:36:32 PM | Attr = ]
C:\WINDOWS\ST6UNST.000 [Ver = | Size = 5979 bytes | Modified Date = 12/20/2006 12:41:38 AM | Attr = ]
C:\WINDOWS\system.ini [Ver = | Size = 415 bytes | Modified Date = 2/19/2007 11:39:08 PM | Attr = ]
C:\WINDOWS\uccspecc.sys [Ver = | Size = 31 bytes | Modified Date = 3/4/2007 1:01:04 AM | Attr = H ]
C:\WINDOWS\usrwiz.ini [Ver = | Size = 134 bytes | Modified Date = 1/1/2007 11:34:12 AM | Attr = ]
C:\WINDOWS\wc98pp.dll [Ver = | Size = 51712 bytes | Modified Date = 1/23/2007 12:14:04 AM | Attr = ]
C:\WINDOWS\win.ini [Ver = | Size = 1284 bytes | Modified Date = 2/19/2007 11:39:08 PM | Attr = ]
C:\WINDOWS\WindowsShellOld.Manifest.1 [Ver = | Size = 82 bytes | Modified Date = 3/4/2007 1:01:04 AM | Attr = H ]
C:\WINDOWS\WinInit.INI [Ver = | Size = 4852 bytes | Modified Date = 12/23/2006 2:20:02 PM | Attr = ]
C:\WINDOWS\WinNetOptimize98ag.cfg [Ver = | Size = 87 bytes | Modified Date = 3/6/2007 4:13:48 PM | Attr = ]
C:\WINDOWS\System32\avgwlntf.dll GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Modified Date = 2/22/2007 9:48:44 AM | Attr = ]
C:\WINDOWS\System32\FNTCACHE.DAT [Ver = | Size = 252680 bytes | Modified Date = 2/27/2007 11:11:14 PM | Attr = ]
C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Modified Date = 2/19/2007 1:46:12 PM | Attr = ]
C:\WINDOWS\System32\nvapps.xml [Ver = | Size = 88566 bytes | Modified Date = 2/22/2007 9:47:28 AM | Attr = ]
C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 70066 bytes | Modified Date = 2/27/2007 6:05:56 PM | Attr = ]
C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 435920 bytes | Modified Date = 2/27/2007 6:05:56 PM | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 512860 bytes | Modified Date = 2/27/2007 6:05:56 PM | Attr = ]
C:\WINDOWS\System32\pncrt.dll Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 3/3/2007 10:45:38 AM | Attr = ]
C:\WINDOWS\System32\pndx5016.dll RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 3/3/2007 10:45:40 AM | Attr = ]
C:\WINDOWS\System32\pndx5032.dll RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 3/3/2007 10:45:40 AM | Attr = ]
C:\WINDOWS\System32\rmoc3260.dll RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 3/3/2007 10:45:56 AM | Attr = ]
C:\WINDOWS\System32\setup.inx [Ver = | Size = 228556 bytes | Modified Date = 12/23/2006 2:05:18 PM | Attr = ]
C:\WINDOWS\System32\tmp509C1.FOT [Ver = | Size = 1409 bytes | Modified Date = 1/1/2007 11:34:08 AM | Attr = ]
C:\WINDOWS\System32\tmp978C1.FOT [Ver = | Size = 1409 bytes | Modified Date = 1/1/2007 11:34:08 AM | Attr = ]
C:\WINDOWS\System32\tmpDB7C1.FOT [Ver = | Size = 1409 bytes | Modified Date = 1/1/2007 11:34:08 AM | Attr = ]
C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Modified Date = 2/19/2007 1:46:14 PM | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 2206 bytes | Modified Date = 3/6/2007 4:12:54 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 2/22/2007 9:48:38 AM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/8/2007 4:10:28 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/22/2007 9:48:44 AM | Attr = ]
C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 2/8/2007 4:10:32 PM | Attr = ]
C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.447 | Size = 19840 bytes | Modified Date = 2/26/2007 8:40:06 AM | Attr = ]
C:\WINDOWS\System32\drivers\avgtdi.sys GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 2/8/2007 4:10:28 PM | Attr = ]
C:\WINDOWS\System32\drivers\etc\HOSTS.bak [Ver = | Size = 568924 bytes | Modified Date = 3/6/2007 4:58:48 PM | Attr = ]
C:\WINDOWS\System32\drivers\etc\HOSTS.nbk [Ver = | Size = 189967 bytes | Modified Date = 2/12/2007 12:55:40 AM | Attr = ]
C:\WINDOWS\System32\drivers\etc\HOSTS.ORG [Ver = | Size = 194233 bytes | Modified Date = 12/21/2006 11:10:08 AM | Attr = RHS]
C:\WINDOWS\System32\drivers\etc\NoAdHOSTS.exe [Ver = | Size = 48945 bytes | Modified Date = 2/12/2007 12:57:02 AM | Attr = ]
@Alternate Data Stream - C:\WINDOWS\System32\drivers\etc\NoAdHOSTS.exe:Zone.Identifier (26 bytes)

File String Scan (Non-Microsoft Only)
[abetterinternet.com , ad-w-a-r-e.com , PTech , ]C:\avg7qt(2).dat ()
@Alternate Data Stream - C:\Documents and Settings\Fred\Desktop\Radar.url:favicon (318 bytes)
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[PEC2 , ]C:\WINDOWS\System32\Dwapilib.tlb ()
[Thawte Consulting , ]C:\WINDOWS\System32\pxcpya64.exe (Sonic Solutions)
[Thawte Consulting , ]C:\WINDOWS\System32\pxhpinst.exe (Sonic Solutions)
[Thawte Consulting , ]C:\WINDOWS\System32\pxinsa64.exe (Sonic Solutions)
[Thawte Consulting , ]C:\WINDOWS\System32\pxinsi64.exe (Sonic Solutions)
[Thawte Consulting , ]C:\WINDOWS\System32\rmoc3260.dll (RealNetworks, Inc.)
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[UPX0 , WSUD , ]C:\WINDOWS\System32\dllcache\hwxjpn.dll ()
[aspack , FSG! , PEC2 , UPX! , ]C:\WINDOWS\System32\drivers\avg7core.sys (GRISOFT, s.r.o.)
[PTech , ]C:\WINDOWS\System32\drivers\mtlstrm.sys (Smart Link)
[abetterinternet.com , ad-w-a-r-e.com , PTech , qoologic , SAHAgent , web-nex , ]C:\WINDOWS\System32\drivers\etc\HOSTS ()
[abetterinternet.com , ad-w-a-r-e.com , PTech , qoologic , SAHAgent , web-nex , ]C:\WINDOWS\System32\drivers\etc\HOSTS.bak ()
[abetterinternet.com , ad-w-a-r-e.com , PTech , ]C:\WINDOWS\System32\drivers\etc\HOSTS.nbk ()
[abetterinternet.com , ad-w-a-r-e.com , PTech , ]C:\WINDOWS\System32\drivers\etc\HOSTS.ORG ()
@Alternate Data Stream - C:\WINDOWS\System32\drivers\etc\NoAdHOSTS.exe:Zone.Identifier (26 bytes)

< End of report >

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users