Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Am I clean

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby shazam » February 4th, 2007, 11:32 pm

i found some thing really bad

Name: SexVideoPro Dialer
Risk Level:
Description: SexVideoPro Dialer will access pornographic websites by dialing a high-cost phone number using the modem. It will also hijack your Internet Explorer start page to http://www.realarea.biz. This dialer will also generate pop-ups even if Internet Explorer is not running.
By: Free Connect Ltd.
Also known as: SGrunt Dialer.Sfonditalia [Symantec] Dial/Chivio-G [Sophos] T
Removal: This infection can be removed using Spyware Doctor.

I also track the ip my firewall block
i got this
---------------------------------------------------------------
IP address 60.11.125.52
Hostname Not available
ISP CNCGROUP Heilongjiang Province Network
China Network Communications Group Corporation
No.156,Fu-Xing-Men-Nei Street,
Beijing 100031
Country China China
----------------------------------------------------------
here is spydocter log:

Scans (basic information only):
Scan Results:
scan start: 2/4/2007 9:27:27 PM
scan stop: 2/4/2007 9:27:31 PM
scanned items: 392
found items: 0
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner

Infection Name Location Risk

Scan Results:
scan start: 2/4/2007 9:27:37 PM
scan stop: 2/4/2007 9:41:24 PM
scanned items: 96401
found items: 6
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner

Infection Name Location Risk
SexVideoPro Dialer HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com High
SexVideoPro Dialer HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com## High
SexVideoPro Dialer HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com##* High
SexVideoPro Dialer HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com\www High
SexVideoPro Dialer HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com\www## High
SexVideoPro Dialer HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com\www##* High

Scan Results:
scan start: 2/4/2007 9:47:57 PM
scan stop: 2/4/2007 9:52:48 PM
scanned items: 40287
found items: 0
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner

Infection Name Location Risk


Other Sections:

Copyright © 2003 PC Tools. All rights reserved. Legal Notice

did i have to pay if that show up on my phone bill SexVideoPro Dialer :evil: even if it was dial by spyware :evil:

plz help me
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)
Advertisement
Register to Remove

Unread postby Bob4 » February 5th, 2007, 8:20 am

SexVideoPro Dialer HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com\www##* High

False postive..so to speak.. Those are listings in your blocked sites. Nothing to worry about. If you open internet explorer tools/internet options /security/restricted sites/ sites..You'll see lots of them listed there. This keeps internet explorer from going to those bad sites.

Lets get 2 more scans to be sure. I'm not 100% your issues are malware related.


Please download WinPFind2.

  • Extract the files to a folder(eg: C:\WinPFind2).
  • Double click WinPFind2.exe to start the program.
  • Click the Select All button in the File Options box of the Configuration tab(this is the tab the program opens up to by default).
  • Click the Run all Scans button.
  • When its finished scanning you will see Scans Complete! at the bottom left of the program.
  • Click the Export to Text button.
  • Notepad will open with the results of the scan and the log will be saved to the folder that you extracted the program to(C:\WinPFind2\WinPFind2.txt)
  • Post the log in your next reply please. You may need to split the log over a couple posts so that it doesn't get cut off. If so please use the [Start Post #1] and [Start Post #2] deliminators in the log to split the log up.


_____________________________
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post those 2 logs for me.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby shazam » February 5th, 2007, 2:05 pm

think that scare the hell out of me when i found that.

i will run this program when i get home. thx :) :D
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)

Unread postby shazam » February 5th, 2007, 10:11 pm

I could not find WinPFind2 (i think oldtimer update it) so i Download WinPFind3U.exe from http://download.bleepingcomputer.com/ol ... find3u.exe
and did what dvk01 said at this forum (that i found online when doing a Google search)
http://forums.techguy.org/security/5382 ... ystem.html

I create a folder named WinPFind3u on my c:
run winpfind3u with what say dvko1
I hope that this is ok.
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)

Unread postby shazam » February 5th, 2007, 10:35 pm

i will run winpfind3u.exe if u give a tut on it or find winpfind2 sorry. :(
here combofix.exe log:

"SB" - 07-02-05 21:25:11 Service Pack 2
ComboFix 07.02.04 - Running from: "C:\PROGRA~1\MOZILL~1"

((((((((((((((((((((((((((((((( Files Created from 2007-01-05 to 2007-02-05 ))))))))))))))))))))))))))))))))))


2007-02-05 20:35 <DIR> d-------- C:\winpfind3u
2007-02-05 12:34 <DIR> d-------- C:\DOCUME~1\Shazeeda\Application Data\Lavasoft
2007-02-04 14:33 <DIR> d-------- C:\Program Files\LM Studio
2007-02-03 20:11 <DIR> d-------- C:\Program Files\L2
2007-02-02 18:13 <DIR> dr-h----- C:\$VAULT$.AVG
2007-02-01 20:58 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-31 20:31 <DIR> d-------- C:\DOCUME~1\SB\Application Data\Comodo
2007-01-31 20:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Comodo
2007-01-31 20:26 <DIR> d-------- C:\Program Files\Comodo
2007-01-30 18:59 <DIR> d-------- C:\Program Files\Winamp
2007-01-30 18:59 <DIR> d-------- C:\DOCUME~1\SB\Application Data\Winamp
2007-01-29 22:25 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-29 22:10 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2007-01-29 21:39 <DIR> d-------- C:\RkUnhooker
2007-01-29 20:30 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-01-28 14:37 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-26 22:15 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-01-26 22:15 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-01-21 15:05 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-01-21 14:58 <DIR> d-------- C:\Program Files\EA GAMES
2007-01-18 15:00 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-16 21:01 <DIR> d-------- C:\Program Files\AVIcodec
2007-01-16 19:19 <DIR> d-------- C:\Program Files\Real Alternative
2007-01-16 19:19 <DIR> d-------- C:\DOCUME~1\SB\Application Data\Real
2007-01-16 19:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Real
2007-01-13 11:59 <DIR> d-------- C:\rip cd
2007-01-11 15:51 <DIR> d-------- C:\DOCUME~1\Shazeeda\Application Data\Notepad++


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-05 21:24 -------- d-------- C:\Program Files\mozilla firefox
2007-02-04 21:25 -------- d-------- C:\Program Files\spyware doctor
2007-02-03 21:42 -------- d-------- C:\Program Files\rightmark memory analyzer
2007-02-03 21:39 -------- d-------- C:\Program Files\rightmark3dsound
2007-02-03 20:38 -------- d-------- C:\DOCUME~1\SB\Application Data\free download manager
2007-02-03 15:33 -------- d-------- C:\Program Files\sony
2007-02-01 20:58 -------- d-------- C:\Program Files\grisoft
2007-01-30 22:01 -------- d---s---- C:\DOCUME~1\SB\Application Data\microsoft
2007-01-30 18:38 -------- d-------- C:\Program Files\java
2007-01-27 14:40 -------- d--h----- C:\Program Files\installshield installation information
2007-01-26 22:21 -------- d-------- C:\DOCUME~1\SB\Application Data\adobe
2007-01-26 22:15 -------- d-------- C:\Program Files\Common Files\adobe
2007-01-26 19:56 -------- d-------- C:\Program Files\free download manager
2007-01-26 19:05 -------- d-------- C:\Program Files\read in microsoft reader add-in for microsoft word
2007-01-26 19:05 -------- d-------- C:\Program Files\netzero
2007-01-11 20:16 -------- d-------- C:\DOCUME~1\SB\Application Data\adobeum
2007-01-07 16:18 -------- d-------- C:\Program Files\axe3
2007-01-04 13:17 -------- d-------- C:\Program Files\alcohol soft
2007-01-04 12:49 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-01-03 14:15 -------- d-------- C:\Program Files\shareaza
2007-01-03 11:01 -------- d-------- C:\Program Files\project64 1.6
2006-12-29 18:30 -------- d-------- C:\Program Files\counter-strike 1.6
2006-12-29 17:55 -------- d-------- C:\Program Files\source edit
2006-12-29 13:30 -------- d-------- C:\DOCUME~1\SB\Application Data\ati
2006-12-29 13:27 -------- d-------- C:\Program Files\ati technologies
2006-12-27 17:17 -------- d-------- C:\DOCUME~1\SB\Application Data\divx
2006-12-27 16:49 -------- d-------- C:\Program Files\divx
2006-12-27 15:38 -------- d-------- C:\Program Files\mkvtoolnix
2006-12-26 11:45 -------- d-------- C:\DOCUME~1\SB\Application Data\dvdcss
2006-12-23 14:01 126224 --a------ C:\WINDOWS\system32\xpacket.sys
2006-12-20 21:05 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-12-20 13:27 86016 --a------ C:\WINDOWS\system32\openal32.dll
2006-12-20 13:27 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2006-12-20 13:27 -------- d-------- C:\Program Files\openal
2006-12-16 21:50 263168 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-12-16 21:50 1918464 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-12-16 21:44 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-12-16 21:44 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2006-12-16 21:44 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-12-16 21:44 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-12-16 21:44 102400 --a------ C:\WINDOWS\system32\oemdspif.dll
2006-12-16 21:42 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2006-12-16 21:42 434176 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-12-16 21:41 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-12-16 21:35 2676672 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-12-16 21:30 1289472 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-12-16 21:23 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-12-16 21:21 5304320 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-12-16 21:17 241664 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-12-16 21:16 303104 --a------ C:\WINDOWS\system32\atidemgr.dll
2006-12-16 21:16 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-12-16 21:10 315392 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-12-12 11:30 520192 --a------ C:\WINDOWS\system32\divxsm.exe
2006-12-12 11:30 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-12-12 11:30 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-12-12 11:30 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-12 11:30 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-12-12 11:25 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-12-12 11:25 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-12-12 11:25 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-12-12 11:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-12-12 11:25 635486 --a------ C:\WINDOWS\system32\divx.dll
2006-12-12 11:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2006-12-12 11:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-12-12 11:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2006-12-12 11:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-12-12 11:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-12-12 11:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-12-12 11:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-12-12 11:24 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 11:24 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-27 03:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTSysVol"="C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"XFILTER"="\"C:\\Program Files\\Filseclab\\xfilter\\xfilter.exe\" -a"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-05 21:31:20
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)

Unread postby Bob4 » February 6th, 2007, 8:17 am

I'm sorry shazam it doesn't look as if this issue is malware related. Thus leaving my area of expertise.

If you have a windows XP cd you can try this.

Place the cd in the drive and exit the window that opens promting you to install windows.

Click start/run and type in exactly sfc /scannow This will check for corrupt and missing files that are important to the proper running of windows.
Hers a link to instructions on how to use this. It may also answer any questions you have on using this tool.




Here are a couple of other links to forums that may be able to help you with this problem from people more qualified for this sort of problem.

Slow Computer? Check here first; it may not be malware

TC's computer help

Castle cops

I'm sorry I wasn't of more help.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby shazam » February 6th, 2007, 12:45 pm

thk for all of your help.

can i join malware university now

thk again :)
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)

Unread postby Bob4 » February 6th, 2007, 7:16 pm

OK I done some asking around. We shouldn't of used Wpfind 3.. I have fixed my link. :oops: So lets do this 1 last time please.

Please download WinPFind2.

  • Extract the files to a folder(eg: C:\WinPFind2).
  • Double click WinPFind2.exe to start the program.
  • Click the Select All button in the File Options box of the Configuration tab(this is the tab the program opens up to by default).
  • Click the Run all Scans button.
  • When its finished scanning you will see Scans Complete! at the bottom left of the program.
  • Click the Export to Text button.
  • Notepad will open with the results of the scan and the log will be saved to the folder that you extracted the program to(C:\WinPFind2\WinPFind2.txt)
  • Post the log in your next reply please. You may need to split the log over a couple posts so that it doesn't get cut off. If so please use the [Start Post #1] and [Start Post #2] deliminators in the log to split the log up.


Please post that log.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby shazam » February 6th, 2007, 10:48 pm

Logfile created on: 2/6/2007 9:39:56 PM
WinPFind2 by OldTimer - Version 1.0.15 Folder = C:\WinPFind2\
Microsoft Windows XP (Version = Service Pack 2)
Internet Explorer (Version - 7.0.5730.11)


[Start Post #1]

Processes
Image Name---------------ProcessID--Thread Count--Parent ID--Base Priority--
#Full Path
##(Version Info)

ati2evxx.exe-------------000772-----0004----------000616-----Normal---------
#c:\windows\system32\ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Date = 12/16/2006 9:42:48 PM | Attr = ])

ati2evxx.exe-------------001052-----0007----------000572-----Normal---------
#c:\windows\system32\ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Date = 12/16/2006 9:42:48 PM | Attr = ])

avgamsvr.exe-------------001384-----0008----------000616-----Normal---------
#c:\progra~1\grisoft\avgfre~1\avgamsvr.exe
##(GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Date = 11/1/2006 4:23:46 PM | Attr = ])

avgcc.exe----------------002232-----0010----------001976-----Normal---------
#c:\progra~1\grisoft\avgfre~1\avgcc.exe
##(GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Date = 11/1/2006 4:23:48 PM | Attr = ])

avgemc.exe---------------001452-----0010----------000616-----Normal---------
#c:\progra~1\grisoft\avgfre~1\avgemc.exe
##(GRISOFT, s.r.o. [Ver = 7.5.0.432 | Size = 323072 bytes | Date = 1/30/2007 10:47:36 PM | Attr = ])

avgupsvc.exe-------------001428-----0003----------000616-----Normal---------
#c:\progra~1\grisoft\avgfre~1\avgupsvc.exe
##(GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Date = 11/1/2006 4:23:54 PM | Attr = ])

cli.exe------------------003020-----0015----------002268-----Normal---------
#c:\program files\ati technologies\ati.ace\cli.exe
##(ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Date = 9/25/2006 9:12:20 AM | Attr = ])

cli.exe------------------002268-----0017----------002252-----Normal---------
#c:\program files\ati technologies\ati.ace\cli.exe
##(ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Date = 9/25/2006 9:12:20 AM | Attr = ])

ctsvccda.exe-------------001468-----0002----------000616-----Normal---------
#c:\windows\system32\ctsvccda.exe
##(Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Date = 12/13/1999 9:01:00 AM | Attr = ])

ctsysvol.exe-------------002216-----0002----------001976-----Normal---------
#c:\program files\creative\sound blaster live! 24-bit\surround mixer\ctsysvol.exe
##(Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Date = 9/17/2003 1:43:36 PM | Attr = ])

epiarctl.exe-------------002288-----0001----------001976-----Normal---------
#c:\program files\kworld multimedia\pvr-tv 2800 utilities\epiarctl.exe
##( [Ver = 3, 0, 1, 0 | Size = 69632 bytes | Date = 6/16/2005 5:22:50 PM | Attr = ])

exec.exe-----------------003312-----0003----------001976-----Normal---------
#c:\program files\netzero\exec.exe
##(NetZero, Inc. [Ver = 8.5.5.0 | Size = 1624064 bytes | Date = 10/20/2006 8:04:04 PM | Attr = ])

exec.exe-----------------003332-----0034----------003312-----Normal---------
#c:\program files\netzero\exec.exe
##(NetZero, Inc. [Ver = 8.5.5.0 | Size = 1624064 bytes | Date = 10/20/2006 8:04:04 PM | Attr = ])

firefox.exe--------------003864-----0011----------001976-----Normal---------
#c:\progra~1\mozill~1\firefox.exe
##(Mozilla Corporation [Ver = 1.8.1.1: 2006120418 | Size = 7620696 bytes | Date = 12/21/2006 10:16:16 AM | Attr = ])

lexbces.exe--------------001180-----0009----------000616-----Normal---------
#c:\windows\system32\lexbces.exe
##(Lexmark International, Inc. [Ver = 9.35 | Size = 307200 bytes | Date = 8/29/2003 8:54:16 AM | Attr = ])

lexpps.exe---------------001216-----0011----------001180-----Normal---------
#c:\windows\system32\lexpps.exe
##(Lexmark International, Inc. [Ver = 9.35 | Size = 174592 bytes | Date = 8/29/2003 8:50:24 AM | Attr = ])

winpfind2.exe------------002688-----0003----------001976-----Normal---------
#c:\winpfind2\winpfind2.exe
##(OldTimer Tools [Ver = 1.0.15.0 | Size = 397312 bytes | Date = 11/16/2006 6:07:22 AM | Attr = ])

xfilter.exe--------------002244-----0011----------001976-----Normal---------
#c:\program files\filseclab\xfilter\xfilter.exe
##(Filseclab [Ver = 3, 0, 3, 8982 | Size = 901120 bytes | Date = 12/23/2006 3:29:08 PM | Attr = ])


Registry Entries

#Value
##(Version Info)

<<< >> Internet Explorer Settings << >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://go.microsoft.com/fwlink/?LinkId=69157
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://go.microsoft.com/fwlink/?LinkId=54896
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL
#http://go.microsoft.com/fwlink/?LinkId=69157
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL
#http://go.microsoft.com/fwlink/?LinkId=54896
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#%SystemRoot%\system32\blank.htm
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#about:blank
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar
#http://my.netzero.net/s/search?r=minisearch
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://my.netzero.net/s/search?r=minisearch
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL
#http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#C:\WINDOWS\system32\blank.htm
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch
#http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant
#http://my.netzero.net/s/search?r=minisearch
##

HKCU\Software\Microsoft\Internet Explorer\urlSearchHooks\\{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8}
#URLSearchHook Class = C:\Program Files\NetZero\SearchEnh1.dll
##(NetZero, Inc. [Ver = 8.5.5.0 | Size = 262144 bytes | Date = 10/20/2006 8:02:38 PM | Attr = ])

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable
#0
##

<<< >> BHO's << >>>

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
#AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
##(Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Date = 1/12/2006 8:38:22 PM | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
# = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
##(Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Date = 5/31/2005 12:04:00 AM | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
#PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
##(PC Tools [Ver = 3.6.0.2069 | Size = 803048 bytes | Date = 5/29/2006 10:40:38 AM | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
#SSVHelper Class = C:\Program Files\Java\jre1.6.0\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Date = 1/30/2007 6:35:32 PM | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}
#PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
##(PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Date = 9/27/2006 8:17:08 PM | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
#FDMIECookiesBHO Class = C:\Program Files\Free Download Manager\iefdmcks.dll
##( [Ver = | Size = 81920 bytes | Date = 8/20/2006 6:55:00 PM | Attr = ])

<<< >> Internet Explorer Bars, Toolbars and Extensions << >>>

<<< HKLM-> Internet Explorer Bars >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
#&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Date = 9/23/2006 1:12:50 PM | Attr = ])

<<< HKCU-> Internet Explorer Bars >>>

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
#Explorer Band = %SystemRoot%\system32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Date = 9/23/2006 1:12:50 PM | Attr = ])

<<< HKLM-> Internet Explorer ToolBars >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}
#ZeroBar = C:\Program Files\NetZero\Toolbar.dll
##(NetZero, Inc. [Ver = 8.5.5.0 | Size = 276464 bytes | Date = 10/23/2006 10:37:56 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{F5735C15-1FB2-41FE-BA12-242757E69DDE}
#ZeroBar = C:\Program Files\NetZero\toolbar.dll
##(NetZero, Inc. [Ver = 8.5.5.0 | Size = 276464 bytes | Date = 10/23/2006 10:37:56 AM | Attr = ])

<<< HKCU-> Internet Explorer ToolBars >>>

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Date = 9/23/2006 1:12:50 PM | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Date = 9/23/2006 1:12:50 PM | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
#&Links = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 7/13/2006 8:33:28 AM | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
#Reg Data - Key not found = Reg Data - Key not found
##(File not found)

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}
#ZeroBar = C:\Program Files\NetZero\Toolbar.dll
##(NetZero, Inc. [Ver = 8.5.5.0 | Size = 276464 bytes | Date = 10/23/2006 10:37:56 AM | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049}
#&Links = C:\WINDOWS\system32\ieframe.dll
##(Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 6049280 bytes | Date = 10/27/2006 3:09:58 PM | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F5735C15-1FB2-41FE-BA12-242757E69DDE}
#ZeroBar = C:\Program Files\NetZero\toolbar.dll
##(NetZero, Inc. [Ver = 8.5.5.0 | Size = 276464 bytes | Date = 10/23/2006 10:37:56 AM | Attr = ])

<<< HKCU-> Internet Explorer CmdMapping >>>

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#8194 - Sun Java Console
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
#8195 - Reg Data - Key not found
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
#8193 - Reg Data - Value does not exist
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{44627E97-789B-40d4-B5C2-58BD171129A1}
#8196 - Reg Data - Key not found
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583}
#8197 - @xpsp3res.dll,-20001
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683}
#8192 - Reg Data - Key not found
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\NextId
#8195
##

<<< HKLM-> Internet Explorer Extensions >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#MenuText: Sun Java Console = C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
##(Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 132744 bytes | Date = 1/30/2007 6:35:32 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#MenuText: Sun Java Console = C:\Program Files\Java\jre1.6.0\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 501384 bytes | Date = 1/30/2007 6:35:32 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
#ButtonText: Spyware Doctor = Reg Data - Value does not exist
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}
#MenuText: @xpsp3res.dll,-20001 = Reg Data - Key not found
##(File not found)

<<< HKCU-> Internet Explorer Menu Extensions >>>

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Display All Images with Full Quality
#"res://C:\Program Files\NetZero\qsacc\appres.dll/228"
##(NetZero, Inc. [Ver = 4.2.00 | Size = 361472 bytes | Date = 10/11/2006 3:36:26 PM | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Display Image with Full Quality
#"res://C:\Program Files\NetZero\qsacc\appres.dll/227"
##(NetZero, Inc. [Ver = 4.2.00 | Size = 361472 bytes | Date = 10/11/2006 3:36:26 PM | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all with Free Download Manager
#file://C:\Program Files\Free Download Manager\dlall.htm
##(File not found)

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download selected with Free Download Manager
#file://C:\Program Files\Free Download Manager\dlselected.htm
##(File not found)

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with Free Download Manager
#file://C:\Program Files\Free Download Manager\dllink.htm
##(File not found)

HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
#res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
##(Microsoft Corporation [Ver = 10.0.6789 | Size = 9358016 bytes | Date = 2/6/2006 11:39:50 AM | Attr = R ])

<<< >> Approved Shell Extensions (Non-Microsoft only) << >>>

<<< HKLM-> Approved Shell Extensions >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}
#TuneUp Shredder Shell Context Menu Extension = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"
##(TuneUp Software GmbH [Ver = 1.0.0.253 | Size = 45568 bytes | Date = 9/21/2005 9:35:16 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}
#Autoplay for SlideShow = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
#Taskbar and Start Menu = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47}
#Notepad++ Shell Extension = C:\Program Files\Notepad++\nppshellext.dll
##(Notepad++ team [Ver = 0.1.0.0 | Size = 14848 bytes | Date = 1/2/2006 1:58:38 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{23170F69-40C1-278A-1000-000100020000}
#7-Zip Shell Extension = C:\Program Files\7-Zip\7-zip.dll
##( [Ver = | Size = 138752 bytes | Date = 5/13/2006 11:23:40 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{42071714-76d4-11d1-8b24-00a0c9068ff3}
#Display Panning CPL Extension = deskpan.dll
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{5E2121EE-0300-11D4-8D3B-444553540000}
#Catalyst Context Menu extension = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
##( [Ver = 1, 0, 0, 1 | Size = 73728 bytes | Date = 9/25/2006 9:13:12 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{764BF0E1-F219-11ce-972D-00AA00A14F56}
#Shell extensions for file compression = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{7A9D77BD-5403-11d2-8785-2E0420524153}
#User Accounts = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
#Encryption Context Menu = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{88895560-9AA2-1069-930E-00AA0030EBC8}
#HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll
##(Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 8/12/2004 8:57:52 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
#AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Date = 11/1/2006 4:23:52 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}
#AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Date = 11/1/2006 4:23:52 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{B089FE88-FB52-11D3-BDF1-0050DA34150D}
#NOD32 Context Menu Shell Extension = C:\Program Files\Eset\nodshex.dll
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
#WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 125440 bytes | Date = 8/4/2005 1:32:08 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{e57ce731-33e8-4c51-8354-bb4de9d215d1}
#Universal Plug and Play Devices = Reg Data - Key not found
##(File not found)

<<< >> ContextMenuHandlers (Non-Microsoft only) << >>>

<<< HKLM-> ContextMenuHandlers >>>

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
#Reg Data - Value does not exist = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
##(Nero AG [Ver = 2, 6, 5, 0 | Size = 73728 bytes | Date = 9/12/2006 8:56:02 PM | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\7-Zip
#{23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll
##( [Ver = | Size = 138752 bytes | Date = 5/13/2006 11:23:40 PM | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AVG Anti-Spyware
#{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
##(Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Date = 10/6/2006 6:40:48 AM | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
#{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Date = 11/1/2006 4:23:52 PM | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\NOD32 Context Menu Shell Extension
#{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll
##(File not found)

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\NppShellExt
#{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47} = C:\Program Files\Notepad++\nppshellext.dll
##(Notepad++ team [Ver = 0.1.0.0 | Size = 14848 bytes | Date = 1/2/2006 1:58:38 AM | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\TuneUp Shredder
#{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = C:\Program Files\TuneUp Utilities 2006\sdshelex.dll
##(TuneUp Software GmbH [Ver = 1.0.0.253 | Size = 45568 bytes | Date = 9/21/2005 9:35:16 PM | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 125440 bytes | Date = 8/4/2005 1:32:08 AM | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip
#{23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll
##( [Ver = | Size = 138752 bytes | Date = 5/13/2006 11:23:40 PM | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware
#{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
##(Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Date = 10/6/2006 6:40:48 AM | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\NppShellExt
#{1CE8B2C9-EAEF-43fc-8218-F092E4F94A47} = C:\Program Files\Notepad++\nppshellext.dll
##(Notepad++ team [Ver = 0.1.0.0 | Size = 14848 bytes | Date = 1/2/2006 1:58:38 AM | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder
#{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = C:\Program Files\TuneUp Utilities 2006\sdshelex.dll
##(TuneUp Software GmbH [Ver = 1.0.0.253 | Size = 45568 bytes | Date = 9/21/2005 9:35:16 PM | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 125440 bytes | Date = 8/4/2005 1:32:08 AM | Attr = ])

HKLM\SOFTWARE\Classes\Directory\BackGround\shellex\ContextMenuHandlers\ACE
#{5E2121EE-0300-11D4-8D3B-444553540000} = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
##( [Ver = 1, 0, 0, 1 | Size = 73728 bytes | Date = 9/25/2006 9:13:12 AM | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
#Reg Data - Value does not exist = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
##(Nero AG [Ver = 2, 6, 5, 0 | Size = 73728 bytes | Date = 9/12/2006 8:56:02 PM | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
#{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Date = 11/1/2006 4:23:52 PM | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NOD32 Context Menu Shell Extension
#{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll
##(File not found)

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 125440 bytes | Date = 8/4/2005 1:32:08 AM | Attr = ])

<<< >> ColumnHandlers (Non-Microsoft only) << >>>

<<< HKLM-> ColumnHandlers >>>

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{8AAA7E68-62C0-47D2-A290-FEA30B9F66A4}
#VTFColExt Class = C:\WINDOWS\system32\vtfcolumnext.dll
##(Neil 'Jed' Jedrzejewski [Ver = 1, 0, 3, 0 | Size = 41984 bytes | Date = 1/25/2006 2:41:10 PM | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
#PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
##(Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Date = 12/14/2004 2:20:02 AM | Attr = ])

<<< >> File Associations Keys << >>>

HKLM\SOFTWARE\Classes\.bat\\''
#batfile
##

HKLM\SOFTWARE\Classes\batfile\shell\open\command\\''
#"%1" %*
##

HKLM\SOFTWARE\Classes\.cmd\\''
#cmdfile
##

HKLM\SOFTWARE\Classes\cmdfile\shell\open\command\\''
#"%1" %*
##

HKLM\SOFTWARE\Classes\.com\\''
#comfile
##

HKLM\SOFTWARE\Classes\comfile\shell\open\command\\''
#"%1" %*
##

HKLM\SOFTWARE\Classes\.exe\\''
#exefile
##

HKLM\SOFTWARE\Classes\exefile\shell\open\command\\''
#"%1" %*
##

HKLM\SOFTWARE\Classes\.hta\\''
#htafile
##

HKLM\SOFTWARE\Classes\htafile\shell\open\command\\''
#C:\WINDOWS\system32\mshta.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.js\\''
#JSFile
##

HKLM\SOFTWARE\Classes\jsfile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.jse\\''
#JSEFile
##

HKLM\SOFTWARE\Classes\jsefile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.scr\\''
#scrfile
##

HKLM\SOFTWARE\Classes\scrfile\shell\open\command\\''
#"%1" /S
##

HKLM\SOFTWARE\Classes\.vbe\\''
#VBEFile
##

HKLM\SOFTWARE\Classes\vbefile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.vbs\\''
#VBSFile
##

HKLM\SOFTWARE\Classes\vbsfile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.wsf\\''
#WSFFile
##

HKLM\SOFTWARE\Classes\wsffile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.wsh\\''
#WSHFile
##

HKLM\SOFTWARE\Classes\wshfile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.txt\\''
#txtfile
##

HKLM\SOFTWARE\Classes\txtfile\shell\open\command\\''
#%SystemRoot%\system32\NOTEPAD.EXE %1
##

<<< >> Registry Run Keys << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ATICCC
#"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
##( [Ver = | Size = 90112 bytes | Date = 9/25/2006 9:12:20 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVG7_CC
#C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
##(GRISOFT, s.r.o. [Ver = 7.5.0.418 | Size = 406016 bytes | Date = 11/1/2006 4:23:48 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CTSysVol
#C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
##(Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Date = 9/17/2003 1:43:36 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\XFILTER
#"C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
##(Filseclab [Ver = 3, 0, 3, 8982 | Size = 901120 bytes | Date = 12/23/2006 3:29:08 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
#Installed = 1
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
#Installed = 1
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
#Installed = 1
##

<<< >> Miscellaneous Startup Keys << >>>

<<< AppInit DLLs >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
#
##(File not found)

<<< Image File Execution Options >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
#Debugger = ntsd -d
##

<<< Shell Service Object Delay Load >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn
#{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 7/13/2006 8:33:28 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder
#{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 7/13/2006 8:33:28 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray
#{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Date = 8/12/2004 9:06:44 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck
#{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll
##(Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 231424 bytes | Date = 10/27/2006 3:09:58 PM | Attr = ])

<<< Shell Execute Hooks >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}
#CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
##(Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Date = 9/28/2006 9:13:28 AM | Attr = ])

<<< Shared Task Scheduler >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}
#Browseui preloader = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Date = 9/23/2006 1:12:50 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030}
#Component Categories cache daemon = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Date = 9/23/2006 1:12:50 PM | Attr = ])

<<< SafeBoot Option >>>

<<< HKLM Command Processor AutoRun >>>

HKLM\SOFTWARE\Microsoft\Command Processor\\AutoRun
#
##

<<< HKCU Command Processor AutoRun >>>

<<< Security Providers >>>

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
#msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
##

<<< BootExecute >>>

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\\BootExecute
#autocheck autochk *;
##

<<< PendingFileRenameOperations >>>

<<< FileRenameOperations >>>

<<< ExcludeFromKnownDlls >>>

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\\ExcludeFromKnownDlls
#
##

<<< >> Disabled MSConfig Items << >>>

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ctfmon.exe
#ctfmon = C:\WINDOWS\system32\ctfmon.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Date = 8/12/2004 8:56:38 AM | Attr = ])

<<< >> User Agent Post Platform << >>>

<<< >> Winlogon << >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\AltDefaultDomainName
#DELL
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\AltDefaultUserName
#SB
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\AutoAdminLogon
#Reg Data - Value does not exist
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\DefaultDomainName
#DELL
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\DefaultUserName
#SB
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
#Explorer.exe
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Date = 8/12/2004 8:57:20 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System
#
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
#C:\WINDOWS\system32\userinit.exe,
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Date = 8/12/2004 9:08:08 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet
#rundll32 shell32,Control_RunDLL "sysdm.cpl"
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
#Ati2evxx.dll
##(ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 110592 bytes | Date = 12/16/2006 9:44:04 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
#crypt32.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Date = 8/12/2004 8:56:36 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
#cryptnet.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Date = 8/12/2004 8:56:36 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
#cscdll.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Date = 8/12/2004 8:56:38 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 8/12/2004 9:09:44 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 8/12/2004 9:09:44 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
#sclgntfy.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Date = 8/12/2004 9:04:46 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
#WlNotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 8/12/2004 9:09:44 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 8/12/2004 9:09:44 AM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
#WgaLogon.dll
##(Microsoft Corporation [Ver = 1.5.0526.0 | Size = 144688 bytes | Date = 4/10/2006 12:00:30 PM | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 8/12/2004 9:09:44 AM | Attr = ])

<<< >> DNS Name Servers << >>>

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0EADD505-BB59-47E6-9094-868E48B7DE90}
# ()
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A0AABB6E-90CE-4EC0-B5B0-83E5824FA820}
# (Broadcom NetXtreme 57xx Gigabit Controller)
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EBE1A447-D8F9-4E5B-9D6D-03EBDE40E1E8}
# ()
##

<<< >> All Winsock2 Catalogs << >>>

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
#%SystemRoot%\System32\winrnr.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16896 bytes | Date = 8/12/2004 9:09:38 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
#CC:\Program Files\Filseclab\xfilter\XFILTER.DLL
##(Filseclab Corporation [Ver = 3, 0, 3, 3715 | Size = 196608 bytes | Date = 12/23/2006 3:28:02 PM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
#CC:\Program Files\Filseclab\xfilter\XFILTER.DLL
##(Filseclab Corporation [Ver = 3, 0, 3, 3715 | Size = 196608 bytes | Date = 12/23/2006 3:28:02 PM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
#CC:\Program Files\Filseclab\xfilter\XFILTER.DLL
##(Filseclab Corporation [Ver = 3, 0, 3, 3715 | Size = 196608 bytes | Date = 12/23/2006 3:28:02 PM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
#CC:\Program Files\Filseclab\xfilter\XFILTER.DLL
##(Filseclab Corporation [Ver = 3, 0, 3, 3715 | Size = 196608 bytes | Date = 12/23/2006 3:28:02 PM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
#CC:\Program Files\Filseclab\xfilter\XFILTER.DLL
##(Filseclab Corporation [Ver = 3, 0, 3, 3715 | Size = 196608 bytes | Date = 12/23/2006 3:28:02 PM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 8/12/2004 9:01:26 AM | Attr = ])

<<< >> Protocol Handlers (Non-Microsoft only) << >>>

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ipp
#
##(File not found)

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp
#
##(File not found)

<<< >> Protocol Filters (Non-Microsoft only) << >>>
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)

Unread postby shazam » February 6th, 2007, 10:49 pm

[Start Post #2]

Services
Name--Internal Name--Startup Type--State--Service Type--
#Path
##(Version Info)

Ati HotKey Poller--Ati HotKey Poller--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\Ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4155 | Size = 434176 bytes | Date = 12/16/2006 9:42:48 PM | Attr = ])

AVG7 Alert Manager Server--Avg7Alrt--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
##(GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 343552 bytes | Date = 11/1/2006 4:23:46 PM | Attr = ])

AVG7 Update Service--Avg7UpdSvc--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
##(GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Date = 11/1/2006 4:23:54 PM | Attr = ])

AVG E-mail Scanner--AVGEMS--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
##(GRISOFT, s.r.o. [Ver = 7.5.0.432 | Size = 323072 bytes | Date = 1/30/2007 10:47:36 PM | Attr = ])

Creative Service for CDROM Access--Creative Service for CDROM Access--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\CTsvcCDA.EXE
##(Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Date = 12/13/1999 9:01:00 AM | Attr = ])

LexBce Server--LexBceS--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\LEXBCES.EXE
##(Lexmark International, Inc. [Ver = 9.35 | Size = 307200 bytes | Date = 8/29/2003 8:54:16 AM | Attr = ])


Files
Full Path
#Details

%SystemDrive%
#

%ProgramFilesDir%
#

%WinDir%
#

%System%
#

C:\WINDOWS\SYSTEM32\aswBoot.exe
#UPX! ( [Ver = 4, 6, 763, 0 | Size = 503296 bytes | Date = 1/27/2006 5:38:10 PM | Attr = ])

C:\WINDOWS\SYSTEM32\avisynth.dll
#UPX! (The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Date = 10/28/2005 11:44:12 AM | Attr = ])

C:\WINDOWS\SYSTEM32\d3dx9_25.dll
#aspack (Microsoft Corporation [Ver = 9.06.168.0000 | Size = 2337488 bytes | Date = 3/18/2005 5:19:58 PM | Attr = ])

C:\WINDOWS\SYSTEM32\d3dx9_26.dll
#aspack (Microsoft Corporation [Ver = 9.07.239.0000 | Size = 2297552 bytes | Date = 5/26/2005 3:34:52 PM | Attr = ])

C:\WINDOWS\SYSTEM32\d3dx9_27.dll
#aspack (Microsoft Corporation [Ver = 9.08.299.0000 | Size = 2319568 bytes | Date = 7/22/2005 7:59:04 PM | Attr = ])

C:\WINDOWS\SYSTEM32\d3dx9_28.dll
#aspack (Microsoft Corporation [Ver = 9.10.455.0000 | Size = 2323664 bytes | Date = 12/5/2005 6:09:18 PM | Attr = ])

C:\WINDOWS\SYSTEM32\d3dx9_29.dll
#aspack (Microsoft Corporation [Ver = 9.11.519.0000 | Size = 2332368 bytes | Date = 2/3/2006 7:43:16 AM | Attr = ])

C:\WINDOWS\SYSTEM32\d3dx9_30.dll
#aspack (Microsoft Corporation [Ver = 9.12.589.0000 | Size = 2388176 bytes | Date = 3/31/2006 11:40:58 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dfrg.msc
#PEC2 ( [Ver = | Size = 41397 bytes | Date = 8/12/2004 8:56:50 AM | Attr = ])

C:\WINDOWS\SYSTEM32\DivX.dll
#PEC2 (DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Date = 12/12/2006 11:25:20 AM | Attr = ])

C:\WINDOWS\SYSTEM32\DivX.dll
#PECompact2 (DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Date = 12/12/2006 11:25:20 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dtssource.ax
#UPX! ( [Ver = | Size = 67072 bytes | Date = 1/4/2003 7:42:32 PM | Attr = ])

C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
#PTech (Microsoft Corporation [Ver = 1.5.0530.0 | Size = 579888 bytes | Date = 5/17/2006 10:23:38 AM | Attr = ])

C:\WINDOWS\SYSTEM32\MRT.exe
#PECompact2 (Microsoft Corporation [Ver = 1.24.1635.0 | Size = 10980776 bytes | Date = 1/2/2007 6:19:44 PM | Attr = ])

C:\WINDOWS\SYSTEM32\MRT.exe
#aspack (Microsoft Corporation [Ver = 1.24.1635.0 | Size = 10980776 bytes | Date = 1/2/2007 6:19:44 PM | Attr = ])

C:\WINDOWS\SYSTEM32\ntdll.dll
#aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 8/12/2004 9:02:34 AM | Attr = ])

C:\WINDOWS\SYSTEM32\nusrmgr.cpl
#WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 8/12/2004 9:02:44 AM | Attr = ])

C:\WINDOWS\SYSTEM32\rasdlg.dll
#Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 8/12/2004 9:04:02 AM | Attr = ])

C:\WINDOWS\SYSTEM32\wbdbase.deu
#winsync ( [Ver = | Size = 1309184 bytes | Date = 8/12/2004 9:08:50 AM | Attr = ])

%System%\Drivers folder and sub-folders
#

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#UPX! (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 11/1/2006 4:23:58 PM | Attr = ])

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#FSG! (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 11/1/2006 4:23:58 PM | Attr = ])

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#PEC2 (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 11/1/2006 4:23:58 PM | Attr = ])

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#aspack (GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 816672 bytes | Date = 11/1/2006 4:23:58 PM | Attr = ])

%windir% + sub-dirs for System or Hidden files less than 60 days old
#

C:\WINDOWS\bootstat.dat
# ( [Ver = | Size = 2048 bytes | Date = 2/6/2007 9:22:20 PM | Attr = S])

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7a199afb2eb748baf4e4a35c4281d089\BITA6.tmp
# ( [Ver = | Size = 25755448 bytes | Date = 12/21/2006 9:25:44 PM | Attr = H ])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat
# ( [Ver = | Size = 7894 bytes | Date = 12/22/2006 11:53:02 AM | Attr = S])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem31.CAT
# ( [Ver = | Size = 142045 bytes | Date = 1/8/2007 8:50:54 AM | Attr = S])

C:\WINDOWS\system32\config\default.LOG
# ( [Ver = | Size = 1024 bytes | Date = 2/6/2007 9:27:42 PM | Attr = H ])

C:\WINDOWS\system32\config\SAM.LOG
# ( [Ver = | Size = 1024 bytes | Date = 2/6/2007 9:22:58 PM | Attr = H ])

C:\WINDOWS\system32\config\SECURITY.LOG
# ( [Ver = | Size = 1024 bytes | Date = 2/6/2007 9:26:26 PM | Attr = H ])

C:\WINDOWS\system32\config\software.LOG
# ( [Ver = | Size = 1024 bytes | Date = 2/6/2007 9:34:56 PM | Attr = H ])

C:\WINDOWS\system32\config\system.LOG
# ( [Ver = | Size = 1024 bytes | Date = 2/6/2007 9:27:06 PM | Attr = H ])

C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
# ( [Ver = | Size = 1024 bytes | Date = 1/28/2007 2:37:06 PM | Attr = H ])

C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\CX_40997.CAT
# ( [Ver = | Size = 142045 bytes | Date = 1/8/2007 8:50:54 AM | Attr = S])

C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\CX_40997.CAT
# ( [Ver = | Size = 142045 bytes | Date = 1/8/2007 8:50:54 AM | Attr = S])

C:\WINDOWS\Tasks\SA.DAT
# ( [Ver = | Size = 6 bytes | Date = 2/6/2007 9:22:28 PM | Attr = H ])

CPL files
#

C:\WINDOWS\SYSTEM32\access.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 8/12/2004 8:55:44 AM | Attr = ])

C:\WINDOWS\SYSTEM32\appwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 8/12/2004 8:55:48 AM | Attr = ])

C:\WINDOWS\SYSTEM32\BACSCPL.cpl
# ( [Ver = 7, 5, 2, 0 | Size = 24576 bytes | Date = 4/20/2004 11:07:08 AM | Attr = ])

C:\WINDOWS\SYSTEM32\bthprops.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 8/12/2004 8:55:58 AM | Attr = ])

C:\WINDOWS\SYSTEM32\desk.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 8/12/2004 8:56:50 AM | Attr = ])

C:\WINDOWS\SYSTEM32\firewall.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 8/12/2004 8:57:24 AM | Attr = ])

C:\WINDOWS\SYSTEM32\hdwwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 8/12/2004 8:57:42 AM | Attr = ])

C:\WINDOWS\SYSTEM32\inetcpl.cpl
# (Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1817088 bytes | Date = 10/17/2006 1:05:48 PM | Attr = ])

C:\WINDOWS\SYSTEM32\intl.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 8/12/2004 8:58:08 AM | Attr = ])

C:\WINDOWS\SYSTEM32\irprops.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 8/12/2004 8:58:16 AM | Attr = ])

C:\WINDOWS\SYSTEM32\javacpl.cpl
# (Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Date = 1/30/2007 6:35:30 PM | Attr = ])

C:\WINDOWS\SYSTEM32\joy.cpl
# (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 8/12/2004 8:58:22 AM | Attr = ])

C:\WINDOWS\SYSTEM32\main.cpl
# (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 8/12/2004 8:59:12 AM | Attr = ])

C:\WINDOWS\SYSTEM32\mmsys.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 8/12/2004 8:59:56 AM | Attr = ])

C:\WINDOWS\SYSTEM32\ncpa.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 8/12/2004 9:01:36 AM | Attr = ])

C:\WINDOWS\SYSTEM32\netsetup.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 8/12/2004 9:02:08 AM | Attr = ])

C:\WINDOWS\SYSTEM32\nusrmgr.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 8/12/2004 9:02:44 AM | Attr = ])

C:\WINDOWS\SYSTEM32\odbccp32.cpl
# (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 8/12/2004 9:02:52 AM | Attr = ])

C:\WINDOWS\SYSTEM32\powercfg.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 8/12/2004 9:03:40 AM | Attr = ])

C:\WINDOWS\SYSTEM32\sysdm.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 8/12/2004 9:06:56 AM | Attr = ])

C:\WINDOWS\SYSTEM32\telephon.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 8/12/2004 9:07:14 AM | Attr = ])

C:\WINDOWS\SYSTEM32\timedate.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 8/12/2004 9:07:18 AM | Attr = ])

C:\WINDOWS\SYSTEM32\USBAudio.cpl
# (Creative Technology Ltd. [Ver = 2.4.5.0 | Size = 176128 bytes | Date = 2/18/2004 12:52:50 PM | Attr = ])

C:\WINDOWS\SYSTEM32\wscui.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 8/12/2004 9:10:30 AM | Attr = ])

C:\WINDOWS\SYSTEM32\wuaucpl.cpl
# (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 5/26/2005 7:16:30 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\access.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 8/12/2004 8:55:44 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 8/12/2004 8:55:48 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 8/12/2004 8:55:58 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 8/12/2004 8:56:50 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 8/12/2004 8:57:24 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 8/12/2004 8:57:42 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
# (Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1817088 bytes | Date = 10/17/2006 1:05:48 PM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 8/12/2004 8:58:08 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 8/12/2004 8:58:16 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
# (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 8/12/2004 8:58:22 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\main.cpl
# (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 8/12/2004 8:59:12 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 8/12/2004 8:59:56 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 8/12/2004 9:01:36 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 8/12/2004 9:02:08 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 8/12/2004 9:02:44 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
# (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 8/12/2004 9:02:52 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 8/12/2004 9:03:40 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
# (Microsoft Corporation [Ver = 5.1.4111.00 (xpsp_sp2_rtm.040803-2158) | Size = 155648 bytes | Date = 8/12/2004 9:04:40 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 8/12/2004 9:06:56 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 8/12/2004 9:07:14 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 8/12/2004 9:07:18 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 8/12/2004 9:10:30 AM | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
# (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 5/26/2005 7:16:30 AM | Attr = ])

Auto-Start Folders
#

HKLM->Explorer\Shell Folders\\Common Startup
# = C:\Documents and Settings\All Users\Start Menu\Programs\Startup

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
#( [Ver = | Size = 84 bytes | Date = 1/7/2006 3:09:22 PM | Attr = HS])

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TV Remote Control.lnk
#C:\Program Files\KWorld Multimedia\PVR-TV 2800 Utilities\EPIARCtl.exe ( [Ver = 3, 0, 1, 0 | Size = 69632 bytes | Date = 6/16/2005 5:22:50 PM | Attr = ])

HKLM->Explorer\User Shell Folders\\Common Startup
# = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup
# = C:\Documents and Settings\SB\Start Menu\Programs\Startup

C:\Documents and Settings\SB\Start Menu\Programs\Startup\desktop.ini
#( [Ver = | Size = 84 bytes | Date = 1/7/2006 3:09:22 PM | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup
# = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
#

System.ini->[Boot]\\Shell
#Explorer.exe

Wininit.ini: Line 1
#[rename]

Config.nt: Line 52
#dos=high, umb

Config.nt: Line 53
#device=%SystemRoot%\system32\himem.sys

Config.nt: Line 54
#files=40

Config.nt: Line 56
#device=%SystemRoot%\system32\haspdos.sys

Config.nt: Line 59
#ntcmdprompt

AutoExec.nt: Line 1
#@echo off

AutoExec.nt: Line 8
#lh %SystemRoot%\system32\mscdexnt.exe

AutoExec.nt: Line 11
#lh %SystemRoot%\system32\redir

AutoExec.nt: Line 14
#lh %SystemRoot%\system32\dosx

AutoExec.nt: Line 36
#SET BLASTER=A220 I5 D1 P330 T3

AutoExec.bat: Line 1
#SET TI83PLUSDIR=C:\PROGRA~1\TIEDUC~1\TI-83P~1

AutoExec.bat: Line 2
#PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625

Miscellaneous Folders
#

AllUsers ApplicationData Folder
#

C:\Documents and Settings\All Users\Application Data\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 1/7/2006 7:00:22 AM | Attr = HS])

CurrentUser ApplicationData Folder
#

C:\Documents and Settings\SB\Application Data\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 1/7/2006 7:00:22 AM | Attr = HS])

C:\Documents and Settings\SB\Application Data\GDIPFONTCACHEV1.DAT
# ( [Ver = | Size = 24968 bytes | Date = 10/20/2006 3:57:18 PM | Attr = ])

C:\Documents and Settings\SB\Application Data\ViewerApp.dat
# ( [Ver = | Size = 560 bytes | Date = 8/25/2006 1:27:00 PM | Attr = ])

Program Files Folder
#

Common Files Folder
#

DPF files
#

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
#CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/ka ... nicode.cab

{166B1BCA-3F9C-11CF-8075-444553540000}
#Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/sh ... tor/sw.cab

{17492023-C23A-453E-A040-C7C580BBF700}
#Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204

{233C1507-6A77-46A4-9443-F871F945D258}
#Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/sh ... tor/sw.cab

{6414512B-B978-451D-A0D8-FCFDF33E833C}
#WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupda ... 6675056578

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
#MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftup ... 3756671875

{8AD9C840-044E-11D1-B3E9-00805F499D93}
#Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
#ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan ... asinst.cab

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
#Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
#Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

Hosts file = 732 bytes. Reading all entries.
#C:\WINDOWS\System32\drivers\etc\Hosts

# Copyright (c) 1993-1999 Microsoft Corp.
#

#
#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#

#
#

# This file contains the mappings of IP addresses to host names. Each
#

# entry should be kept on an individual line. The IP address should
#

# be placed in the first column followed by the corresponding host name.
#

# The IP address and the host name should be separated by at least one
#

# space.
#

#
#

# Additionally, comments (such as these) may be inserted on individual
#

# lines or following the machine name denoted by a '#' symbol.
#

#
#

# For example:
#

#
#

# 102.54.94.97 rhino.acme.com # source server
#

# 38.25.63.10 x.acme.com # x client host
#


#

127.0.0.1 localhost
#
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)

Unread postby shazam » February 6th, 2007, 10:56 pm

i think that sfc /scannow migh have fix my problem :p

p.s. should i download .net framework 3.0 :?:
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)

Unread postby Bob4 » February 7th, 2007, 7:34 am

That last log was clean also. I do believe you are malware free.

p.s. should i download .net framework 3.0


Why don't you let your computer run for a few days before addinganything more to it.

You are clean at this point. Feel free to join the university now.

Welcome to the University!
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby shazam » February 7th, 2007, 2:10 pm

thk for all of the help :D :D :D :D :D
i will install .net 3.0 the end of February.
User avatar
shazam
Regular Member
 
Posts: 193
Joined: January 30th, 2007, 4:20 pm
Location: 127.0.0.1(GMT-5)

Unread postby NonSuch » February 7th, 2007, 4:10 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware