OK, here we go.
here is the Kasp report
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 02, 2006 11:05:50 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/12/2006
Kaspersky Anti-Virus database records: 233617
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 60016
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:46:29
Infected Object Name / Virus Name / Last Action
C:\Program Files\BT Broadband Basic Help\log\mpbtn.log Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db-journal Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP414\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\SN048800320432.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B173FBA6-29A1-4DB7-8D1D-9EFE68D9505B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT079a5.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT079b9.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
D:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat Object is locked skipped
D:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat Object is locked skipped
D:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Piploo\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Piploo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Piploo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Piploo\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Piploo\Local Settings\History\History.IE5\MSHist012006120220061203\index.dat Object is locked skipped
D:\Documents and Settings\Piploo\Local Settings\Temp\~DF23D9.tmp Object is locked skipped
D:\Documents and Settings\Piploo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Piploo\My Documents\My Music\INCOMPLETE~Egg, the - Wall (Mylo Remi.mp3 Object is locked skipped
D:\Documents and Settings\Piploo\ntuser.dat Object is locked skipped
D:\Documents and Settings\Piploo\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Piploo\UserData\index.dat Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{B1C538C0-CBA3-4434-A006-53A338B37653}\RP414\change.log Object is locked skipped
Scan process completed.
Here is the GMER file.
GMER 1.0.11.11390 -
http://www.gmer.net
Rootkit 2006-12-03 12:48:47
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.11 ----
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
---- Devices - GMER 1.0.11 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [B5CE52A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B5CE52A0] vsdatant.sys
---- Files - GMER 1.0.11 ----
ADS ...
ADS D:\Documents and Settings\Piploo\Desktop\AV Tools\audiograbber.exe:SummaryInformation
ADS D:\Documents and Settings\Piploo\Desktop\AV Tools\audiograbber.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS ...
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\adv.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\audio.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\bb-arch1-main.jpg
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\book2.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\bootlegzone2.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\checked.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\core.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\cover.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\film.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\intro.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\iview.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\lyrics.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\medley.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\other.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\paper.jpg
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\people.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\schat.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\song.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\songb.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\text.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\tvchat.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 1)_files\validated2.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\adv.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\audio.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\bb-arch2-main.jpg
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\book2.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\bootlegzone2.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\checked.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\core.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\cover.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\film.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\intro.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\iview.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\lyrics.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\medley.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\other.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\paper.jpg
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\people.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\schat.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\song.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\songb.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\text.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\tvchat.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 2)_files\validated2.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\adv.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\audio.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\bb-arch3-main.jpg
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\book2.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\bootlegzone2.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\checked.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\core.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\cover.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\film.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\intro.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\iview.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\lyrics.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\medley.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\other.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\paper.jpg
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\people.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\schat.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\song.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\songb.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\text.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\tvchat.gif
File D:\Documents and Settings\Piploo\My Documents\01-Paul's Share Folder\Brian Wilson-Smile Stuff(1966)\Documents\BZ Beach Boots Pages\BZ Pages 2-Various Smile Boots\Archaeology1-3-Lost Smile Sessions(BZ info)\BootlegZone The Beach Boys -- Archaeology (Disc 3)_files\validated2.gif
---- EOF - GMER 1.0.11 ----
And finally, the silent runner file.
"Silent Runners.vbs", revision 49,
http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"SiSPower" = "Rundll32.exe SiSPower.dll,ModeAgent" [MS]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Ulead AutoDetector v2" = "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" ["Ulead Systems, Inc."]
"PCMService" = ""c:\Apps\Powercinema\PCMService.exe"" ["CyberLink Corp."]
"ACTIVBOARD" = "c:\apps\ABoard\ABoard.exe" ["NEC Computers International"]
"ElbyCheckAnyDVD" = ""C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD" ["Elaborate Bytes AG"]
"AnyDVD" = ""C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"" ["SlySoft"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"DSLSTATEXE" = "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon" ["GlobespanVirata, Inc."]
"DSLAGENTEXE" = "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [null data]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
"CaISSDT" = ""C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"" ["Computer Associates International, Inc."]
"CaAvTray" = ""C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"" ["Computer Associates International, Inc."]
"CAVRID" = ""C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"" ["Computer Associates International, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"RegistryMechanic" = "(empty string)" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{1CE2AA40-1317-11D3-9922-00104B0AD431}" = "CA_AntiVirus"
-> {HKLM...CLSID} = "CA_AntiVirus"
\InProcServer32\(Default) = "C:\WINDOWS\avshlext.dll" ["Computer Associates International, Inc."]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 DragDrop Shell Extension"
-> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Property Sheet Shell Extension"
-> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)
HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"SsiEfr.e" [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
CA_AntiVirus\(Default) = "{1CE2AA40-1317-11D3-9922-00104B0AD431}"
-> {HKLM...CLSID} = "CA_AntiVirus"
\InProcServer32\(Default) = "C:\WINDOWS\avshlext.dll" ["Computer Associates International, Inc."]
Shldsb\(Default) = "{91F8021B-ADB9-4548-A5FF-FB9F009FA5B6}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "Shldsb.dll" [null data]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
Shldsb\(Default) = "{91F8021B-ADB9-4548-A5FF-FB9F009FA5B6}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "Shldsb.dll" [null data]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
CA_AntiVirus\(Default) = "{1CE2AA40-1317-11D3-9922-00104B0AD431}"
-> {HKLM...CLSID} = "CA_AntiVirus"
\InProcServer32\(Default) = "C:\WINDOWS\avshlext.dll" ["Computer Associates International, Inc."]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Piploo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
Startup items in "Piploo" & "All Users" startup folders:
--------------------------------------------------------
D:\Documents and Settings\All Users\Start Menu\Programs\Startup
"BT Broadband Basic Help" -> shortcut to: "C:\Program Files\BT Broadband Basic Help\bin\matcli.exe -boot" ["Motive Communications, Inc."]
"Utility Tray" -> shortcut to: "C:\WINDOWS\system32\sistray.exe" ["Silicon Integrated Systems Corporation"]
Enabled Scheduled Tasks:
------------------------
"Check Updates for Windows Live Toolbar" -> launches: "C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE" [MS]
"HDReg" -> launches: "c:\Apps\HDReg\HDRegRem.exe" [null data]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\VetRedir.dll ["Computer Associates International, Inc."], 01 - 03, 24
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)
-> {HKLM...CLSID} = "Windows Live Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]
CAISafe, CAISafe, "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe" ["Computer Associates International, Inc."]
CyberLink Background Capture Service (CBCS), CLCapSvc, ""c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"" [empty string]
CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"" ["Cyberlink"]
CyberLink Task Scheduler (CTS), CLSched, ""c:\APPS\Powercinema\Kernel\TV\CLSched.exe"" [empty string]
Generic Service for HID Keyboard Input Collections, GenericHidService, "c:\APPS\HIDSERVICE\HIDSERVICE.exe" [null data]
SmartLinkService, SLService, "slserv.exe" [" "]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]
VET Message Service, VETMSGNT, "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe" ["Computer Associates International, Inc."]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 95 seconds.
---------- (total run time: 204 seconds)
Cheers