Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

keylogger?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby unbri » August 28th, 2006, 10:01 pm

yea im an administrator...what happened was the keylogger disabled all that stuff and now that the keylogger along with the other trojans and viruses have been cleaned all of that stuff is in the disabled state...i enabled the task manager and it works fine now i just can't enabled all the other stuff i put in my last post.
unbri
Regular Member
 
Posts: 25
Joined: August 24th, 2006, 10:54 pm
Advertisement
Register to Remove

Unread postby Bob4 » August 29th, 2006, 3:49 pm

Create a new folder on the desktop.
Copy the contents of this next code box to Notepad.
Name the file inspect.bat
Save as Type: All files
Save in that new folder on the desktop.

Double click on inspect.bat and let it run.
When finished it will open a file in Notepad.
That file will be named lsa.txt
Please post the contents of lsa.txt into your next reply here.

Code: Select all
If not exist Files MkDir Files 


regedit /a /e files\2.txt HKEY_CURRENT_USER\Software\Microsoft\OLE 
regedit /a /e files\3.txt HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa 
regedit /a /e files\4.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole 
regedit /a /e files\5.txt HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa 
regedit /e /a files\6.txt HKEY_USERS\DEFAULT\SYSTEM\CURRENTCONTROLSET\CONTROL\LSA 
regedit /a /e files\7.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" 
regedit /a /e files\8.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center" 
Regedit /a /e files\9.txt HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies 
Regedit /a /e files\10.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies 
Regedit /a /e files\11.txt HKEY_LOCAL_MACHINE\SOFTWARE\Policies\WindowsFirewall 
Regedit /a /e files\12.txt HKEY_CURRENT_USER\SOFTWARE\Policies\WindowsFirewall 
regedit /a /e files\13.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters 
regedit /a /e files\14.txt HKEY_LOCAL_MACHINE\SYSTEM\Services\SharedAccess 


Copy files\*.txt = lsa.txt 
rmdir /s /q files 
Start Notepad lsa.txt  
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby unbri » August 29th, 2006, 4:18 pm

sorry I can't run .bats due to the fact that my command prompt is disabled. so unless there is a way to get around my command prompt or enable it I can't do this method.
unbri
Regular Member
 
Posts: 25
Joined: August 24th, 2006, 10:54 pm

Unread postby Bob4 » August 29th, 2006, 7:31 pm

I am checking with colleagues on this matter. I am curious about something though.
Can you find cmd.exe in the system32 folder ?

c:/windows/system32/cmd.exe
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby unbri » August 29th, 2006, 7:35 pm

i searched for cmd.exe and it was in the C:/windows/system32/cmd.exe so yea it's there but it just says its been disabled by the administrator and i can't use it.
unbri
Regular Member
 
Posts: 25
Joined: August 24th, 2006, 10:54 pm

Unread postby Bob4 » August 29th, 2006, 8:05 pm

XP home or Pro ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby unbri » August 29th, 2006, 8:12 pm

windows xp media center.
unbri
Regular Member
 
Posts: 25
Joined: August 24th, 2006, 10:54 pm

Unread postby Bob4 » August 29th, 2006, 8:23 pm

I don't think this will work with this edition of windows but lets try..

If you get a "windows can't find" it's just not available in this edition.
We will get it though give me some time.

start/ run

type in
gpedit.msc

navigate to user configuration / administrative templates/system

look for prevent access to cmd prompt

prevent access to registry editing

double click and set to not configured.

Let me know.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby Bob4 » August 29th, 2006, 8:45 pm

If that doesn't work. Which I dont think it will.

Please download WinPFind2.

  • Extract the files to a folder(eg: C:\WinPFind2).
  • Double click WinPFind2.exe to start the program.
  • Click the Select All button in the File Options box of the Configuration tab(this is the tab the program opens up to by default).
  • Click the Run all Scans button.
  • When its finished scanning you will see Scans Complete! at the bottom left of the program.
  • Click the Export to Text button.
  • Notepad will open with the results of the scan and the log will be saved to the folder that you extracted the program to(C:\WinPFind2\WinPFind2.txt)
  • Post the log in your next reply please. You may need to split the log over a couple posts so that it doesn't get cut off. If so please use the [Start Post #1] and [Start Post #2] deliminators in the log to split the log up.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby unbri » August 29th, 2006, 9:30 pm

actually i tried the gpedit thing and that worked...but i put the cmd prompt and other thing to disabled and they work now...only problem is system restore is still disabled...so i ran the winpfind2 thing and here is the log

Logfile created on: 08/29/2006 21:28
WinPFind2 by OldTimer - Version 1.0.7 Folder = C:\WinPFind2\
Microsoft Windows XP (Version = Service Pack 2)
Internet Explorer (Version - 6.0.2900.2180)


[Start Post #1]

Processes
Image Name---------------ProcessID--Thread Count--Parent ID--Base Priority--
#Full Path
##(Version Info)

aim.exe------------------001640-----0008----------001752-----Normal---------
#c:\program files\aim\aim.exe
##(America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Date = 08/05/2005 15:08 | Attr = ])

ati2evxx.exe-------------001048-----0004----------000836-----Normal---------
#c:\windows\system32\ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Date = 02/09/2006 20:51 | Attr = ])

avgamsvr.exe-------------001892-----0009----------000836-----Normal---------
#c:\progra~1\grisoft\avg7\avgamsvr.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,364 | Size = 330291 bytes | Date = 08/18/2006 23:31 | Attr = ])

avgupsvc.exe-------------001920-----0003----------000836-----Normal---------
#c:\progra~1\grisoft\avg7\avgupsvc.exe
##(GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 39987 bytes | Date = 08/18/2006 23:31 | Attr = ])

btengine.exe-------------002884-----0002----------001752-----Normal---------
#c:\program files\bt engine\btengine.exe
##( [Ver = | Size = 2129408 bytes | Date = 06/05/2006 12:43 | Attr = ])

ctdetect.exe-------------003492-----0005----------001752-----Normal---------
#c:\program files\creative\mediasource\detector\ctdetect.exe
##(Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Date = 12/02/2004 18:23 | Attr = ])

ctsvccda.exe-------------001940-----0002----------000836-----Normal---------
#c:\windows\system32\ctsvccda.exe
##(Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Date = 12/12/1999 21:01 | Attr = ])

dlactrlw.exe-------------001120-----0003----------001752-----Normal---------
#c:\windows\system32\dla\dlactrlw.exe
##(Sonic Solutions [Ver = 5.20.12a | Size = 122940 bytes | Date = 11/07/2005 05:20 | Attr = ])

guard.exe----------------000228-----0008----------000836-----Normal---------
#c:\program files\ewido anti-spyware 4.0\guard.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/16/2006 10:38 | Attr = ])

integrator.exe-----------003652-----0001----------003596-----Normal---------
#c:\windows\integrator.exe
##(Dachshund Software [Ver = 1.05.0001 | Size = 151552 bytes | Date = 01/15/2003 11:46 | Attr = ])

issch.exe----------------001256-----0001----------001752-----Normal---------
#c:\program files\common files\installshield\updateservice\issch.exe
##(InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Date = 07/27/2004 16:50 | Attr = ])

nmbgmonitor.exe----------002164-----0006----------001752-----Normal---------
#c:\program files\common files\ahead\lib\nmbgmonitor.exe
##(Nero AG [Ver = 1, 2, 0, 13 | Size = 94208 bytes | Date = 06/01/2006 13:32 | Attr = ])

spysweeper.exe-----------000556-----0022----------000836-----Normal---------
#c:\program files\webroot\spy sweeper\spysweeper.exe
##(Webroot Software, Inc. [Ver = 3,0,5,1286 | Size = 3063808 bytes | Date = 07/07/2006 17:16 | Attr = ])

utorrent.exe-------------001716-----0005----------001752-----Normal---------
#c:\program files\utorrent\utorrent.exe
##( [Ver = | Size = 174163 bytes | Date = 08/16/2006 23:43 | Attr = ])

winpfind2.exe------------003412-----0001----------001752-----Normal---------
#c:\winpfind2\winpfind2.exe
##(OldTimer Tools [Ver = 1.0.7.0 | Size = 386048 bytes | Date = 08/21/2006 20:39 | Attr = ])


Registry Entries

#Value
##(Version Info)

<<< >> Internet Explorer Settings << >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Page
#http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Search
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#C:\windows\system32\blank.htm
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.msn.com/
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.google.com
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#
##

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable
#0
##

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride
#
##

<<< >> BHO's << >>>

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
#Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
##(Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Date = 01/12/2006 20:38 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
# = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
##(Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Date = 05/31/2005 01:04 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
#DriveLetterAccess = C:\WINDOWS\System32\DLA\DLASHX_W.DLL
##(Sonic Solutions [Ver = 5.20.12a | Size = 110652 bytes | Date = 11/07/2005 05:20 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
#SSVHelper Class = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 434279 bytes | Date = 05/03/2006 03:14 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
#Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
##(Microsoft Corporation [Ver = 4.000.248.1 | Size = 323904 bytes | Date = 04/17/2006 13:32 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
#Google Toolbar Helper = c:\program files\google\googletoolbar3.dll
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
#CPub Object = C:\Program Files\FireTrust\SiteHound\SiteHound.dll
##(Firetrust Limited. [Ver = 1.4.1 | Size = 1335296 bytes | Date = 03/08/2006 09:10 | Attr = ])

<<< >> Internet Explorer Bars, Toolbars and Extensions << >>>

<<< HKLM-> Internet Explorer Bars >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
#&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1497088 bytes | Date = 06/23/2006 07:25 | Attr = ])

<<< HKLM-> Internet Explorer ToolBars >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
#&Google = c:\program files\google\googletoolbar3.dll
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{73F7F495-A325-4C52-BE48-5F97FA511E89}
#SiteHound = C:\Program Files\FireTrust\SiteHound\SiteHound.dll
##(Firetrust Limited. [Ver = 1.4.1 | Size = 1335296 bytes | Date = 03/08/2006 09:10 | Attr = ])

<<< HKCU-> Internet Explorer ToolBars >>>

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 07:25 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
#&Links = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 09:33 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
#&Google = c:\program files\google\googletoolbar3.dll
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 07:25 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
#&Links = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 09:33 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
#&Google = c:\program files\google\googletoolbar3.dll
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
#&Yahoo! Toolbar = Reg Data missing or invalid
##(File not found)

<<< HKCU-> Internet Explorer CmdMapping >>>

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#8194 - Sun Java Console
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
#8195 -
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
#8193 -
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683}
#8192 - Windows Messenger
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\NextId
#8196
##

<<< HKLM-> Internet Explorer Extensions >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
##(Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 69746 bytes | Date = 05/03/2006 03:14 | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 434279 bytes | Date = 05/03/2006 03:14 | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{11316B13-33F0-4C9F-BD55-09994CCFA8EB}
#MenuText: = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{11316B13-33F0-4C9F-BD55-09994CCFA8EB}
#MenuText: = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
#ButtonText: Research =
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
#ButtonText: AIM = C:\Program Files\AIM\aim.exe
##(America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Date = 08/05/2005 15:08 | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
#ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe
##(Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Date = 10/13/2004 12:24 | Attr = ])

<<< HKCU-> Internet Explorer Menu Extensions >>>

HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Google Search
#res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Translate English Word
#res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Backward Links
#res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Cached Snapshot of Page
#res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
#res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
##(Microsoft Corporation [Ver = 12.0.4017.1004 | Size = 15715600 bytes | Date = 04/30/2006 13:45 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Similar Pages
#res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate Page into English
#res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
##(Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Date = 02/14/2006 20:05 | Attr = R ])

<<< >> Approved Shell Extensions (Non-Microsoft only) << >>>

<<< HKLM-> Approved Shell Extensions >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}
#Autoplay for SlideShow = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
#Taskbar and Start Menu = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32020A01-506E-484D-A2A8-BE3CF17601C3}
#AlcoholShellEx = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42071714-76d4-11d1-8b24-00a0c9068ff3}
#Display Panning CPL Extension = deskpan.dll
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CA3D70E-1895-11CF-8E15-001234567890}
#DriveLetterAccess = C:\WINDOWS\System32\DLA\DLASHX_W.DLL
##(Sonic Solutions [Ver = 5.20.12a | Size = 110652 bytes | Date = 11/07/2005 05:20 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{764BF0E1-F219-11ce-972D-00AA00A14F56}
#Shell extensions for file compression = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A9D77BD-5403-11d2-8785-2E0420524153}
#User Accounts = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7C9D5882-CB4A-4090-96C8-430BFE8B795B}
#Webroot Spy Sweeper Context Menu Integration = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
##(Webroot Software, Inc. [Ver = 5,0,5,1286 | Size = 218112 bytes | Date = 07/07/2006 17:16 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F1CF152-04F8-453A-B34C-E609530A9DC8}
#NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Date = 11/15/2005 12:07 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
#Encryption Context Menu = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8}
#HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll
##(Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
#AVG7 Shell Extension = C:\Program Files\Grisoft\AVG7\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,0,0,337 | Size = 29743 bytes | Date = 08/18/2006 23:31 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}
#AVG7 Find Extension = C:\Program Files\Grisoft\AVG7\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,0,0,337 | Size = 29743 bytes | Date = 08/18/2006 23:31 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B327765E-D724-4347-8B16-78AE18552FC3}
#NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Date = 11/15/2005 12:07 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
#WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 126464 bytes | Date = 04/18/2006 18:15 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B8323370-FF27-11D2-97B6-204C4F4F5020}
#SmartFTP Shell Extension DLL = C:\Program Files\SmartFTP Client 2.0\smarthook.dll
##(SmartFTP [Ver = 1.0.2.1 | Size = 73392 bytes | Date = 01/05/2006 19:58 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
#iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll
##(Apple Computer, Inc. [Ver = 6.0.5.20 | Size = 102400 bytes | Date = 06/14/2006 16:35 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF05BB6E-442C-428B-8025-82280B7BC26C}
#Zen Micro Media Explorer = C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
##(Creative Technology Ltd [Ver = 4.0.27.0 | Size = 1052672 bytes | Date = 02/06/2005 09:19 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0BD38EB-C8EC-11D2-B274-B493B003B125}
#East-Tec Eraser Context Menu Shell Extension = C:\PROGRA~1\EAST-T~1\eteshell.dll
##( [Ver = | Size = 421888 bytes | Date = 12/16/2005 00:40 | Attr = ])

<<< >> ContextMenuHandlers (Non-Microsoft only) << >>>

<<< HKLM-> ContextMenuHandlers >>>

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
# = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
##(Nero AG [Ver = 2, 2, 7, 0 | Size = 73728 bytes | Date = 06/08/2006 20:29 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
#{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,0,0,337 | Size = 29743 bytes | Date = 08/18/2006 23:31 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\East-TecEraser
#{E0BD38EB-C8EC-11D2-B274-B493B003B125} = C:\PROGRA~1\EAST-T~1\eteshell.dll
##( [Ver = | Size = 421888 bytes | Date = 12/16/2005 00:40 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ewido anti-spyware
#{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/16/2006 10:38 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\PandoShellExt
#{9C150845-2A2D-44CC-90B3-AA03480AA3D2} = C:\Program Files\Pando Networks\Pando\PandoShellExt.dll
##(TODO: <Company name> [Ver = 1.0.0.1 | Size = 57344 bytes | Date = 06/13/2006 15:24 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 126464 bytes | Date = 04/18/2006 18:15 | Attr = ])

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SpySweeper
#{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
##(Webroot Software, Inc. [Ver = 5,0,5,1286 | Size = 218112 bytes | Date = 07/07/2006 17:16 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
#{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/16/2006 10:38 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\PandoShellExt
#{9C150845-2A2D-44CC-90B3-AA03480AA3D2} = C:\Program Files\Pando Networks\Pando\PandoShellExt.dll
##(TODO: <Company name> [Ver = 1.0.0.1 | Size = 57344 bytes | Date = 06/13/2006 15:24 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 126464 bytes | Date = 04/18/2006 18:15 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
# = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
##(Nero AG [Ver = 2, 2, 7, 0 | Size = 73728 bytes | Date = 06/08/2006 20:29 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
#{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,0,0,337 | Size = 29743 bytes | Date = 08/18/2006 23:31 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\East-TecEraser
#{E0BD38EB-C8EC-11D2-B274-B493B003B125} = C:\PROGRA~1\EAST-T~1\eteshell.dll
##( [Ver = | Size = 421888 bytes | Date = 12/16/2005 00:40 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
#{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
##(Webroot Software, Inc. [Ver = 5,0,5,1286 | Size = 218112 bytes | Date = 07/07/2006 17:16 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 126464 bytes | Date = 04/18/2006 18:15 | Attr = ])

<<< >> ColumnHandlers (Non-Microsoft only) << >>>

<<< HKLM-> ColumnHandlers >>>

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
#NeroDigitalColumnHandler Class = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Date = 11/15/2005 12:07 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
#PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
##(Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Date = 12/14/2004 02:20 | Attr = ])

<<< >> Registry Run Keys << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\!ewido
#"C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 6283264 bytes | Date = 06/16/2006 10:39 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ATIPTA
#"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
##(ATI Technologies, Inc. [Ver = 6.14.10.5183 | Size = 344064 bytes | Date = 02/09/2006 21:05 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVG7_CC
#"C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
##(GRISOFT, s.r.o. [Ver = 7,1,0,404 | Size = 358447 bytes | Date = 08/18/2006 23:31 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DLA
#C:\WINDOWS\System32\DLA\DLACTRLW.EXE
##(Sonic Solutions [Ver = 5.20.12a | Size = 122940 bytes | Date = 11/07/2005 05:20 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup
#"C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
##(InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Date = 07/27/2004 16:50 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler
#"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
##(InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Date = 07/27/2004 16:50 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck
#"C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
##(Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Date = 01/12/2006 16:40 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpySweeper
#"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
##(Webroot Software, Inc. [Ver = 5,0,5,1286 | Size = 3871744 bytes | Date = 07/07/2006 17:16 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\µTorrent
#"C:\Program Files\utorrent\utorrent.exe"
##( [Ver = | Size = 174163 bytes | Date = 08/16/2006 23:43 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AIM
#"C:\Program Files\AIM\aim.exe" -cnetwait.odl
##(America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Date = 08/05/2005 15:08 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
#"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
##(Nero AG [Ver = 1, 2, 0, 13 | Size = 94208 bytes | Date = 06/01/2006 13:32 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Creative Detector
#"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
##(Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Date = 12/02/2004 18:23 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe
#C:\WINDOWS\system32\ctfmon.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSMSGS
#"C:\Program Files\Messenger\msmsgs.exe" /background
##(Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Date = 10/13/2004 12:24 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\msnmsgr
#"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
##(Microsoft Corporation [Ver = 8.0.0792.00 | Size = 5324584 bytes | Date = 06/16/2006 14:38 | Attr = ])


#
##

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
#C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
##(Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Date = 09/23/2005 22:05 | Attr = ])

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
#C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
##( [Ver = | Size = 84 bytes | Date = 07/16/2006 14:42 | Attr = HS])

C:\Documents and Settings\Unbrix\Start Menu\Programs\Startup\Adobe Gamma.lnk
#C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
##(Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Date = 03/16/2005 19:16 | Attr = ])

C:\Documents and Settings\Unbrix\Start Menu\Programs\Startup\AntiCrash.lnk
#C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
##( [Ver = | Size = 2301798 bytes | Date = 12/17/2002 12:00 | Attr = ])

C:\Documents and Settings\Unbrix\Start Menu\Programs\Startup\desktop.ini
#C:\Documents and Settings\Unbrix\Start Menu\Programs\Startup\desktop.ini
##( [Ver = | Size = 84 bytes | Date = 07/16/2006 14:42 | Attr = HS])

C:\Documents and Settings\Unbrix\Start Menu\Programs\Startup\Hare.lnk
#C:\Program Files\Dachshund Software\Hare\Hare.exe
##( [Ver = | Size = 1874381 bytes | Date = 09/21/2002 12:26 | Attr = ])

<<< >> Disabled MSConfig Items << >>>

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AIM
#aim = C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
##(File not found)

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DellSupport
#DSAgnt = "C:\Program Files\Dell Support\DSAgnt.exe" /startup
##(Gteko Ltd. [Ver = 1, 1, 1, 121 | Size = 332800 bytes | Date = 05/15/2005 02:04 | Attr = ])

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ehTray
#ehtray = C:\WINDOWS\ehome\ehtray.exe
##(Microsoft Corporation [Ver = 5.1.2710.2732 (xpsp(wmbla).050805-1239) | Size = 64512 bytes | Date = 08/05/2005 13:56 | Attr = ])

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SigmatelSysTrayApp
#stsystra = stsystra.exe
##(SigmaTel, Inc. [Ver = 1.0.4450.0 nd83 cp1 | Size = 339968 bytes | Date = 03/22/2005 17:20 | Attr = ])

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SunJavaUpdateSched
#jusched = C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
##(Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 36975 bytes | Date = 05/03/2006 02:56 | Attr = ])

<<< >> User Agent Post Platform << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\SV1
#
##

<<< >> AppInit DLLs << >>>

<<< >> Image File Execution Options << >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
#Debugger = ntsd -d
##

<<< >> Shell Service Object Delay Load << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\0aMCPClient
#{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn
#{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 09:33 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder
#{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 09:33 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray
#{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck
#{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Date = 08/10/2004 07:00 | Attr = ])

<<< >> Shell Execute Hooks << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}
#CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 73728 bytes | Date = 06/16/2006 10:38 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972}
#URL Exec Hook = shell32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp_sp2_gdr.060713-0009) | Size = 8453632 bytes | Date = 07/13/2006 09:33 | Attr = ])

<<< >> Shared Task Scheduler << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}
#Browseui preloader = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 07:25 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030}
#Component Categories cache daemon = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2937 (xpsp.060623-0011) | Size = 1022976 bytes | Date = 06/23/2006 07:25 | Attr = ])

<<< >> Winlogon << >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
#C:\WINDOWS\system32\userinit.exe,
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
#explorer.exe
##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System
#
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
#crypt32.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
#cryptnet.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
#cscdll.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
#sclgntfy.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
#WlNotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
#WgaLogon.dll
##(Microsoft Corporation [Ver = 1.5.0540.0 | Size = 702768 bytes | Date = 06/19/2006 16:20 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
#WRLogonNTF.dll
##(Webroot Software, Inc. [Ver = 3,0,5,1286 | Size = 208896 bytes | Date = 07/07/2006 17:16 | Attr = ])

<<< >> DNS Name Servers << >>>

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1910EF38-D2DB-4288-960E-265148A163F1}
#192.168.1.1 (Intel(R) PRO/1000 PL Network Connection)
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5EFD61F-77B9-465B-84B2-FF813CEF2674}
# (Realtek RTL8139 Family PCI Fast Ethernet NIC)
##

<<< >> All Winsock2 Catalogs << >>>

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
#%SystemRoot%\System32\winrnr.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16896 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 08/10/2004 07:00 | Attr = ])

<<< >> Protocol Handlers (Non-Microsoft only) << >>>

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ipp
#
##(File not found)

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp
#
##(File not found)

<<< >> Protocol Filters (Non-Microsoft only) << >>>



[Start Post #2]

Services
Name--Internal Name--Startup Type--State--Service Type--
#Path
##(Version Info)

Ati HotKey Poller--Ati HotKey Poller--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\Ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Date = 02/09/2006 20:51 | Attr = ])

AVG7 Alert Manager Server--Avg7Alrt--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,364 | Size = 330291 bytes | Date = 08/18/2006 23:31 | Attr = ])

AVG7 Update Service--Avg7UpdSvc--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
##(GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 39987 bytes | Date = 08/18/2006 23:31 | Attr = ])

Creative Service for CDROM Access--Creative Service for CDROM Access--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\CTsvcCDA.EXE
##(Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Date = 12/12/1999 21:01 | Attr = ])

ewido anti-spyware 4.0 guard--ewido anti-spyware 4.0 guard--Automatic--Running--Win32, running in it's own process--
#C:\Program Files\ewido anti-spyware 4.0\guard.exe
##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/16/2006 10:38 | Attr = ])

Network Location Awareness (NLA)--Nla----Running--Win32, running in a shared process--
#\SystemRoot\C:\WINDOWS\system32\svchost.exe -k netsvcs
##(File not found)

System Event Notification--SENS----Running--Win32, running in a shared process--
#\SystemRoot\C:\WINDOWS\system32\svchost.exe -k netsvcs
##(File not found)

Webroot Spy Sweeper Engine--WebrootSpySweeperService--Automatic--Running--Win32, running in it's own process--
#"C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
##(Webroot Software, Inc. [Ver = 3,0,5,1286 | Size = 3063808 bytes | Date = 07/07/2006 17:16 | Attr = ])


Files
Full Path
#Details

%SystemDrive%
#

%ProgramFilesDir%
#

%WinDir%
#

%System%
#

C:\WINDOWS\SYSTEM32\avisynth.dll
#UPX! (The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Date = 10/07/2005 13:14 | Attr = ])

C:\WINDOWS\SYSTEM32\dfrg.msc
#AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213( [Ver = | Size = 41397 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\DivX.dll
#PEC2 (DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Date = 07/03/2006 17:40 | Attr = ])

C:\WINDOWS\SYSTEM32\DivX.dll
#PECompact2 (DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Date = 07/03/2006 17:40 | Attr = ])

C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
#RIMAPPTECHNOLOGIES (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 571184 bytes | Date = 06/19/2006 16:19 | Attr = ])

C:\WINDOWS\SYSTEM32\MRT.exe
#(PeCompact2) (Microsoft Corporation [Ver = 1.19.1565.0 | Size = 8255912 bytes | Date = 08/02/2006 21:22 | Attr = ])

C:\WINDOWS\SYSTEM32\MRT.exe
#(ASPack) (Microsoft Corporation [Ver = 1.19.1565.0 | Size = 8255912 bytes | Date = 08/02/2006 21:22 | Attr = ])

C:\WINDOWS\SYSTEM32\nmap.exe
#Unexpected probespec2ascii type encountered( [Ver = 4.X | Size = 452096 bytes | Date = 06/23/2006 21:38 | Attr = ])

C:\WINDOWS\SYSTEM32\ntbackup.exe
#VWSuD (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\ntdll.dll
#.aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\nusrmgr.cpl
#Pln``pmlidb_[ZYWSUdxa\^`^Tsfbeffhjol(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\rasdlg.dll
#\DuMonitor SendMessage(WM_RASEVENT) done(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\SrchSTS.exe
#UPX! (S!Ri [Ver = | Size = 288417 bytes | Date = 04/27/2006 17:49 | Attr = ])

C:\WINDOWS\SYSTEM32\swreg.exe
#UPX! ( [Ver = | Size = 42496 bytes | Date = 01/09/2006 10:36 | Attr = ])

C:\WINDOWS\SYSTEM32\swsc.exe
#UPX! ( [Ver = | Size = 40960 bytes | Date = 01/09/2006 10:36 | Attr = ])

C:\WINDOWS\SYSTEM32\wbdbase.deu
#msubjsuchsullsupeswinsyncszens( [Ver = | Size = 1309184 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\WgaTray.exe
#RIMAPPTECHNOLOGIES (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 06/19/2006 16:19 | Attr = ])

%System%\Drivers folder and sub-folders
#

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#error finding UPX! header(GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/18/2006 23:31 | Attr = ])

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#FSG!u.h (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/18/2006 23:31 | Attr = ])

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#pec2-ext.exe (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/18/2006 23:31 | Attr = ])

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#;PE_ASPACK (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08/18/2006 23:31 | Attr = ])

%windir% + sub-dirs for System or Hidden files less than 60 days old
#

C:\WINDOWS\a3kebook.ini
# ( [Ver = | Size = 4 bytes | Date = 07/24/2006 15:12 | Attr = H ])

C:\WINDOWS\akebook.ini
# ( [Ver = | Size = 20 bytes | Date = 07/24/2006 15:12 | Attr = H ])

C:\WINDOWS\bootstat.dat
# ( [Ver = | Size = 2048 bytes | Date = 08/29/2006 14:10 | Attr = S])

C:\WINDOWS\WindowsShell.Manifest
# ( [Ver = | Size = 749 bytes | Date = 07/16/2006 14:40 | Attr = RH ])

C:\WINDOWS\wininf.dat
# ( [Ver = | Size = 314 bytes | Date = 08/28/2006 20:27 | Attr = H ])

C:\WINDOWS\winshell.dat
# ( [Ver = | Size = 199 bytes | Date = 08/29/2006 20:44 | Attr = H ])

C:\WINDOWS\assembly\Desktop.ini
# ( [Ver = | Size = 227 bytes | Date = 07/16/2006 14:38 | Attr = RHS])

C:\WINDOWS\assembly\PublisherPolicy.tme
# ( [Ver = | Size = 0 bytes | Date = 07/17/2006 13:14 | Attr = RH ])

C:\WINDOWS\assembly\pubpol14.dat
# ( [Ver = | Size = 0 bytes | Date = 07/17/2006 13:14 | Attr = RH ])

C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
# ( [Ver = | Size = 0 bytes | Date = 07/18/2006 17:42 | Attr = RH ])

C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1d.dat
# ( [Ver = | Size = 0 bytes | Date = 07/18/2006 17:43 | Attr = RH ])

C:\WINDOWS\CSC\00000001
# ( [Ver = | Size = 64 bytes | Date = 07/18/2006 17:34 | Attr = S])

C:\WINDOWS\CSC\00000002
# ( [Ver = | Size = 64 bytes | Date = 07/18/2006 17:22 | Attr = S])

C:\WINDOWS\Downloaded Program Files\desktop.ini
# ( [Ver = | Size = 65 bytes | Date = 07/16/2006 14:40 | Attr = H ])

C:\WINDOWS\Fonts\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 07/16/2006 14:41 | Attr = HS])

C:\WINDOWS\Help\update.GID
# ( [Ver = | Size = 10820 bytes | Date = 08/23/2006 22:44 | Attr = H ])

C:\WINDOWS\inf\oem1.inf
# ( [Ver = | Size = 0 bytes | Date = 07/16/2006 14:47 | Attr = H ])

C:\WINDOWS\Offline Web Pages\desktop.ini
# ( [Ver = | Size = 65 bytes | Date = 07/16/2006 14:40 | Attr = H ])

C:\WINDOWS\pchealth\helpctr\PackageStore\package_1.cab
# ( [Ver = | Size = 727 bytes | Date = 07/16/2006 14:41 | Attr = RHS])

C:\WINDOWS\pchealth\helpctr\PackageStore\package_2.cab
# ( [Ver = | Size = 19854 bytes | Date = 07/16/2006 14:41 | Attr = RHS])

C:\WINDOWS\pchealth\helpctr\PackageStore\package_3.cab
# ( [Ver = | Size = 244933 bytes | Date = 07/16/2006 14:41 | Attr = RHS])

C:\WINDOWS\repair\ntuser.dat
# ( [Ver = | Size = 229376 bytes | Date = 07/16/2006 14:42 | Attr = H ])

C:\WINDOWS\system32\cdplayer.exe.manifest
# ( [Ver = | Size = 749 bytes | Date = 07/16/2006 14:40 | Attr = RH ])

C:\WINDOWS\system32\logonui.exe.manifest
# ( [Ver = | Size = 488 bytes | Date = 07/16/2006 14:40 | Attr = RH ])

C:\WINDOWS\system32\ncpa.cpl.manifest
# ( [Ver = | Size = 749 bytes | Date = 07/16/2006 14:40 | Attr = RH ])

C:\WINDOWS\system32\nwc.cpl.manifest
# ( [Ver = | Size = 749 bytes | Date = 07/16/2006 14:40 | Attr = RH ])

C:\WINDOWS\system32\sapi.cpl.manifest
# ( [Ver = | Size = 749 bytes | Date = 07/16/2006 14:40 | Attr = RH ])

C:\WINDOWS\system32\WindowsLogon.manifest
# ( [Ver = | Size = 488 bytes | Date = 07/16/2006 14:40 | Attr = RH ])

C:\WINDOWS\system32\wuaucpl.cpl.manifest
# ( [Ver = | Size = 749 bytes | Date = 07/16/2006 14:40 | Attr = RH ])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917422.cat
# ( [Ver = | Size = 10925 bytes | Date = 07/05/2006 08:21 | Attr = S])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat
# ( [Ver = | Size = 23751 bytes | Date = 07/28/2006 08:16 | Attr = S])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat
# ( [Ver = | Size = 10337 bytes | Date = 07/27/2006 10:00 | Attr = S])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat
# ( [Ver = | Size = 10925 bytes | Date = 07/21/2006 05:03 | Attr = S])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921398.cat
# ( [Ver = | Size = 13050 bytes | Date = 07/13/2006 10:24 | Attr = S])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat
# ( [Ver = | Size = 10925 bytes | Date = 07/14/2006 12:13 | Attr = S])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922616.cat
# ( [Ver = | Size = 10925 bytes | Date = 07/14/2006 11:53 | Attr = S])

C:\WINDOWS\system32\config\default.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/29/2006 14:14 | Attr = H ])

C:\WINDOWS\system32\config\SAM.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/29/2006 14:10 | Attr = H ])

C:\WINDOWS\system32\config\SECURITY.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/29/2006 15:10 | Attr = H ])

C:\WINDOWS\system32\config\software.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/29/2006 21:23 | Attr = H ])

C:\WINDOWS\system32\config\system.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/29/2006 21:11 | Attr = H ])

C:\WINDOWS\system32\config\TempKey.LOG
# ( [Ver = | Size = 1024 bytes | Date = 07/16/2006 10:31 | Attr = H ])

C:\WINDOWS\system32\config\userdiff.LOG
# ( [Ver = | Size = 1024 bytes | Date = 07/16/2006 10:31 | Attr = H ])

C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
# ( [Ver = | Size = 1024 bytes | Date = 08/08/2006 15:22 | Attr = H ])

C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 07/16/2006 10:32 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8
# ( [Ver = | Size = 341 bytes | Date = 07/26/2006 22:23 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
# ( [Ver = | Size = 688 bytes | Date = 07/16/2006 14:41 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165
# ( [Ver = | Size = 413 bytes | Date = 07/26/2006 22:23 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5
# ( [Ver = | Size = 574 bytes | Date = 07/26/2006 22:23 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD
# ( [Ver = | Size = 558 bytes | Date = 07/28/2006 19:52 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
# ( [Ver = | Size = 558 bytes | Date = 07/16/2006 14:55 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1
# ( [Ver = | Size = 70226 bytes | Date = 07/16/2006 14:41 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8
# ( [Ver = | Size = 126 bytes | Date = 07/26/2006 22:23 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
# ( [Ver = | Size = 94 bytes | Date = 07/16/2006 14:41 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165
# ( [Ver = | Size = 98 bytes | Date = 07/26/2006 22:23 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5
# ( [Ver = | Size = 136 bytes | Date = 07/26/2006 22:23 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD
# ( [Ver = | Size = 146 bytes | Date = 07/28/2006 19:52 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
# ( [Ver = | Size = 144 bytes | Date = 07/16/2006 14:55 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1
# ( [Ver = | Size = 128 bytes | Date = 07/16/2006 14:41 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 07/16/2006 10:32 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
# ( [Ver = | Size = 113 bytes | Date = 07/16/2006 14:46 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
# ( [Ver = | Size = 113 bytes | Date = 07/16/2006 14:46 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 07/16/2006 14:46 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 07/16/2006 14:46 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\34HI1ZUP\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 07/16/2006 14:46 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3MTLMKOS\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 07/16/2006 14:46 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\BR7KUDW9\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 07/16/2006 14:46 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\VTFGBUPN\desktop.ini
# ( [Ver = | Size = 67 bytes | Date = 07/16/2006 14:46 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
# ( [Ver = | Size = 181 bytes | Date = 07/16/2006 14:41 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 07/16/2006 10:32 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
# ( [Ver = | Size = 148 bytes | Date = 07/16/2006 14:42 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
# ( [Ver = | Size = 482 bytes | Date = 07/16/2006 14:42 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
# ( [Ver = | Size = 348 bytes | Date = 07/16/2006 14:42 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
# ( [Ver = | Size = 84 bytes | Date = 07/16/2006 14:42 | Attr = HS])

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
# ( [Ver = | Size = 84 bytes | Date = 07/16/2006 14:42 | Attr = HS])

C:\WINDOWS\system32\GroupPolicy\Adm\admfiles.ini
# ( [Ver = | Size = 81 bytes | Date = 08/18/2006 18:28 | Attr = H ])

C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\84ef8e7a-4b84-44c5-97f9-bc5b3d50cc51
# ( [Ver = | Size = 388 bytes | Date = 07/16/2006 16:09 | Attr = HS])

C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
# ( [Ver = | Size = 24 bytes | Date = 07/16/2006 16:09 | Attr = HS])

C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\774edf4d-1c13-4366-9762-7b3e6b337aa2
# ( [Ver = | Size = 388 bytes | Date = 07/16/2006 14:46 | Attr = HS])

C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
# ( [Ver = | Size = 24 bytes | Date = 07/16/2006 14:46 | Attr = HS])

C:\WINDOWS\Tasks\SA.DAT
# ( [Ver = | Size = 6 bytes | Date = 08/29/2006 14:10 | Attr = H ])

CPL files
#

C:\WINDOWS\SYSTEM32\access.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\appwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\bthprops.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\desk.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\firewall.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\hdwwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\inetcpl.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\intl.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\irprops.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\ISUSPM.cpl
# (InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 73728 bytes | Date = 07/27/2004 16:50 | Attr = ])

C:\WINDOWS\SYSTEM32\joy.cpl
# (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\jpicpl32.cpl
# (Sun Microsystems, Inc. [Ver = 5.0.70.3 | Size = 49265 bytes | Date = 05/03/2006 02:56 | Attr = ])

C:\WINDOWS\SYSTEM32\main.cpl
# (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\mmsys.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\ncpa.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\netsetup.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\nusrmgr.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\nwc.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\odbccp32.cpl
# (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\powercfg.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\stac97.cpl
# (SigmaTel, Inc. [Ver = 1.0.4823.0 nd322 cp1 | Size = 159825 bytes | Date = 11/16/2005 15:35 | Attr = ])

C:\WINDOWS\SYSTEM32\sysdm.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/10/2004 07:00 | Attr = ])

C:\WINDOWS\SYSTEM32\telephon.cpl
# (Microsoft Corporation
unbri
Regular Member
 
Posts: 25
Joined: August 24th, 2006, 10:54 pm

Unread postby unbri » August 30th, 2006, 2:06 pm

in my last post thats the full log of that program you had me use, i dont know what it did exactly but i guess you'll tell me in your next post. thnx for all the help.
unbri
Regular Member
 
Posts: 25
Joined: August 24th, 2006, 10:54 pm

Unread postby Bob4 » August 30th, 2006, 3:01 pm

Great to hear most things are working again. That last log was just that a log. For us to look at and see if we see anything bad in it. We are still searching for an answer to your system restore.


Create a folder on your desktop call aboutbuster.

about buster
Download about buster
extract the files tothe folder you just made..click on aboutbuster.exe..click on update..once done click on begin removal.
A log will be created post that log for me.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby unbri » August 30th, 2006, 6:51 pm

AboutBuster 6.05
Scan started on [8/30/2006] at [6:49:15 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 6:49:48 PM


Thats my log...for some reason my internet explorer bars have disappeared though? It's not from the aboutbuster...it just happened a little bit ago. The only bar that's there is the url address bar? I can't seem to get the standard buttons back?
unbri
Regular Member
 
Posts: 25
Joined: August 24th, 2006, 10:54 pm

Unread postby Bob4 » August 30th, 2006, 7:49 pm

Select Start followed by Control Panel, and double-click the System icon. Then:

Click the System Restore tab on the System dialog box

To enable, clear the Turn off System Restore check box

Click OK when done.

Let me know if that worked.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby unbri » August 30th, 2006, 8:36 pm

i don't even see a system icon? i went to classic view and clicked on the system icon but i couldn't find the system restore i looked everywhere.
unbri
Regular Member
 
Posts: 25
Joined: August 24th, 2006, 10:54 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware