Logfile created on: 11/19/2006 3:41:13 PM
WinPFind2 by OldTimer - Version 1.0.15 Folder = C:\Documents and Settings\Me\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
< Processes (Non-Microsoft Only) >
c:\progra~1\alwils~1\avast4\ashdisp.exe - ( )
c:\program files\alwil software\avast4\ashmaisv.exe - (ALWIL Software )
c:\program files\alwil software\avast4\ashserv.exe - ( )
c:\program files\alwil software\avast4\ashwebsv.exe - (ALWIL Software )
c:\program files\alwil software\avast4\aswupdsv.exe - ( )
c:\windows\system32\ati2evxx.exe - (ATI Technologies Inc. )
c:\windows\system32\ati2evxx.exe - (ATI Technologies Inc. )
c:\program files\ati technologies\ati control panel\atiptaxx.exe - (ATI Technologies, Inc. )
c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe - (Anti-Malware Development a.s. )
c:\program files\kodak\kodak easyshare software\bin\easyshare.exe - (Eastman Kodak Company )
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe - (Anti-Malware Development a.s. )
c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe - ( )
c:\windows\system32\drivers\kodakccs.exe - (Eastman Kodak Company )
c:\program files\picasa2\picasamediadetector.exe - ( )
c:\program files\analog devices\soundmax\smagent.exe - (Analog Devices, Inc. )
c:\windows\system32\zonelabs\vsmon.exe - (Zone Labs, LLC )
c:\program files\intervideo\common\bin\wincinemamgr.exe - (InterVideo Inc. )
c:\documents and settings\me\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )
c:\program files\ultravnc\winvnc.exe - (UltraVNC )
c:\program files\zone labs\zonealarm\zlclient.exe - (Zone Labs, LLC )
< Registry Entries >
[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page -
http://www.yahoo.com/
HKLM->Main\\Search Bar -
http://red.clientapps.yahoo.com/customi ... ch/ie.html
HKLM->Main\\Search Page -
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM->Main\\Default_Page_URL -
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM->Main\\Default_Search_URL -
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page -
http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU->Main\\Search Bar -
http://search.msn.com/spbasic.htm
HKCU->Main\\Search Page -
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU->Main\\Local Page - C:\WINDOWS\system32\blank.htm
HKLM->Search\\CustomizeSearch -
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM->Search\\SearchAssistant -
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU->Search\\SearchAssistant -
http://ie.search.msn.com/es-mx/srchasst/srchasst.htm
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
HKCU->URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc. )
HKCU->Internet Settings\\ProxyEnable - 0
[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc. )
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} - ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation )
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\es-mx\msntb.dll (Microsoft Corporation )
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - SidebarAutoLaunch Class = C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc. )
[>> Internet Explorer Bars, Toolbars and Extensions <<]
[HKLM-> Internet Explorer Bars]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = Reg Data - Key not found (File not found)
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
[HKCU-> Internet Explorer Bars]
{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = Reg Data - Key not found (File not found)
{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
[HKLM-> Internet Explorer ToolBars]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - T1msn = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\es-mx\msntb.dll (Microsoft Corporation )
[HKCU-> Internet Explorer ToolBars]
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - T1msn = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\es-mx\msntb.dll (Microsoft Corporation )
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc. )
[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 - Reg Data - Key not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8193 - Reg Data - Value does not exist
{669B269B-0D4E-41FB-A3D8-FD67CA94F646} - 8194 - Reg Data - Value does not exist
{8828075D-D097-4055-AA02-2DBFA9D85E8A} - 8195 - Reg Data - Value does not exist
{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8196 - Reg Data - Value does not exist
{97809617-3937-4F84-B335-9BB05EF1A8D4} - 8197 - Reg Data - Value does not exist
{B13B4423-2647-4cfc-A4B3-C7D56CB83487} - 8198 - Reg Data - Key not found
NextId - 8199
[HKLM-> Internet Explorer Extensions]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: SBC Yahoo! Services = Reg Data - Value does not exist (File not found)
{669B269B-0D4E-41FB-A3D8-FD67CA94F646} - ButtonText: ComcastHSI =
http://www.comcast.net/ (File not found)
{8828075D-D097-4055-AA02-2DBFA9D85E8A} - ButtonText: Support =
http://www.comcastsupport.com/ (File not found)
{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research = Reg Data - Value does not exist (File not found)
{97809617-3937-4F84-B335-9BB05EF1A8D4} - ButtonText: Help =
http://online.comcast.net/help/ (File not found)
[HKCU-> Internet Explorer Menu Extensions]
&Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm (File not found)
E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation )
Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm (File not found)
Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm (File not found)
Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm (File not found)
[>> Approved Shell Extensions (Non-Microsoft only) <<]
[HKLM-> Approved Shell Extensions]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data - Key not found (File not found)
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data - Key not found (File not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found)
{472083B0-C522-11CF-8763-00608CC02F24} - avast = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software )
{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi20040613.dll (Yahoo! Inc. )
{6EE51AA0-77A0-11D7-B4E1-000347126E46} - Window Washer Shredding Utility = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL (Webroot Software )
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data - Key not found (File not found)
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data - Key not found (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data - Key not found (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc. )
{acb4a560-3606-11d3-aef4-00104bd0f92d} - KodakShellExtension = C:\Program Files\Common Files\KODAK\IFSCore\kodakshx.dll (Eastman Kodak Company )
[>> ContextMenuHandlers (Non-Microsoft only) <<]
[HKLM-> ContextMenuHandlers]
* - avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software )
* - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
* - Washer - {6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL (Webroot Software )
* - Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi20040613.dll (Yahoo! Inc. )
Directory - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
Directory - Washer - {6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL (Webroot Software )
Folder - avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software )
[>> ColumnHandlers (Non-Microsoft only) <<]
[HKLM-> ColumnHandlers]
Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )
[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\system32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1
[>> Registry Run Keys <<]
HKLM->Run\\!AVG Anti-Spyware - "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized (Anti-Malware Development a.s. )
HKLM->Run\\ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc. )
HKLM->Run\\avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ( )
HKLM->Run\\KernelFaultCheck - %systemroot%\system32\dumprep 0 -k (File not found)
HKLM->Run\\NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh )
HKLM->Run\\Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe ( )
HKLM->Run\\WinVNC - "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper (UltraVNC )
HKLM->Run\\Zone Labs Client - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation )
[>> Miscellaneous Startup Keys <<]
[AppInit DLLs]
AppInit_DLL - (File not found)
[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d
[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation )
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation )
[Shell Execute Hooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s. )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )
[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
[SafeBoot Option]
[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -
[HKCU Command Processor AutoRun]
[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;
[PendingFileRenameOperations]
[FileRenameOperations]
[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -
[>> Disabled MSConfig Items <<]
[>> User Agent Post Platform <<]
FunWebProducts -
SV1 -
[>> Winlogon <<]
HMLM->AltDefaultDomainName - LAURACOMPUTER
HMLM->AltDefaultUserName - Me
HMLM->AutoAdminLogon - Reg Data - Value does not exist
HMLM->DefaultDomainName - LAURACOMPUTER
HMLM->DefaultUserName - Me
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\AtiExtEvent - Ati2evxx.dll (ATI Technologies Inc. )
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )
[>> DNS Name Servers <<]
{092DF4A6-B298-4295-85CB-9E40C7435B4B} - (1394 Net Adapter)
{180CD5FC-BD2C-4AF3-B364-FE9A2178CC3C} - (3Com 3C920B-EMB-WNM Integrated Fast Ethernet Controller)
{EDA716FB-14B9-4B1F-B14A-D4F05D56FEF1} - ()
[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 (Tcpip) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 (NTDS) - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 (Network Location Awareness (NLA) Namespace) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000004 (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - %SystemRoot%\System32\nwprovau.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found)
msdaipp - (File not found)
[>> Protocol Filters (Non-Microsoft only) <<]
< Services (Non-Microsoft Only) >
avast! iAVS4 Control Service (aswUpdSv) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" ( ) [Automatic - Running - Win32, running in it's own process]
Ati HotKey Poller (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc. ) [Automatic - Running - Win32, running in it's own process]
avast! Antivirus (avast! Antivirus) - "C:\Program Files\Alwil Software\Avast4\ashServ.exe" ( ) [Automatic - Running - Win32, running in it's own process]
avast! Mail Scanner (avast! Mail Scanner) - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (ALWIL Software ) [On Demand - Running - Win32, running in it's own process]
avast! Web Scanner (avast! Web Scanner) - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (ALWIL Software ) [On Demand - Running - Win32, running in it's own process]
AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
Kodak Camera Connection Software (KodakCCS) - C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company ) [Automatic - Running - Win32, running in it's own process]
SoundMAX Agent Service (SoundMAX Agent Service (default)) - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc. ) [Automatic - Running - Win32, running in it's own process]
TrueVector Internet Monitor (vsmon) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (Zone Labs, LLC ) [Automatic - Running - Win32, running in it's own process]
VNC Server (winvnc) - "C:\Program Files\UltraVNC\WinVNC.exe" -service (UltraVNC ) [Automatic - Running - Win32, running in it's own process]
< Files >
Auto-Start Folders
HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 6/29/2005 4:34:42 AM | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc. [Ver = 2.0.5 | Size = 278528 bytes | Date = 6/21/2005 11:17:46 PM | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company [Ver = 5, 0, 4, 167 | Size = 757760 bytes | Date = 3/10/2005 8:40:30 AM | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ( [Ver = | Size = 16423 bytes | Date = 2/13/2004 1:12:08 PM | Attr = ])
HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup
HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Me\Start Menu\Programs\Startup
C:\Documents and Settings\Me\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 6/29/2005 4:34:42 AM | Attr = HS])
HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup
Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Miscellaneous Folders
AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 6/28/2005 9:23:52 PM | Attr = HS])
CurrentUser ApplicationData Folder
C:\Documents and Settings\Me\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 6/28/2005 9:23:52 PM | Attr = HS])
Program Files Folder
C:\Program Files\2wconfig.dll - ( [Ver = | Size = 33649 bytes | Date = 3/20/2006 7:32:38 PM | Attr = ])
C:\Program Files\CardPres.exe - ( [Ver = | Size = 208993 bytes | Date = 3/20/2006 7:22:16 PM | Attr = ])
C:\Program Files\Endec.dll - ( [Ver = 1, 0, 0, 1 | Size = 139264 bytes | Date = 3/20/2006 7:26:52 PM | Attr = ])
C:\Program Files\GNU_REGEX.dll - ( [Ver = | Size = 56320 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\GoHomePortal.exe - (2Wire, Inc. [Ver = 1, 0, 0, 1 | Size = 167936 bytes | Date = 3/20/2006 7:30:02 PM | Attr = ])
C:\Program Files\libeay32.dll - ( [Ver = | Size = 872448 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\NetAPI.dll - (2Wire, Inc. [Ver = 1, 0, 0, 1 | Size = 266240 bytes | Date = 3/20/2006 7:27:14 PM | Attr = ])
C:\Program Files\PRISMAPI.dll - (GlobespanVirata, Inc. [Ver = 1.01.12 (Beta) | Size = 368726 bytes | Date = 3/20/2006 7:22:16 PM | Attr = ])
C:\Program Files\RGWProv.dll - (2Wire Inc. [Ver = 1, 0, 0, 8 | Size = 364544 bytes | Date = 3/20/2006 7:28:08 PM | Attr = ])
C:\Program Files\shlwapi.dll - (Microsoft Corporation [Ver = 6.00.2800.1106 | Size = 395264 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\ssleay32.dll - ( [Ver = | Size = 159744 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\Uninstaller.exe - ( [Ver = 1, 0, 0, 1 | Size = 294912 bytes | Date = 3/20/2006 7:29:38 PM | Attr = ])
C:\Program Files\WCAG.exe - ( [Ver = | Size = 180224 bytes | Date = 3/20/2006 7:29:24 PM | Attr = ])
C:\Program Files\WebSec.dll - ( [Ver = 1, 0, 0, 1 | Size = 135168 bytes | Date = 3/20/2006 7:28:14 PM | Attr = ])
C:\Program Files\WebWorks.exe - ( [Ver = 1, 0, 0, 1 | Size = 626688 bytes | Date = 3/20/2006 7:29:12 PM | Attr = ])
C:\Program Files\WirelessConsoleApp.exe - ( [Ver = | Size = 167936 bytes | Date = 3/20/2006 7:29:16 PM | Attr = ])
C:\Program Files\wwwapp.dll - ( [Ver = | Size = 61440 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwcache.dll - ( [Ver = | Size = 32768 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwcore.dll - ( [Ver = | Size = 131072 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwdir.dll - ( [Ver = | Size = 28672 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwdll.dll - ( [Ver = | Size = 20480 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwfile.dll - ( [Ver = | Size = 28672 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwftp.dll - ( [Ver = | Size = 32768 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwgophe.dll - ( [Ver = | Size = 24576 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwhtml.dll - ( [Ver = | Size = 49152 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwhttp.dll - ( [Ver = | Size = 69632 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwinit.dll - ( [Ver = | Size = 24576 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwmime.dll - ( [Ver = | Size = 40960 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwmux.dll - ( [Ver = | Size = 24576 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwnews.dll - ( [Ver = | Size = 36864 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwssl.dll - ( [Ver = | Size = 49152 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwstream.dll - ( [Ver = | Size = 32768 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwtelnt.dll - ( [Ver = | Size = 20480 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwtrans.dll - ( [Ver = | Size = 24576 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwutils.dll - ( [Ver = | Size = 36864 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwwais.dll - ( [Ver = | Size = 20480 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwxml.dll - ( [Ver = | Size = 45056 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\wwwzip.dll - ( [Ver = | Size = 20480 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\xmlparse.dll - ( [Ver = | Size = 53248 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\xmltok.dll - ( [Ver = | Size = 81920 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
C:\Program Files\zlib.dll - ( [Ver = 1.1.4.0 | Size = 53248 bytes | Date = 3/20/2006 7:21:58 PM | Attr = ])
Common Files Folder
DPF files
{00B71CFB-6864-4346-A978-C0A14556272C} - Checkers Class - CodeBase =
http://messenger.zone.msn.com/binary/ms ... b31267.cab
{0713E8D2-850A-101B-AFC0-4210102A8DA7} - Microsoft ProgressBar Control, version 5.0 (SP2) - CodeBase =
http://download.mcafee.com/molbin/Share ... mCtl32.cab
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase =
http://www.kaspersky.com/kos/english/ka ... nicode.cab
{15B782AF-55D8-11D1-B477-006097098764} - Macromedia Authorware Web Player Control - CodeBase =
http://fpdownload.macromedia.com/get/sh ... wswaxd.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase =
http://fpdownload.macromedia.com/get/sh ... tor/sw.cab
{2917297F-F02B-4B9D-81DF-494B6333150B} - Minesweeper Flags Class - CodeBase =
http://messenger.zone.msn.com/binary/Mi ... b31267.cab
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\common\yinsthelper.dll
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase =
http://office.microsoft.com/officeupdat ... /opuc2.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase =
http://download.mcafee.com/molbin/share ... insctl.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase =
http://update.microsoft.com/windowsupda ... 0003154000
{6BEA1C48-1850-486C-8F58-C7354BA3165E} - Install Class - CodeBase =
http://updates.lifescapeinc.com/install ... nstall.cab
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} - WScanCtl Class - CodeBase =
http://www3.ca.com/securityadvisor/viru ... ebscan.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_04 - CodeBase =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase =
http://messenger.zone.msn.com/binary/Me ... b31267.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - DwnldGroupMgr Class - CodeBase =
http://download.mcafee.com/molbin/share ... cgdmgr.cab
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase =
http://fpdownload.macromedia.com/pub/sh ... wflash.cab
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - Solitaire Showdown Class - CodeBase =
http://messenger.zone.msn.com/binary/So ... b31267.cab
Microsoft XML Parser for Java - - CodeBase =
file://C:\WINDOWS\Java\classes\xmldso.cab
Hosts file = 736 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright (c) 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -
< Add On's >
>>>>Output for AddOn file HKCU_IEDesktop.def<<<<
KEY - HKCU\Software\Microsoft\Internet Explorer\Desktop - Include SUBKEYS
HKCU\Software\Microsoft\Internet Explorer\Desktop -
Desktop\Components -
Desktop\Components\\DeskHtmlVersion - 272
Desktop\Components\\DeskHtmlMinorVersion - 5
Desktop\Components\\Settings - 1
Desktop\Components\\GeneralFlags - 5
Desktop\Components\0 -
Desktop\Components\0\\Source -
http://us.f2.yahoofs.com/users/427d4f57 ... CBvkL7v7qP
Desktop\Components\0\\SubscribedURL -
http://us.f2.yahoofs.com/users/427d4f57 ... CBvkL7v7qP
Desktop\Components\0\\FriendlyName -
Desktop\Components\0\\Flags - 1
Desktop\Components\0\\Position - 2C 00 00 00 8F 01 00 00 36 00 00 00 DC 00 00 00 D2 00 00 00 E8 03 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
Desktop\Components\0\\CurrentState - 01 00 00 40
Desktop\Components\0\\OriginalStateInfo - 18 00 00 00 8F 01 00 00 36 00 00 00 DC 00 00 00 D2 00 00 00 01 00 00 40
Desktop\Components\0\\RestoredStateInfo - 18 00 00 00 C2 04 00 00 A9 01 00 00 2C 01 00 00 90 01 00 00 01 00 00 00
Desktop\General -
Desktop\General\\BackupWallpaper - %APPDATA%\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
Desktop\General\\WallpaperFileTime - F0 48 3B 99 A2 82 C6 01
Desktop\General\\WallpaperLocalFileTime - F0 70 DC EC 67 82 C6 01
Desktop\General\\TileWallpaper - 0
Desktop\General\\WallpaperStyle - 2
Desktop\General\\Wallpaper - %APPDATA%\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
Desktop\General\\ComponentsPositioned - 3
Desktop\Old WorkAreas -
Desktop\Old WorkAreas\\NoOfOldWorkAreas - 1
Desktop\Old WorkAreas\\OldWorkAreaRects - 00 00 00 00 00 00 00 00 00 04 00 00 E2 02 00 00
Desktop\SafeMode -
Desktop\SafeMode\General -
Desktop\SafeMode\General\\Wallpaper - %SystemRoot%\Web\SafeMode.htt
Desktop\SafeMode\General\\VisitGallery - 0
Desktop\Scheme -
Desktop\Scheme\\Edit -
Desktop\Scheme\\Display -
>>>>Output for AddOn file Jobs.def<<<<
DIR - C:\WINDOWS\tasks\*.* - Parameters = Include SubFolders
C:\WINDOWS\tasks\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 8/4/2004 4:00:00 AM | Attr = RH ])
C:\WINDOWS\tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 11/19/2006 3:37:34 PM | Attr = H ])
>>>>Output for AddOn file Policies.def<<<<
KEY - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\Explorer -
policies\Explorer\\NoActiveDesktopChanges - 0
policies\Explorer\Run -
policies\NonEnum -
policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} - 1
policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} - 1073741857
policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - 32
policies\Ratings -
policies\system -
policies\system\\dontdisplaylastusername - 0
policies\system\\legalnoticecaption -
policies\system\\legalnoticetext -
policies\system\\shutdownwithoutlogon - 1
policies\system\\undockwithoutlogon - 1
policies\system\\DisableTaskMgr - 0
KEY - HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -
KEY - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies - Include SUBKEYS
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -
policies\ActiveDesktop -
policies\ActiveDesktop\\NoChangingWallPaper - 0
policies\ActiveDesktop\\NoAddingComponents - 0
policies\ActiveDesktop\\NoComponents - 0
policies\ActiveDesktop\\NoDeletingComponents - 0
policies\ActiveDesktop\\NoEditingComponents - 0
policies\ActiveDesktop\\NoCloseDragDropBands - 0
policies\ActiveDesktop\\NoMovingBands - 0
policies\ActiveDesktop\\NoHTMLWallPaper - 0
policies\Explorer -
policies\Explorer\\NoDriveTypeAutoRun - 145
policies\Explorer\\NoActiveDesktop - 0
policies\Explorer\\NoSaveSettings - 0
policies\Explorer\\ClassicShell - 0
policies\Explorer\\NoThemesTab - 0
policies\Explorer\\ForceActiveDesktopOn - 0
policies\System -
policies\System\\DisableRegistryTools - 0
policies\System\\DisableTaskMgr - 0
policies\System\\NoDispAppearancePage - 0
policies\System\\NoColorChoice - 0
policies\System\\NoSizeChoice - 0
policies\System\\NoDispBackgroundPage - 0
policies\System\\NoDispScrSavPage - 0
policies\System\\NoDispCPL - 0
policies\System\\NoVisualStyleChoice - 0
policies\System\\NoDispSettingsPage - 0
KEY - HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer - Include SUBKEYS
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer not found. -
>>>>Output for AddOn file SID_Run_Policies.def<<<<
KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run -
KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run - No SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run -
KEY - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145
KEY - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies - Include SUBKEYS
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies -
Policies\Explorer -
Policies\Explorer\\NoDriveTypeAutoRun - 145
< End of report >