Ok, here is the WinPFind2 log.
<Processes>
alg.exe - c:\windows\system32\alg.exe - (Microsoft Corporation )
avgamsvr.exe - c:\progra~1\grisoft\avgfre~1\avgamsvr.exe - (GRISOFT, s.r.o. )
avgcc.exe - c:\progra~1\grisoft\avgfre~1\avgcc.exe - (GRISOFT, s.r.o. )
avgemc.exe - c:\progra~1\grisoft\avgfre~1\avgemc.exe - (GRISOFT, s.r.o. )
avgupsvc.exe - c:\progra~1\grisoft\avgfre~1\avgupsvc.exe - (GRISOFT, s.r.o. )
csrss.exe - \??\c:\windows\system32\csrss.exe - (Microsoft Corporation )
dsagnt.exe - c:\program files\dell support\dsagnt.exe - (Gteko Ltd. )
ewido.exe - c:\program files\ewido anti-spyware 4.0\ewido.exe - (Anti-Malware Development a.s. )
explorer.exe - c:\windows\explorer.exe - (Microsoft Corporation )
firefox.exe - c:\program files\mozilla firefox\firefox.exe - (Mozilla Corporation )
guard.exe - c:\program files\ewido anti-spyware 4.0\guard.exe - (Anti-Malware Development a.s. )
hphipm09.exe - c:\windows\system32\hphipm09.exe - (HP )
hphmon03.exe - c:\windows\system32\hphmon03.exe - (Hewlett-Packard )
hpztsb04.exe - c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe - (HP )
intelmem.exe - c:\program files\intel\modem event monitor\intelmem.exe - (Intel Corporation )
ipodservice.exe - c:\program files\ipod\bin\ipodservice.exe - (Apple Computer, Inc. )
ituneshelper.exe - c:\program files\itunes\ituneshelper.exe - (Apple Computer, Inc. )
lsass.exe - c:\windows\system32\lsass.exe - (Microsoft Corporation )
mrtmngr.exe - c:\windows\system32\mrtmngr.exe - (Marimba Inc. )
msascui.exe - c:\program files\windows defender\msascui.exe - (Microsoft Corporation )
msmpeng.exe - c:\program files\windows defender\msmpeng.exe - (Microsoft Corporation )
nvsvc32.exe - c:\windows\system32\nvsvc32.exe - (NVIDIA Corporation )
pcmservice.exe - c:\program files\dell\media experience\pcmservice.exe - (CyberLink Corp. )
pdvdserv.exe - c:\program files\cyberlink\powerdvd\pdvdserv.exe - (Cyberlink Corp. )
profiler.exe - c:\program files\saitek\software\profiler.exe - (Saitek )
qagent.exe - c:\program files\quickenw\qagent.exe - ( )
qttask.exe - c:\program files\quicktime\qttask.exe - (Apple Computer, Inc. )
razerhid.exe - c:\program files\razer\copperhead\razerhid.exe - ( )
razerofa.exe - c:\program files\razer\copperhead\razerofa.exe - (Razer Inc. )
razertra.exe - c:\program files\razer\copperhead\razertra.exe - ( )
realsched.exe - c:\program files\common files\real\update_ob\realsched.exe - (RealNetworks, Inc. )
rssreader.exe - c:\program files\rssreader\rssreader.exe - (Ykoon )
saimfd.exe - c:\program files\saitek\software\saimfd.exe - (Saitek )
saismart.exe - c:\program files\saitek\software\saismart.exe - (Saitek )
services.exe - c:\windows\system32\services.exe - (Microsoft Corporation )
smss.exe - \systemroot\system32\smss.exe - (Microsoft Corporation )
spoolsv.exe - c:\windows\system32\spoolsv.exe - (Microsoft Corporation )
ssaad.exe - c:\progra~1\sony\sonics~1\ssaad.exe - ( )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
svchost.exe - c:\windows\system32\svchost.exe - (Microsoft Corporation )
wdfmgr.exe - c:\windows\system32\wdfmgr.exe - (Microsoft Corporation )
winlogon.exe - \??\c:\windows\system32\winlogon.exe - (Microsoft Corporation )
winpfind2.exe - c:\documents and settings\brian\desktop\winpfind2\winpfind2\winpfind2.exe - (OldTimer Tools )
<Registry Entries>
Version Info
WinPFind2 by OldTimer - Version 1.0.3 -
Microsoft Windows XP Version = Service Pack 2 -
Internet Explorer Version = 6.0.2900.2180 -
Internet Explorer Settings
HKLM->Main\\Start Page -
http://www.comcast.net/
HKLM->Main\\Search Page -
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM->Main\\Default Page -
http://www.dell4me.com/mywaybiz
HKLM->Main\\Default Search -
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM->Main\\Local Page - C:\WINDOWS\about.htm
HKCU->Main\\Start Page -
http://www.comcast.net/
HKCU->Main\\Search Page -
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU->Main\\Local Page - C:\WINDOWS\about.htm
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride -
BHO's
HKLM->Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
HKLM->Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc. )
HKLM->Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4} - ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation )
HKLM->Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation )
Internet Explorer Bars, Toolbars and Extensions
HKCU->Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
HKCU->Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKLM->Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
HKLM->Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKLM->Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation )
HKCU->Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
HKCU->Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
HKCU->Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
HKCU->Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation )
HKLM->ToolBar\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation )
HKCU->Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 - Sun Java Console
HKCU->Extensions\CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8193 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - 8194 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{669B269B-0D4E-41FB-A3D8-FD67CA94F646} - 8201 -
HKCU->Extensions\CmdMapping\\{8828075D-D097-4055-AA02-2DBFA9D85E8A} - 8202 -
HKCU->Extensions\CmdMapping\\{97809617-3937-4F84-B335-9BB05EF1A8D4} - 8203 -
HKCU->Extensions\CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750} - 8198 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} - 8200 - Share in H&ello
HKCU->Extensions\CmdMapping\\{cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - 8195 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8196 -
HKCU->Extensions\CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8199 - Reg Data missing or invalid
HKCU->Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8197 - Windows Messenger
HKCU->Extensions\CmdMapping\\NextId - 8204
HKLM->Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll (Sun Microsystems, Inc. )
HKLM->Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = Reg Data missing or invalid (File not found))
HKLM->Extensions\{669B269B-0D4E-41FB-A3D8-FD67CA94F646} - ButtonText: ComcastHSI =
http://www.comcast.net/ (File not found))
HKLM->Extensions\{8828075D-D097-4055-AA02-2DBFA9D85E8A} - ButtonText: Support =
http://www.comcastsupport.com/ (File not found))
HKLM->Extensions\{97809617-3937-4F84-B335-9BB05EF1A8D4} - ButtonText: Help =
http://online.comcast.net/help/ (File not found))
HKLM->Extensions\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} - ButtonText: Share in Hello = (File not found))
HKLM->Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = (File not found))
HKLM->Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d} - ButtonText: MUSICMATCH MX Web Player =
http://wwws.musicmatch.com/mmz/openWebRadio.html (File not found))
HKLM->Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )
HKLM->Extensions\CmdMapping - MenuText: = Reg Data missing or invalid (File not found))
HKLM->Extensions\CmdMapping (HKCU CLSID) - MenuText: = Reg Data missing or invalid (File not found))
HKCU->MenuExt\&AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML (File not found))
HKCU->MenuExt\&Translate English Word - (File not found))
HKCU->MenuExt\E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation )
Approved Shell Extensions (Non-Microsoft only)
HKLM->Shell Extensions\Approved\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll ( )
HKLM->Shell Extensions\Approved\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll ( )
HKLM->Shell Extensions\Approved\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll ( )
HKLM->Shell Extensions\Approved\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found))
HKLM->Shell Extensions\Approved\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc. )
HKLM->Shell Extensions\Approved\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
HKLM->Shell Extensions\Approved\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
HKLM->Shell Extensions\Approved\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation )
HKLM->Shell Extensions\Approved\{AB77609F-2178-4E6F-9C4B-44AC179D937A} - a² Context Menu Shell Extension = Reg Data missing or invalid (File not found))
HKLM->Shell Extensions\Approved\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
HKLM->Shell Extensions\Approved\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc. )
HKLM->Shell Extensions\Approved\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. )
HKLM->Shell Extensions\Approved\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation )
ContextMenuHandlers (Non-Microsoft only)
HKLM->* - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
HKLM->* - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
HKLM->* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
HKLM->Directory - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
HKLM->Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
HKLM->Directory\Background - 00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll ( )
HKLM->Directory\Background - NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation )
HKLM->Folder - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o. )
HKLM->Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
ColumnHandlers (Non-Microsoft only)
HKLM->Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )
Registry Run Keys
HKLM->Run\\!ewido - "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized (Anti-Malware Development a.s. )
HKLM->Run\\AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP (GRISOFT, s.r.o. )
HKLM->Run\\Copperhead - C:\Program Files\Razer\Copperhead\razerhid.exe ( )
HKLM->Run\\HPDJ Taskbar Utility - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP )
HKLM->Run\\HPHmon03 - C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard )
HKLM->Run\\IntelMeM - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation )
HKLM->Run\\iTunesHelper - "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc. )
HKLM->Run\\MISAggregator - (File not found))
HKLM->Run\\NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (File not found))
HKLM->Run\\nwiz - nwiz.exe /install ( )
HKLM->Run\\PCMService - "C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp. )
HKLM->Run\\Profiler - C:\Program Files\Saitek\Software\Profiler.exe (Saitek )
HKLM->Run\\QAGENT - C:\Program Files\QUICKENW\QAGENT.EXE ( )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\RemoteControl - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" (Cyberlink Corp. )
HKLM->Run\\SaiMfd - C:\Program Files\Saitek\Software\SaiMfd.exe (Saitek )
HKLM->Run\\SaiSmart - C:\Program Files\Saitek\Software\SaiSmart.exe (Saitek )
HKLM->Run\\SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ( )
HKLM->Run\\SunJavaUpdateSched - "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" (Sun Microsystems, Inc. )
HKLM->Run\\TkBellExe - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc. )
HKLM->Run\\Windows Defender - "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\DellSupport - "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd. )
HKCU->Run\\RssReader - C:\Program Files\RssReader\RssReader.exe (Ykoon )
HKCU->Run\\Steam - (File not found))
Startup Lnks
HKLM->Common Startup - Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated )
HKLM->Common Startup - DESKTOP.INI - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI ( )
HKLM->Common Startup - Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation )
HKCU->Startup - DESKTOP.INI - C:\Documents and Settings\Brian\Start Menu\Programs\Startup\DESKTOP.INI ( )
Disabled MSConfig Items
HKLM->StartUpReg\HP Component Manager - hpcmpmgr = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (File not found))
HKLM->StartUpReg\MSMSGS - msmsgs = "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation )
HKLM->StartUpReg\MsnMsgr - MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation )
HKLM->StartUpReg\PicasaNet - Hello = "C:\Program Files\Hello\Hello.exe" -b (Picasa, Inc. )
HKLM->StartUpReg\WildTangent CDA - cdaEngine0400 = RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain (File not found))
HKLM->StartUpReg\Yahoo! Pager - ypager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (File not found))
User Agent Post Platform
HKLM->Post Platform\\SV1 -
AppInit DLLs
HKLM->Windows\\AppInit_DLLs - (File not found))
Image File Execution Options
HKLM->Image File Execution Options\Your Image File Name Here without a path - Debugger = ntsd -d
Shell Service Object Delay Load
HKLM->ShellServiceObjectDelayLoad\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
HKLM->ShellServiceObjectDelayLoad\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
HKLM->ShellServiceObjectDelayLoad\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation )
HKLM->ShellServiceObjectDelayLoad\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )
Shell Execute Hooks
HKLM->ShellExecuteHooks\\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - Microsoft AntiMalware ShellExecuteHook = C:\PROGRA~1\WINDOW~4\MpShHook.dll (Microsoft Corporation )
HKLM->ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s. )
HKLM->ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )
Shared Task Scheduler
HKLM->SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
HKLM->SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
Winlogon
HKLM->Winlogon\\UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->Winlogon\\Shell - Explorer.exe (Microsoft Corporation )
HKLM->Winlogon\\System - (File not found))
HKLM->Winlogon\Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\cscdll - cscdll.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\Schedule - wlnotify.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\termsrv - wlnotify.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
HKLM->Winlogon\Notify\wlballoon - wlnotify.dll (Microsoft Corporation )
DNS Name Servers
HKLM->Interfaces\{144BFDED-DCBD-496B-9DB3-0913D44FD5B8} - (Intel(R) PRO/100 VE Network Connection)
HKLM->Interfaces\{ABCACAEE-2880-4EFF-8E80-CD973FDC4A80} - ()
Winsock2 Catalogs (Non-Microsoft only)
Protocol Handlers (Non-Microsoft only)
HKLM->PROTOCOLS\Handler\ipp - (File not found))
HKLM->PROTOCOLS\Handler\msdaipp - (File not found))
Protocol Filters (Non-Microsoft only)
<Services>
Application Layer Gateway Service - ALG - On Demand - Running - Win32, running in it's own process - C:\WINDOWS\System32\alg.exe (Microsoft Corporation )
Windows Audio - AudioSrv - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
AVG7 Alert Manager Server - Avg7Alrt - Automatic - Running - Win32, running in it's own process - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (GRISOFT, s.r.o. )
AVG7 Update Service - Avg7UpdSvc - Automatic - Running - Win32, running in it's own process - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (GRISOFT, s.r.o. )
AVG E-mail Scanner - AVGEMS - Automatic - Running - Win32, running in it's own process - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (GRISOFT, s.r.o. )
Background Intelligent Transfer Service - BITS - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Computer Browser - Browser - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Cryptographic Services - CryptSvc - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
DCOM Server Process Launcher - DcomLaunch - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost -k DcomLaunch (Microsoft Corporation )
DHCP Client - Dhcp - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
DNS Client - Dnscache - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k NetworkService (Microsoft Corporation )
Error Reporting Service - ERSvc - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Event Log - Eventlog - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\services.exe (Microsoft Corporation )
COM+ Event System - EventSystem - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
ewido anti-spyware 4.0 guard - ewido anti-spyware 4.0 guard - Automatic - Running - Win32, running in it's own process - C:\Program Files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. )
Fast User Switching Compatibility - FastUserSwitchingCompatibility - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Help and Support - helpsvc - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
HID Input Service - HidServ - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
iPodService - iPodService - On Demand - Running - Win32, running in it's own process - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc. )
Server - lanmanserver - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Workstation - lanmanworkstation - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
TCP/IP NetBIOS Helper - LmHosts - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation )
Network Connections - Netman - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Network Location Awareness (NLA) - Nla - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
NVIDIA Display Driver Service - NVSvc - Automatic - Running - Win32, running in it's own process - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation )
Plug and Play - PlugPlay - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\services.exe (Microsoft Corporation )
Pml Driver - Pml Driver - On Demand - Running - Win32, running in it's own process - C:\WINDOWS\system32\HPHipm09.exe (HP )
IPSEC Services - PolicyAgent - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\lsass.exe (Microsoft Corporation )
Protected Storage - ProtectedStorage - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation )
Remote Access Connection Manager - RasMan - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Remote Procedure Call (RPC) - RpcSs - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost -k rpcss (Microsoft Corporation )
Security Accounts Manager - SamSs - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\lsass.exe (Microsoft Corporation )
Task Scheduler - Schedule - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Secondary Logon - seclogon - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
System Event Notification - SENS - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
Windows Firewall/Internet Connection Sharing (ICS) - SharedAccess - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Shell Hardware Detection - ShellHWDetection - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Print Spooler - Spooler - Automatic - Running - Win32, running in it's own process - C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation )
SSDP Discovery Service - SSDPSRV - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation )
Windows Image Acquisition (WIA) - stisvc - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k imgsvc (Microsoft Corporation )
Telephony - TapiSrv - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Terminal Services - TermService - On Demand - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost -k DComLaunch (Microsoft Corporation )
Themes - Themes - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Distributed Link Tracking Client - TrkWks - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
Windows User Mode Driver Framework - UMWdf - Automatic - Running - Win32, running in it's own process - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation )
Windows Time - w32time - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
WebClient - WebClient - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k LocalService (Microsoft Corporation )
Windows Defender Service - WinDefend - Automatic - Running - Win32, running in it's own process - "C:\Program Files\Windows Defender\MsMpEng.exe" (Microsoft Corporation )
Windows Management Instrumentation - winmgmt - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
Security Center - wscsvc - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
Automatic Updates - wuauserv - Automatic - Running - Win32, running in it's own process - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation )
Wireless Zero Configuration - WZCSVC - Automatic - Running - Win32, running in a shared process - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation )
<Files>
AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\DESKTOP.INI - ( [Ver = | Size = 62 bytes | Date = 09/03/2002 06:50 | Attr = HS])
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache - ( [Ver = | Size = 1772 bytes | Date = 08/07/2006 10:52 | Attr = ])
CurrentUser ApplicationData Folder
C:\Documents and Settings\Brian\Application Data\.googlewebacchosts - ( [Ver = | Size = 0 bytes | Date = 11/17/2005 22:36 | Attr = ])
C:\Documents and Settings\Brian\Application Data\DESKTOP.INI - ( [Ver = | Size = 62 bytes | Date = 09/03/2002 06:50 | Attr = HS])
C:\Documents and Settings\Brian\Application Data\GDIPFONTCACHEV1.DAT - ( [Ver = | Size = 41296 bytes | Date = 04/24/2005 20:17 | Attr = ])
C:\Documents and Settings\Brian\Application Data\PFP120JCM.{PB - ( [Ver = | Size = 12358 bytes | Date = 10/24/2004 14:29 | Attr = ])
C:\Documents and Settings\Brian\Application Data\PFP120JPR.{PB - ( [Ver = | Size = 61678 bytes | Date = 10/24/2004 14:29 | Attr = ])
DPF files
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase =
http://www.kaspersky.com/kos/eng/partne ... nicode.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase =
http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - FilePlanet Download Control Class - CodeBase =
http://www.fileplanet.com/fpdlmgr/cabs/ ... 2.1.87.cab
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - QDiagAOLCCUpdateObj Class - CodeBase =
http://aolcc.aol.com/computercheckup/qdiagcc.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - - CodeBase =
http://download.mcafee.com/molbin/share ... insctl.cab
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - GSDACtl Class - CodeBase =
https://www.gamespyid.com/alaunch.cab
{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - Wwlaunch Control - CodeBase =
http://www.worldwinner.com/games/shared/wwlaunch.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_08 - CodeBase =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - WoF Control - CodeBase =
http://www.worldwinner.com/games/v45/wof/wof.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - - CodeBase =
http://download.mcafee.com/molbin/share ... cgdmgr.cab
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - - CodeBase =
http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - Java Plug-in 1.4.0 - CodeBase =
http://java.sun.com/update/1.4.0/jinsta ... s-i586.cab
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase =
http://download.macromedia.com/pub/shoc ... wflash.cab
{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - MSN Chat Control 4.5 - CodeBase =
http://chat.msn.com/controls/msnchat45.cab
Hosts file = 734 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright (c) 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -