fitzgig06 Posted September 18, 2006 Report Share Posted September 18, 2006 I was looking at my msconfig startup tab & noticed a bunch of square symbols as the "startup item" & the "command" with the "location" of (HKCU/SOFWARE/Microsoft/Windows NT/CurrentVersion/Windows: Load) ... does anybody know what this is? & should I take it off of my start up!? **here's my HJT log**Logfile of HijackThis v1.99.1Scan saved at 5:11:53 PM, on 9/18/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5346.0005)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\Keyhook.exeC:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exeC:\Program Files\AWS\WeatherBug\Weather.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\PopTray\PopTray.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\alg.exeC:\Program Files\AIM\aim.exeC:\Program Files\Avant Browser\avant.exeC:\Program Files\Netscape\Netscape\Netscp.exeC:\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebs.com/magichatter06/index.htmR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet ExplorerN3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Vita Schacht\Application Data\Mozilla\Profiles\default\mkem1hcr.slt\prefs.js)N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Vita Schacht\Application Data\Mozilla\Profiles\default\mkem1hcr.slt\prefs.js)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dllO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dllO4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exeO4 - HKLM\..\Run: [systemGuardAlerter] C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exeO4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exeO4 - User Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htmO8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htmO8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htmO8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htmO8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htmO8 - Extra context menu item: Popup Stopper - Add to Black List - C:\Documents and Settings\Vita Schacht\AddToPSBlackList.htmO8 - Extra context menu item: Popup Stopper - Add to White List - C:\Documents and Settings\Vita Schacht\AddToPSWhiteList.htmO8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dllO9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)O11 - Options group: [iNTERNATIONAL] International*O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://Www.Wintergreensys.comO16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cabO16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cabO16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cabO16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cabO16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cabO16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1102809276359O16 - DPF: {6C6A77C7-B4CC-4792-BB9D-5B50A211F69E} (ProductInformation Control) - http://www.iolo.com/app/ocx/ProductInformation.ocxO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158418716640O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cabO16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://www.ghostsandlegends.com/AxisCamControl.ocxO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CABO16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.filelodge.com/ImageUploader3.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cabO16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cabO16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://sympatico.zone.msn.com/bingame/shpo/default/shapo.cabO16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/apop/default/popcaploader_v6.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...749/mcfscan.cabO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exeO23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Quote Link to post Share on other sites
therock247uk Posted September 19, 2006 Report Share Posted September 19, 2006 Download WindPFindExtract WinPFind.zip to your c:\ folder.Reboot your computer into Safe ModeThen open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic. Quote Link to post Share on other sites
fitzgig06 Posted September 19, 2006 Author Report Share Posted September 19, 2006 **I didn't quite do it in safe mode b/c I'm using the internet, but I went ahead and did the scan anyway to see if there are any problems**WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Logfile created on: 9/18/2006 8:47:10 PMWinPFind v1.5.0 Folder = C:\WinPFind\Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)Internet Explorer (Version = 7.0.5346.5)»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»Checking %SystemDrive% folder...Checking %ProgramFilesDir% folder...Checking %WinDir% folder...PEC2 4/24/2006 4:43:36 PM 1374720 C:\WINDOWS\goInstaller.exe (IONWORX Technology)PECompact2 4/24/2006 4:43:36 PM 1374720 C:\WINDOWS\goInstaller.exe (IONWORX Technology)UPX! 1/19/2006 5:37:46 PM 39424 C:\WINDOWS\zipinst.exe (NirSoft)Checking %System% folder...WSUD 10/8/2003 4:05:36 AM 13426176 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)UPX! 8/8/2006 12:53:28 PM 635520 C:\WINDOWS\SYSTEM32\aswBoot.exe ()PEC2 3/31/2003 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()aspack 8/16/2006 3:23:40 PM 1212928 C:\WINDOWS\SYSTEM32\Incinerator.dll ()PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)PECompact2 9/11/2006 1:37:22 PM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)aspack 9/11/2006 1:37:22 PM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)aspack 8/4/2004 1:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)WSUD 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)qoologic 3/29/2005 3:18:04 PM 9722631 C:\WINDOWS\SYSTEM32\pav.sig ()aspack 3/29/2005 3:18:04 PM 9722631 C:\WINDOWS\SYSTEM32\pav.sig ()SAHAgent 3/29/2005 3:18:04 PM 9722631 C:\WINDOWS\SYSTEM32\pav.sig ()winsync 3/29/2005 3:18:04 PM 9722631 C:\WINDOWS\SYSTEM32\pav.sig ()Umonitor 8/4/2004 1:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)UPX! 4/30/2006 9:01:42 AM 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)UPX! 4/30/2006 9:01:44 AM 42496 C:\WINDOWS\SYSTEM32\swreg.exe ()UPX! 4/30/2006 9:01:46 AM 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()winsync 3/31/2003 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)Checking %System%\Drivers folder and sub-folders...Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hostsChecking the Windows folder and sub-folders for system and hidden files within the last 60 days... 9/18/2006 8:29:46 AM S 2048 C:\WINDOWS\bootstat.dat () 7/22/2006 12:40:04 PM H 54156 C:\WINDOWS\QTFont.qfn () 9/15/2006 10:49:32 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index3d.dat () 9/17/2006 8:31:38 AM H 0 C:\WINDOWS\inf\oem26.inf () 9/18/2006 4:40:48 PM H 0 C:\WINDOWS\LastGood\INF\oem27.inf () 9/18/2006 4:40:48 PM H 0 C:\WINDOWS\LastGood\INF\oem27.PNF () 7/27/2006 10:00:28 AM S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat () 7/21/2006 5:03:14 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat () 8/21/2006 9:00:10 AM S 11749 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat () 9/18/2006 8:38:06 PM H 1024 C:\WINDOWS\system32\config\default.LOG () 9/18/2006 8:29:50 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG () 9/18/2006 8:40:08 AM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG () 9/18/2006 8:47:20 PM H 1024 C:\WINDOWS\system32\config\software.LOG () 9/18/2006 8:53:12 PM H 1024 C:\WINDOWS\system32\config\system.LOG () 9/13/2006 9:52:26 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG () 9/16/2006 11:46:24 AM H 1024 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG () 9/3/2006 10:14:40 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\ef45a545-f6c5-4047-b774-ac10d468e5ac () 9/3/2006 10:14:40 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred () 9/18/2006 8:33:06 AM H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job () 9/18/2006 8:30:00 AM H 6 C:\WINDOWS\Tasks\SA.DAT ()Checking for CPL files... 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation) 10/8/2003 4:05:36 AM 13426176 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.) 8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation) 4/13/2006 11:21:20 PM 1405952 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation) 9/28/2004 9:26:02 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems) 3/31/2003 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation) 3/31/2003 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation) 9/23/2004 7:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.) 8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation) 3/31/2003 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation) 5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation) 8/23/2005 4:08:42 AM 3046016 C:\WINDOWS\SYSTEM32\wxfw.cpl (The Weather Channel Interactive) 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation) 4/13/2006 11:21:20 PM 1405952 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation) 3/31/2003 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation) 3/31/2003 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation) 3/31/2003 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation) 8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation) 5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)Checking for Downloaded Program Files...{01010E00-5E80-11D8-9E86-0007E96C65AE} - SupportSoft SmartIssue - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab{01012101-5E80-11D8-9E86-0007E96C65AE} - SupportSoft Script Runner Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab{05D44720-58E3-49E6-BDF6-D00330E511D3} - StagingUI Object - CodeBase = http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab{0E5F0222-96B9-11D3-8997-00104BD12D94} - PCPitstop Utility - CodeBase = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/get/shockwa...director/sw.cab{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204{1F2F4C9E-6F09-47BC-970D-3C54734667FE} - LSSupCtl Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab{215B8138-A3CF-44C5-803F-8226143CFC0A} - Trend Micro ActiveX Scan Agent 6.5 - CodeBase = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab{233C1507-6A77-46A4-9443-F871F945D258} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - YInstStarter Class - CodeBase = http://download.yahoo.com/dl/yinst/yinst_current.cab{31E68DE2-5548-4B23-88F0-C51E6A0F695E} - Microsoft PID Sniffer - CodeBase = https://support.microsoft.com/OAS/ActiveX/odc.cab{3BB54395-5982-4788-8AF4-B5388FFDD0D8} - ZoneBuddy Class - CodeBase = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc2.cab{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab{5736C456-EA94-4AAC-BB08-917ABDD035B3} - ZonePAChat Object - CodeBase = http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab{5F8469B4-B055-49DD-83F7-62B522420ECC} - Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/Facebo...otoUploader.cab{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://v5.windowsupdate.microsoft.com/v5co...b?1102809276359{6C6A77C7-B4CC-4792-BB9D-5B50A211F69E} - ProductInformation Control - CodeBase = http://www.iolo.com/app/ocx/ProductInformation.ocx{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdat...b?1158418716640{6FDB0065-2787-11D6-B1D8-0001023916FC} - CLOActiveXInstaller Control - CodeBase = http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - MJLauncherCtrl Class - CodeBase = http://zone.msn.com/bingame/chnz/default/mjolauncher.cab{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.4.2_06 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab{917623D1-D8E5-11D2-BE8B-00104B06BDE3} - - CodeBase = http://www.ghostsandlegends.com/AxisCamControl.ocx{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab{9FC5238F-12C4-454F-B1B5-74599A21DE47} - Webshots Photo Uploader - CodeBase = http://community.webshots.com/html/WSPhotoUploader.CAB{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - Aurigma Image Uploader 3.5 Control - CodeBase = http://www.filelodge.com/ImageUploader3.cab{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMesse...pDownloader.cab{B8BE5E93-A60C-4D26-A2DC-220313175592} - ZoneIntro Class - CodeBase = http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab{CAC181B0-4D70-402D-B571-C596A47D0CE0} - CBankshotZoneCtrl Class - CodeBase = http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - Java Plug-in 1.4.1_02 - CodeBase = http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - Java Plug-in 1.4.2_06 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - ActiveDataInfo Class - CodeBase = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab{D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} - Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/Facebo...otoUploader.cab{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - TikGames Online Control - CodeBase = http://sympatico.zone.msn.com/bingame/shpo/default/shapo.cab{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - StadiumProxy Class - CodeBase = http://zone.msn.com/binframework/v10/StProxy.cab41227.cab{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - - CodeBase = http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab{E5D419D6-A846-4514-9FAD-97E826C84822} - HeartbeatCtl Class - CodeBase = http://fdl.msn.com/zone/datafiles/heartbeat.cab{E7D2588A-7FB5-47DC-8830-832605661009} - Live Collaboration - CodeBase = http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-loc/...749/mcfscan.cabMicrosoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cabYahoo! Pool 2 - - CodeBase = http://download.games.yahoo.com/games/clients/y/pote_x.cab»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»Checking files in %ALLUSERSPROFILE%\Startup folder... 8/16/2004 6:35:46 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()Checking files in %ALLUSERSPROFILE%\Application Data folder... 7/13/2006 3:15:38 PM 305 C:\Documents and Settings\All Users\Application Data\addr_file.html () 8/16/2004 1:26:12 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini () 12/10/2004 7:40:12 PM 191 C:\Documents and Settings\All Users\Application Data\hpzinstall.log () 1/8/2006 10:23:30 PM H 63 C:\Documents and Settings\All Users\Application Data\Ts_infos.ini ()Checking files in %USERPROFILE%\Startup folder... 8/16/2004 6:35:46 PM HS 84 C:\Documents and Settings\Vita Schacht\Start Menu\Programs\Startup\desktop.ini () 3/25/2006 12:46:52 PM 678 C:\Documents and Settings\Vita Schacht\Start Menu\Programs\Startup\PopTray.lnk ()Checking files in %USERPROFILE%\Application Data folder... 8/16/2004 1:26:12 PM HS 62 C:\Documents and Settings\Vita Schacht\Application Data\desktop.ini ()»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»>>> Internet Explorer Settings <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] \\Start Page - http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID} \\Search Page - http://go.microsoft.com/fwlink/?LinkId=54896 \\Default_Page_URL - http://go.microsoft.com/fwlink/?LinkId=54729 \\Default_Search_URL - http://go.microsoft.com/fwlink/?LinkId=54896[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] \\Start Page - http://www.freewebs.com/magichatter06/index.htm \\Search Page - http://www.google.com \\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)>>> BHO's <<<[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] \{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) \{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) \{724d43a9-0d85-11d4-9908-00400523e39a} - = C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)>>> Internet Explorer Bars, Toolbars and Extensions <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] \{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = () \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] \{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = () \{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] \\{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm = C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] \ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = () \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation) \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} - &RoboForm = C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems) \WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Toolbar = () \WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = () \WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = () \WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - = ()[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping] \\NEXTID - 8206 \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console \\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8194 = \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8195 = Windows Messenger \\{320AF880-6646-11D3-ABEE-C5DBF3571F46} - 8196 = Fill Forms \\{320AF880-6646-11D3-ABEE-C5DBF3571F49} - 8197 = Save Forms \\{724d43aa-0d85-11d4-9908-00400523e39a} - 8198 = RoboForm Toolbar \\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8199 = \\{7130DF06-BBC1-4e16-83D4-1F875E65B695} - 8200 = \\{A75C6120-9B36-11d4-A3F0-009027427750} - 8201 = \\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8202 = Yahoo! Messenger \\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - 8203 = \\{91663649-416A-42A5-8E54-B63C1ECA0548} - 8204 = \\{85d1f590-48f4-11d9-9669-0800200c9a66} - 8205 = Uninstall BitDefender Online Scanner v8[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll (JavaSoft / Sun Microsystems, Inc.) \{320AF880-6646-11D3-ABEE-C5DBF3571F46} - ButtonText: Fill Forms = file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html \{320AF880-6646-11D3-ABEE-C5DBF3571F49} - ButtonText: Save = file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html \{724d43aa-0d85-11d4-9908-00400523e39a} - ButtonText: RoboForm = file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html \{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = () \{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research = \{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Program Files\AIM\aim.exe (America Online, Inc.) \{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - ButtonText: Yahoo! Messenger = C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe () \{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)>>> Approved Shell Extensions (Non-Microsoft Only) <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = () \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = () \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = () \\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = () \\{EFA24E61-B078-11d0-89E4-00C04FC9E26E} - Favorites Band = () \\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = () \\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = () \\{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001} - Macromedia FTP & RDS = C:\WINDOWS\system32\CfShellFtpRds.dll (Macromedia, Inc.) \\{03A80B1D-5C6A-42c2-9DFB-81B6005D8023} - Trend Micro Anti-Spyware Shell Extension = C:\Program Files\Trend Micro\Tmas\sshook.dll (Trend Micro Incorporated) \\{E07111B5-44B3-4DD6-B77E-1FA21F1F3A37} - iolo Context Defrag = () \\{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} - TrojanHunter Menu Shell Extension = () \\{472083B0-C522-11CF-8763-00608CC02F24} - avast = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) \\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = ()[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]>>> Context Menu Handlers (Non-Microsoft Only) <<<[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers] \avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software) \SM_ContextDefrag - = ()[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers] \Copy To - = () \Move To - = ()[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers] \SM_ContextDefrag - = ()[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers][HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers] \avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)>>> Column Handlers (Non-Microsoft Only) <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] \{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)>>> Registry Run Keys <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] {0228e555-4f9c-4e35-a3ec-b109a192b4c2} - C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe (Google Inc.) avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe () SiS Windows KeyHook - C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) SystemGuardAlerter - C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe ()[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Weather - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]>>> Startup Links <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup] C:\Documents and Settings\Vita Schacht\Start Menu\Programs\Startup\desktop.ini () C:\Documents and Settings\Vita Schacht\Start Menu\Programs\Startup\PopTray.lnk - C:\Program Files\PopTray\PopTray.exe (Renier Crause)>>> MSConfig Disabled Items <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFromHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandToHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\servicesHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolderHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup location Common Startup command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE item Adobe Reader Speed LaunchHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CleanSweep Smart Sweep-Internet Sweep.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CleanSweep Smart Sweep-Internet Sweep.lnk backup C:\WINDOWS\pss\CleanSweep Smart Sweep-Internet Sweep.lnkCommon Startup location Common Startup command C:\PROGRA~1\NORTON~1\NORTON~2\csinsmnt.exe item CleanSweep Smart Sweep-Internet SweepHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup location Common Startup command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe item hp psc 1000 seriesHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup location Common Startup command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe item hpoddt01.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup location Common Startup command C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l item Microsoft OfficeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup location Common Startup command C:\WINDOWS\Installer\{1F90C982-33C6-11D3-A3E0-00C04F7989D8}\8A70A30D.exe item Microsoft Works Calendar RemindersHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk backup C:\WINDOWS\pss\SpySubtract.lnkCommon Startup location Common Startup command C:\PROGRA~1\INTERM~1\SPYSUB~1\SpySub.exe -autostart item SpySubtractHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express Calendar Checker For My Custom Edition.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express Calendar Checker For My Custom Edition.lnk backup C:\WINDOWS\pss\Ulead Photo Express Calendar Checker For My Custom Edition.lnkCommon Startup location Common Startup command C:\PROGRA~1\ULEADS~1\ULEADP~1.0MY\CalCheck.exe item Ulead Photo Express Calendar Checker For My Custom EditionHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Watch.lnk backup C:\WINDOWS\pss\Watch.lnkCommon Startup location Common Startup command C:\PROGRA~1\DCSERI~1\Console\Watch.exe item WatchHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Vita Schacht^Start Menu^Programs^Startup^BHODemon 2.0.lnk path C:\Documents and Settings\Vita Schacht\Start Menu\Programs\Startup\BHODemon 2.0.lnk backup C:\WINDOWS\pss\BHODemon 2.0.lnkStartup location Startup command C:\PROGRA~1\BHODEM~1\BHODemon.exe item BHODemon 2.0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Vita Schacht^Start Menu^Programs^Startup^Poppy for Windows.lnk path C:\Documents and Settings\Vita Schacht\Start Menu\Programs\Startup\Poppy for Windows.lnk backup C:\WINDOWS\pss\Poppy for Windows.lnkStartup location Startup command C:\PROGRA~1\Poppy\Poppy.exe item Poppy for WindowsHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Vita Schacht^Start Menu^Programs^Startup^Webshots.lnk path C:\Documents and Settings\Vita Schacht\Start Menu\Programs\Startup\Webshots.lnk backup C:\WINDOWS\pss\Webshots.lnkStartup location Startup command C:\PROGRA~1\Webshots\Launcher.exe /t item WebshotsHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkey HKCU command inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aim6 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkey HKCU command inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ctfmon hkey HKCU command C:\WINDOWS\system32\ctfmon.exe inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DeadAIM key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item DeadAIM hkey HKLM command rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DW4 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item DesktopWeather hkey HKCU command "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Extreme Messenger for AIM key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ExtremeMessenger hkey HKCU command C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FLMK08KB key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MMKEYBD hkey HKLM command C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FLMOFFICE4DMOUSE key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item mouse32a hkey HKLM command C:\Program Files\Browser Mouse\mouse32a.exe inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gcasServ key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item gcasServ hkey HKLM command "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoGoTray.exe key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item GoGoTray hkey HKCU command C:\Program Files\GoGoData.com\GoGoData AdBuster\GoGoTray.exe inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item GoogleDesktop hkey HKLM command "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HostManager key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item AOLSoftware hkey HKLM command C:\Program Files\Common Files\AOL\1128456822\ee\AOLSoftware.exe inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item iTunesHelper hkey HKLM command C:\Program Files\iTunes\iTunesHelper.exe inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LWBMOUSE key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MOUSE32A hkey HKLM command C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mmtask key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item mmtask hkey HKLM command c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NeroCheck hkey HKLM command C:\WINDOWS\system32\\NeroCheck.exe inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCTVOICE key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item pctspk hkey HKLM command pctspk.exe inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PlaxoUpdate key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item PlaxoHelper hkey HKCU command C:\Program Files\Plaxo\2.5.6.21\PlaxoHelper.exe -a inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PrevxHome key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item SAGUI hkey HKLM command C:\Program Files\PREVX\Prevx Home\SAGUI.exe inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Program Files\QuickTime\qttask.exe" -atboottime inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StopSignSsTsMon key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item sstsmon hkey HKLM command Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ViewMgr key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ViewMgr hkey HKLM command C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe inimapping 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 2 services 0 startup 2[All Users Startup Folder Disabled Items][Current User Startup Folder Disabled Items]>>> User Agent Post Platform <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] \\Avant Browser - IEAK>>> AppInit Dll's <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]>>> Image File Execution Options <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] \Your Image File Name Here without a path - Debugger = ntsd -d>>> Shell Service Object Delay Load <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)>>> Shell Execute Hooks <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation) \\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - Microsoft AntiMalware ShellExecuteHook = C:\PROGRA~1\WINDOW~4\MpShHook.dll (Microsoft Corporation) \\{03A80B1D-5C6A-42c2-9DFB-81B6005D8023} - Trend Micro Anti-Spyware Shell Extension = C:\Program Files\Trend Micro\Tmas\sshook.dll (Trend Micro Incorporated) \\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - SABShellExecuteHook Class = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) \\{54D9498B-CF93-414F-8984-8CE7FDE0D391} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-malware\shellhook.dll ()>>> Shared Task Scheduler <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation) \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation) \\{553858A7-4922-4e7e-B1C1-97140C1C16EF} - IE Component Categories cache daemon = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)>>> Winlogon <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] \\UserInit = c:\windows\system32\userinit.exe, \\Shell = Explorer.exe \\System = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] \crypt32chain - crypt32.dll = (Microsoft Corporation) \cryptnet - cryptnet.dll = (Microsoft Corporation) \cscdll - cscdll.dll = (Microsoft Corporation) \SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll = (SUPERAntiSpyware.com) \ScCertProp - wlnotify.dll = (Microsoft Corporation) \Schedule - wlnotify.dll = (Microsoft Corporation) \sclgntfy - sclgntfy.dll = (Microsoft Corporation) \SensLogn - WlNotify.dll = (Microsoft Corporation) \termsrv - wlnotify.dll = (Microsoft Corporation) \WgaLogon - WgaLogon.dll = (Microsoft Corporation) \wlballoon - wlnotify.dll = (Microsoft Corporation)>>> DNS Name Servers <<< {26B72EC1-37BE-40FC-8816-F5F12DBF8886} - () {8B82BFDD-BDC3-46FF-868E-FDBED1EC8D10} - (SiS 900-Based PCI Fast Ethernet Adapter)>>> All Winsock2 Catalogs <<<[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries] \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation) \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation) \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries] \000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation) \000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation) \000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)>>> Protocol Handlers (Non-Microsoft Only) <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler] \ipp - () \msdaipp - ()>>> Protocol Filters (Non-Microsoft Only) <<<[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]>>> Selected AddOn's <<<»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Quote Link to post Share on other sites
fitzgig06 Posted September 19, 2006 Author Report Share Posted September 19, 2006 Edit\\ I installed a program called "starter" which just shows you what starts up ..& this is first on the list.."RunNarrator" ... "Narrator.exe" ..."Registry-Def User RunOnce"I have on idea what that is!? Quote Link to post Share on other sites
therock247uk Posted September 19, 2006 Report Share Posted September 19, 2006 Open Hijackthis click open the misc tools section > check mark List also minor sections (full) and List empty sections (complete) then click generate Startup list log post that log here in a reply. Quote Link to post Share on other sites
fitzgig06 Posted September 19, 2006 Author Report Share Posted September 19, 2006 StartupList report, 9/19/2006, 3:49:05 PMStartupList version: 1.52.2Started from : C:\HijackThis\HijackThis.EXEDetected: Windows XP SP2 (WinNT 5.01.2600)Detected: Internet Explorer v7.00 (7.00.5346.0005)* Using default options* Including empty and uninteresting sections* Showing rarely important sections==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\Keyhook.exeC:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exeC:\Program Files\AWS\WeatherBug\Weather.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\alg.exeC:\Program Files\PopTray\PopTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\AIM\aim.exeC:\Program Files\Avant Browser\avant.exeC:\HijackThis\HijackThis.exe--------------------------------------------------Listing of startup folders:Shell folders Startup:[C:\Documents and Settings\Vita Schacht\Start Menu\Programs\Startup]PopTray.lnk = C:\Program Files\PopTray\PopTray.exeShell folders AltStartup:*Folder not found*User shell folders Startup:[C:\Documents and Settings\Vita Schacht\Start Menu\Programs\Startup]PopTray.lnk = C:\Program Files\PopTray\PopTray.exeUser shell folders AltStartup:*Folder not found*Shell folders Common Startup:[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]*No files*Shell folders Common AltStartup:*Folder not found*User shell folders Common Startup:*Folder not found*User shell folders Alternate Common Startup:*Folder not found*--------------------------------------------------Checking Windows NT UserInit:[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]UserInit = c:\windows\system32\userinit.exe,[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]*Registry key not found*[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]*Registry value not found*[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\Runavast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeSiS Windows KeyHook = C:\WINDOWS\system32\Keyhook.exeSystemGuardAlerter = C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe{0228e555-4f9c-4e35-a3ec-b109a192b4c2} = C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce*No values found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx*No values found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*No values found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunWeather = C:\Program Files\AWS\WeatherBug\Weather.exe 1--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce*No values found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\Run[OptionalComponents]*No values found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\Run*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce*No subkeys found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------Autorun entries in Registry subkeys of:HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run*Registry key not found*--------------------------------------------------File association entry for .EXE:HKEY_CLASSES_ROOT\exefile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .COM:HKEY_CLASSES_ROOT\comfile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .BAT:HKEY_CLASSES_ROOT\batfile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .PIF:HKEY_CLASSES_ROOT\piffile\shell\open\command(Default) = "%1" %*--------------------------------------------------File association entry for .SCR:HKEY_CLASSES_ROOT\scrfile\shell\open\command(Default) = "%1" /s--------------------------------------------------File association entry for .HTA:HKEY_CLASSES_ROOT\htafile\shell\open\command(Default) = NOTEPAD.EXE %1--------------------------------------------------File association entry for .TXT:HKEY_CLASSES_ROOT\txtfile\shell\open\command(Default) = Notepad.exe %1--------------------------------------------------Enumerating Active Setup stub paths:HKLM\Software\Microsoft\Active Setup\Installed Components(* = disabled by HKCU twin)[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP[>{26923b43-4d38-484f-9b9e-de460746276c}] *StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub[{7790769C-0471-11d2-AF11-00C04FA35D02}] *StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install[{89820200-ECBD-11cf-8B85-00AA005B4340}] *StubPath = regsvr32.exe /s /n /i:U shell32.dll[{89820200-ECBD-11cf-8B85-00AA005B4383}] *StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install--------------------------------------------------Enumerating ICQ Agent Autostart apps:HKCU\Software\Mirabilis\ICQ\Agent\Apps*Registry key not found*--------------------------------------------------Load/Run keys from C:\WINDOWS\WIN.INI:load=*INI section not found*run=*INI section not found*Load/Run keys from Registry:HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*HKCU\..\Windows NT\CurrentVersion\Windows: load=HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=--------------------------------------------------Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:Shell=*INI section not found*SCRNSAVE.EXE=*INI section not found*drivers=*INI section not found*Shell & screensaver key from Registry:Shell=Explorer.exeSCRNSAVE.EXE=C:\WINDOWS\system32\ssmypics.scrdrivers=*Registry value not found*Policies Shell key:HKCU\..\Policies: Shell=*Registry value not found*HKLM\..\Policies: Shell=*Registry value not found*--------------------------------------------------Checking for EXPLORER.EXE instances:C:\WINDOWS\Explorer.exe: PRESENT!C:\Explorer.exe: not presentC:\WINDOWS\Explorer\Explorer.exe: not presentC:\WINDOWS\System\Explorer.exe: not presentC:\WINDOWS\System32\Explorer.exe: not presentC:\WINDOWS\Command\Explorer.exe: not presentC:\WINDOWS\Fonts\Explorer.exe: not present--------------------------------------------------Checking for superhidden extensions:.lnk: HIDDEN! (arrow overlay: yes).pif: HIDDEN! (arrow overlay: yes).exe: not hidden.com: not hidden.bat: not hidden.hta: not hidden.scr: not hidden.shs: HIDDEN!.shb: HIDDEN!.vbs: not hidden.vbe: not hidden.wsh: not hidden.scf: HIDDEN! (arrow overlay: NO!).url: HIDDEN! (arrow overlay: yes).js: not hidden.jse: not hidden--------------------------------------------------Verifying REGEDIT.EXE integrity:- Regedit.exe found in C:\WINDOWS- .reg open command is normal (regedit.exe %1)- Company name OK: 'Microsoft Corporation'- Original filename OK: 'REGEDIT.EXE'- File description: 'Registry Editor'Registry check passed--------------------------------------------------Enumerating Browser Helper Objects:(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}(no name) - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll - {724d43a9-0d85-11d4-9908-00400523e39a}--------------------------------------------------Enumerating Task Scheduler jobs:FRU Task #Hewlett-Packard#hp psc 1100 series#1102722012.jobMP Scheduled Scan.jobXoftSpy.job--------------------------------------------------Enumerating Download Program Files:[Microsoft XML Parser for Java]CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cabOSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd[Yahoo! Pool 2]CODEBASE = http://download.games.yahoo.com/games/clients/y/pote_x.cabOSD = C:\WINDOWS\Downloaded Program Files\Yahoo! Pool 2.osd[supportSoft SmartIssue]InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlsi.dllCODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab[supportSoft Script Runner Class]InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlsr.dllCODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab[QuickTime Object]InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocxCODEBASE = http://www.apple.com/qtactivex/qtplugin.cab[stagingUI Object]InProcServer32 = C:\WINDOWS\Downloaded Program Files\StagingUI.ocxCODEBASE = http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab[PCPitstop Utility]InProcServer32 = C:\WINDOWS\Downloaded Program Files\PCPitstop.dllCODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB[shockwave ActiveX Control]InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dllCODEBASE = http://download.macromedia.com/get/shockwa...director/sw.cab[Windows Genuine Advantage Validation Tool]InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dllCODEBASE = http://go.microsoft.com/fwlink/?linkid=39204[LSSupCtl Class]InProcServer32 = C:\WINDOWS\Downloaded Program Files\LSSupCtl.dllCODEBASE = http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab[Trend Micro ActiveX Scan Agent 6.5]InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dllCODEBASE = http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab[shockwave ActiveX Control]InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dllCODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab[YInstStarter Class]InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dllCODEBASE = http://download.yahoo.com/dl/yinst/yinst_current.cab[Microsoft PID Sniffer]InProcServer32 = C:\WINDOWS\system32\odc.dllCODEBASE = https://support.microsoft.com/OAS/ActiveX/odc.cab[ZoneBuddy Class]InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZBuddy.ocxCODEBASE = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab[Office Update Installation Engine]InProcServer32 = C:\WINDOWS\opuc.dllCODEBASE = http://office.microsoft.com/officeupdate/content/opuc2.cab[MSN Photo Upload Tool]InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dllCODEBASE = http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab[ZonePAChat Object]InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZPAChat.ocxCODEBASE = http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab[bDSCANONLINE Control]InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocxCODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab[Facebook Photo Uploader Control]InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FacebookPhotoUploader.ocxCODEBASE = http://upload.facebook.com/controls/Facebo...otoUploader.cab[WUWebControl Class]InProcServer32 = C:\WINDOWS\system32\wuweb.dllCODEBASE = http://v5.windowsupdate.microsoft.com/v5co...b?1102809276359[ProductInformation Control]InProcServer32 = C:\WINDOWS\DOWNLO~1\PRODUC~1.OCXCODEBASE = http://www.iolo.com/app/ocx/ProductInformation.ocx[MUWebControl Class]InProcServer32 = C:\WINDOWS\system32\muweb.dllCODEBASE = http://update.microsoft.com/microsoftupdat...b?1158418716640[CLOActiveXInstaller Control]InProcServer32 = C:\WINDOWS\DOWNLO~1\CLOACT~1.OCXCODEBASE = http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab[MJLauncherCtrl Class]InProcServer32 = C:\WINDOWS\Downloaded Program Files\mjolauncher.dllCODEBASE = http://zone.msn.com/bingame/chnz/default/mjolauncher.cab[AvxScanOnline Control]InProcServer32 = C:\WINDOWS\DOWNLO~1\BITDEF~1.OCXCODEBASE = http://www.webzila.com/scan/Msie/bitdefender.cab[Java Plug-in 1.4.2_06]InProcServer32 = C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dllCODEBASE = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab[{917623D1-D8E5-11D2-BE8B-00104B06BDE3}]CODEBASE = http://www.ghostsandlegends.com/AxisCamControl.ocx[ActiveScan Installer Class]InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dllCODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab[Webshots Photo Uploader]InProcServer32 = C:\WINDOWS\DOWNLO~1\WSPHOT~1.OCXCODEBASE = http://community.webshots.com/html/WSPhotoUploader.CAB[Aurigma Image Uploader 3.5 Control]InProcServer32 = C:\WINDOWS\Downloaded Program Files\ImageUploader3.ocxCODEBASE = http://www.filelodge.com/ImageUploader3.cab[MsnMessengerSetupDownloadControl Class]InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocxCODEBASE = http://messenger.msn.com/download/MsnMesse...pDownloader.cab[ZoneIntro Class]InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocxCODEBASE = http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab[CBankshotZoneCtrl Class]InProcServer32 = C:\WINDOWS\Downloaded Program Files\zpa_pool.dllCODEBASE = http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab[Java Plug-in 1.4.1_02]InProcServer32 = C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dllCODEBASE = http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab[Java Plug-in 1.4.2_06]InProcServer32 = C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dllCODEBASE = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab[ActiveDataInfo Class]InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dllCODEBASE = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab[Facebook Photo Uploader Control]InProcServer32 = C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocxCODEBASE = http://upload.facebook.com/controls/Facebo...otoUploader.cab[shockwave Flash Object]InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocxCODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab[TikGames Online Control]InProcServer32 = C:\WINDOWS\Downloaded Program Files\gpcontrol.dllCODEBASE = http://sympatico.zone.msn.com/bingame/shpo/default/shapo.cab[stadiumProxy Class]InProcServer32 = C:\WINDOWS\Downloaded Program Files\StProxy.dllCODEBASE = http://zone.msn.com/binframework/v10/StProxy.cab41227.cab[{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]CODEBASE = http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab[HeartbeatCtl Class]InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocxCODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab[Live Collaboration]InProcServer32 = C:\WINDOWS\DOWNLO~1\RntX.dllCODEBASE = http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab[McFreeScan Class]InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dllCODEBASE = http://download.mcafee.com/molbin/iss-loc/...749/mcfscan.cab--------------------------------------------------Enumerating Winsock LSP files:NameSpace #1: C:\WINDOWS\System32\mswsock.dllNameSpace #2: C:\WINDOWS\System32\winrnr.dllNameSpace #3: C:\WINDOWS\System32\mswsock.dllProtocol #1: C:\WINDOWS\system32\mswsock.dllProtocol #2: C:\WINDOWS\system32\mswsock.dllProtocol #3: C:\WINDOWS\system32\mswsock.dllProtocol #4: C:\WINDOWS\system32\rsvpsp.dllProtocol #5: C:\WINDOWS\system32\rsvpsp.dllProtocol #6: C:\WINDOWS\system32\mswsock.dllProtocol #7: C:\WINDOWS\system32\mswsock.dllProtocol #8: C:\WINDOWS\system32\mswsock.dllProtocol #9: C:\WINDOWS\system32\mswsock.dllProtocol #10: C:\WINDOWS\system32\mswsock.dllProtocol #11: C:\WINDOWS\system32\mswsock.dllProtocol #12: C:\WINDOWS\system32\mswsock.dllProtocol #13: C:\WINDOWS\system32\mswsock.dll--------------------------------------------------Enumerating Windows NT/2000/XP servicesMicrosoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)AFD: \SystemRoot\System32\drivers\afd.sys (system)Service for WDM 3D Audio Driver: system32\drivers\ALCXSENS.SYS (manual start)Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)AMD K7 Processor Driver: system32\DRIVERS\amdk7.sys (system)Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled).NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Disk Driver: system32\DRIVERS\disk.sys (system)Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)dmboot: System32\drivers\dmboot.sys (disabled)dmio: System32\drivers\dmio.sys (disabled)dmload: System32\drivers\dmload.sys (disabled)Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Event Log: %SystemRoot%\system32\services.exe (autostart)COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)FltMgr: system32\DRIVERS\fltMgr.sys (system)Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)HTTP: System32\Drivers\HTTP.sys (manual start)HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)Intel® PC Camera CS331: System32\Drivers\ICAM3D2.SYS (manual start)CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)iolo System Guard: C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe (autostart)IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)IPSEC driver: system32\DRIVERS\ipsec.sys (system)IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)MRXSMB: system32\DRIVERS\mrxsmb.sys (system)Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)SQL Server (SQLEXPRESS): "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (autostart)SQL Server Active Directory Helper: "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" (disabled)Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)NetBIOS Interface: system32\DRIVERS\netbios.sys (system)NetBT: system32\DRIVERS\netbt.sys (system)Network DDE: %SystemRoot%\system32\netdde.exe (disabled)Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)Net Logon: %SystemRoot%\system32\lsass.exe (manual start)Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)Parallel port driver: system32\DRIVERS\parport.sys (manual start)PCI Bus Driver: system32\DRIVERS\pci.sys (system)PCIIde: system32\DRIVERS\pciide.sys (system)Plug and Play: %SystemRoot%\system32\services.exe (autostart)Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start)IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)Prevx Driver: system32\drivers\pxfsf.sys (system)Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)W2K Pctel Serial Device Driver: system32\DRIVERS\ptserial.sys (manual start)PxHelp20: System32\Drivers\PxHelp20.sys (system)Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)Direct Parallel: system32\DRIVERS\raspti.sys (manual start)Rdbss: system32\DRIVERS\rdbss.sys (system)RDPCDD: System32\DRIVERS\RDPCDD.sys (system)Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Secdrv: system32\DRIVERS\secdrv.sys (manual start)Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)Serial port driver: system32\DRIVERS\serial.sys (system)SGUARD: \??\C:\WINDOWS\system32\drivers\SGuard.sys (manual start)Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)SiS315: system32\DRIVERS\sisgrp.sys (manual start)SiS AGP Filter: system32\DRIVERS\SISAGPX.sys (system)SiSide: system32\DRIVERS\siside.sys (system)sisidex: system32\drivers\sisidex.sys (system)SiSkp: system32\DRIVERS\srvkp.sys (system)SiS PCI Fast Ethernet Adapter Driver: system32\DRIVERS\sisnic.sys (manual start)Add Performance Filter Driver: system32\drivers\sisperf.sys (system)BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start)Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)Spy Emergency Driver: System32\Drivers\spyemrg.sys (system)Spyware Terminator Driver 2: \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys (system)SQL Server Browser: "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" (disabled)SQL Server VSS Writer: "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" (manual start)System Restore Filter Driver: system32\DRIVERS\sr.sys (system)System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Srv: system32\DRIVERS\srv.sys (manual start)SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{5F4ECF26-4984-48D7-A1B4-3E0E9C663D6C} (manual start)Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)szkg: system32\DRIVERS\szkg.sys (system)Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)Terminal Device Driver: system32\DRIVERS\termdd.sys (system)Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)Microsoft AGPv3.5 Filter: system32\DRIVERS\uagp35.sys (system)Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)Microcode Update Driver: system32\DRIVERS\update.sys (manual start)Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)VgaSave: \SystemRoot\System32\drivers\vga.sys (system)W2k Vmodem: system32\DRIVERS\vmodem.sys (system)W2k Vpctcom: system32\DRIVERS\vpctcom.sys (system)Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)W2k Vvoice: system32\DRIVERS\vvoice.sys (system)Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)Windows Defender Service: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)--------------------------------------------------Enumerating Windows NT logon/logoff scripts:*No scripts set to run*Windows NT checkdisk command:BootExecute = autocheck autochk *Windows NT 'Wininit.ini':PendingFileRenameOperations: *Registry value not found*--------------------------------------------------Enumerating ShellServiceObjectDelayLoad items:PostBootReminder: C:\WINDOWS\system32\SHELL32.dllCDBurn: C:\WINDOWS\system32\SHELL32.dllWebCheck: C:\WINDOWS\system32\webcheck.dllSysTray: C:\WINDOWS\system32\stobject.dll--------------------------------------------------Autorun entries from Registry:HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run*Registry key not found*--------------------------------------------------Autorun entries from Registry:HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run*Registry key not found*--------------------------------------------------End of report, 40,408 bytesReport generated in 5.750 secondsCommand line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Quote Link to post Share on other sites
therock247uk Posted September 20, 2006 Report Share Posted September 20, 2006 Edit\\ I installed a program called "starter" which just shows you what starts up ..& this is first on the list.."RunNarrator" ... "Narrator.exe" ..."Registry-Def User RunOnce"I have on idea what that is!?Since its in run once it should go when you reboot... Quote Link to post Share on other sites
fitzgig06 Posted September 20, 2006 Author Report Share Posted September 20, 2006 o0oh I already took the Narrator off my startup Quote Link to post Share on other sites
therock247uk Posted September 21, 2006 Report Share Posted September 21, 2006 Ok post me a new Hijackthis log and let me know if you are having any problems/questions. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.