I glad it's you guys that are making sense of that
Good luck
Member
I glad it's you guys that are making sense of that
Good luck
Super Moderator
Download to your Desktop
- Process Explorer
- Pocket Killbox
Extract Process Explorer to the Desktop.
Extract Pocket Killbox to your Desktop
IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.
Do the above before continuing! Okay unplug your cable now.
Make sure you have rebooted in Normal Mode (do not open any other processes)
- Run Process Explorer
In the top section of the Process Explorer screen double click on lsass.exe to bring up the properties screen. Click on the Threads tab at the top.
Once you see this screen click on each instance of sstts.dll once and then click the kill button. After you have killed all of the sstts.dll under lsass click ok.
Next double click on explorer.exe and again click once on each instance of sstts.dll and kill it. Now once on each instance of hsjugqhk.dll and kill it
Now just exit Process Explorer.
Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.O2 - BHO: (no name) - {3025219A-0C96-486A-9044-9E25A5FE1349} - H:\WINDOWS\system32\sstts.dll
O4 - HKLM\..\Run: [000000af] rundll32.exe "H:\WINDOWS\system32\exoasbys.dll",b
Copy the bold text below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.Now run Pocket Killbox.REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"000000af"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks
{60E2746A-9C2E-45A2-85CE-7E1A8A890961}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{7449713A-4B98-4047-A24D-9DB184991C05}]
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.
Select:
- Delete on Reboot
- then Click on the All Files button.
- Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
H:\WINDOWS\SYSTEM32\aiqegays.ini
H:\WINDOWS\SYSTEM32\bbatbpwm.dll
H:\WINDOWS\system32\exoasbys.dll
H:\WINDOWS\system32\hsjugqhk.dll
H:\WINDOWS\SYSTEM32\mwpbtabb.ini
H:\WINDOWS\SYSTEM32\paaivpcd.ini
H:\WINDOWS\SYSTEM32\profile.dat
H:\WINDOWS\SYSTEM32\sstts.dll
H:\WINDOWS\SYSTEM32\sttss.ini
H:\WINDOWS\SYSTEM32\sttss~1.ini
H:\WINDOWS\SYSTEM32\sybsaoxe.ini
H:\WINDOWS\SYSTEM32\sytmwgpx.ini
H:\WINDOWS\SYSTEM32\xpgwmtys.dll- Return to Killbox, go to the File menu, and choose Paste from Clipboard.
- Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If Killbox does not reboot just reboot your PC yourself.
Post fresh logs for:
HijackThis
ISeeYouXP
Tell me how the steps went.
Make sure you tell me how things are working now!
a-squared Team - www.emsisoft.com
"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Member
Ok I have done it all to the letter. Only touble was that hsjugqhk.dll was not there to delete when running process explore.
This entry
O4 - HKLM\..\Run: [000000af] rundll32.exe "H:\WINDOWS\system32\exoasbys.dll",b was not there during that stage when running HJT.
Here is HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 7:52:06 AM, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
H:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
H:\WINDOWS\system32\LxrSII1s.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
H:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
H:\WINDOWS\system32\WgaTray.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\ALCWZRD.EXE
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\PROGRA~1\OfficeKB\OfficeKB.EXE
H:\WINDOWS\SOUNDMAN.EXE
H:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
H:\Program Files\KeirNet\K9\K9.exe
H:\Program Files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\HI JACK THIS\Damian.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sa.chariot.net.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {09C16135-34ED-4301-BA9A-8C791EEB1F3C} - H:\WINDOWS\system32\sstts.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - H:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [OfficeKB] H:\PROGRA~1\OfficeKB\OfficeKB.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [vptray] H:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Launch K9.lnk = H:\Program Files\KeirNet\K9\K9.exe
O4 - Global Startup: Acrobat Assistant.lnk = H:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://H:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Open in new background tab - res://H:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?933a97c3b3af45fc9ff488f53ff4003b
O8 - Extra context menu item: Open in new foreground tab - res://H:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?933a97c3b3af45fc9ff488f53ff4003b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10D44058-2415-454A-B693-4CADCE2AAEEA}: NameServer = 203.12.160.35,203.12.160.36
O17 - HKLM\System\CS1\Services\Tcpip\..\{10D44058-2415-454A-B693-4CADCE2AAEEA}: NameServer = 203.12.160.35,203.12.160.36
O17 - HKLM\System\CS2\Services\Tcpip\..\{10D44058-2415-454A-B693-4CADCE2AAEEA}: NameServer = 203.12.160.35,203.12.160.36
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - H:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - H:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - H:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - H:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - H:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - H:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - H:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - H:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
Member
************************************************** **********************************
ISeeYouXP v2.0 Beta 13
ISeeYouXP v1.3.0-v2.0 Beta 13 Copyright - ShadowPuterDude
ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan
------------------------------------------------------------------------------------
**** PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES! ****
**** PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION. ****
************************************************** **********************************
Windows/Browser/Java Versions:
Microsoft Windows XP Professional
Version: 5.1.2600
Service Pack: 2.0
Windows Directory: H:\WINDOWS
Internet Explorer
Version: 6.0.2900.2180
Build: 62900.2180
Language: English (United States)
Path: H:\Program Files\Internet Explorer
Boot State: Normal boot
Scan done at 8:33:08.56, Thu 29/11/2007
------------------------------------------------------------------------------------
ISeeYouXP installation folder and files
H:\ISEEYO~1\
bootst~1.vbs Mon 28 May 2007 14:26:48 A.... 359 0.35 K
change.log Wed 17 Oct 2007 18:49:26 A.... 4,902 4.79 K
chodefix.bat Wed 18 Apr 2007 13:57:18 A.... 5,387 5.26 K
fixchode.reg Wed 18 Apr 2007 13:22:12 A.... 528 0.52 K
fixexp~1.bat Sat 24 Feb 2007 13:29:40 A.... 487 0.47 K
getunk~1.bat Sat 12 Aug 2006 13:24:58 A.... 1,478 1.44 K
grep.exe Fri 24 Dec 2004 19:33:28 A.... 160,768 157.00 K
hideit.bat Wed 17 Oct 2007 21:00:56 A.... 1,072 1.05 K
ieinfo.vbs Mon 28 May 2007 13:51:28 A.... 514 0.50 K
iesecu~1.bat Sun 28 Oct 2007 22:52:32 A.... 72 0.07 K
iesecu~1.vbs Wed 7 Nov 2007 23:17:40 A.... 2,399 2.34 K
iseeyo~1.bat Wed 17 Oct 2007 21:00:34 A.... 209,237 204.33 K
libico~1.dll Tue 16 Mar 2004 18:37:50 A.... 898,048 877.00 K
libintl3.dll Sat 9 Oct 2004 12:25:46 A.... 101,888 99.50 K
locate.com Fri 14 Jan 2005 1:41:48 A.... 11,254 10.99 K
md5sum.exe Sun 5 Aug 2007 19:56:56 A.... 49,152 48.00 K
msconf~1.bat Sat 24 Feb 2007 1:40:10 A.... 578 0.56 K
osinfo.vbs Mon 28 May 2007 14:00:10 A.... 598 0.58 K
pcbutts.txt Sun 25 Mar 2007 9:04:02 A.... 5,167 5.04 K
pcre.dll Sun 14 Nov 2004 13:29:04 A.... 183,313 179.02 K
pv.exe Thu 2 Mar 2006 23:42:40 A.... 73,728 72.00 K
regedi~1.bat Fri 30 Mar 2007 20:16:02 A.... 650 0.63 K
regfix.bat Wed 18 Apr 2007 13:55:40 A.... 145 0.14 K
servic~1.vbs Mon 28 May 2007 17:06:48 A.... 672 0.66 K
showit.bat Wed 17 Oct 2007 21:01:22 A.... 1,013 0.99 K
swreg.exe Thu 5 Apr 2007 6:58:52 A.... 139,776 136.50 K
system~1.bat Wed 28 Feb 2007 21:55:02 A.... 369 0.36 K
taskmg~1.bat Sat 24 Feb 2007 13:24:08 A.... 288 0.28 K
28 items found: 28 files, 0 directories.
Total of file sizes: 1,853,842 bytes 1.77 M
3 Dir(s) 138,992,132,096 bytes free
------------------------------------------------------------------------------------
System Environment Variables
ALLUSERSPROFILE=H:\Documents and Settings\All Users
APPDATA=H:\Documents and Settings\Damian\Application Data
CLASSPATH=.;H:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=H:\Program Files\Common Files
COMPUTERNAME=DT-32F7CC931ADE
ComSpec=H:\WINDOWS\system32\cmd.exe
errcode=0
FP_NO_HOST_CHECK=NO
HOMEDRIVE=H:
HOMEPATH=\Documents and Settings\Damian
LOGONSERVER=\\DT-32F7CC931ADE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=H:\WINDOWS\system32;H:\WINDOWS;H:\WINDOWS\sys tem32\wbem;H:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=H:\Program Files
PROMPT=$P$G
QTJAVA=H:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=H:
SystemRoot=H:\WINDOWS
TEMP=H:\DOCUME~1\Damian\LOCALS~1\Temp
TMP=H:\DOCUME~1\Damian\LOCALS~1\Temp
USERDOMAIN=DT-32F7CC931ADE
USERNAME=Damian
USERPROFILE=H:\Documents and Settings\Damian
windir=H:\WINDOWS
------------------------------------------------------------------------------------
Showing any Pocket Killbox backup files
H:\!KILLBOX\
aiqegays.ini Sun 25 Nov 2007 23:01:54 ..... 776,132 757.94 K
mwpbtabb.ini Wed 28 Nov 2007 17:53:22 ..... 778,982 760.72 K
paaivpcd.ini Tue 27 Nov 2007 10:30:16 ..... 778,838 760.58 K
profile.dat Thu 29 Nov 2007 738 ..... 40 0.04 K
sstts.dll Wed 14 Nov 2007 17:43:56 ..... 320,608 313.09 K
sstts~1.dll Wed 14 Nov 2007 17:43:56 ..... 320,608 313.09 K
sttss.ini Thu 29 Nov 2007 7:32:18 ..... 91,535 89.39 K
sttss~1.ini Thu 29 Nov 2007 7:32:08 ..... 91,535 89.39 K
sybsaoxe.ini Mon 26 Nov 2007 17:12:04 ..... 776,492 758.29 K
sytmwgpx.ini Sat 24 Nov 2007 7:42:02 ..... 775,832 757.65 K
xpgwmtys.dll Sat 24 Nov 2007 7:41:40 ..... 86,080 84.06 K
11 items found: 11 files, 0 directories.
Total of file sizes: 4,796,682 bytes 4.57 M
------------------------------------------------------------------------------------
Displaying BOOT.INI:
[boot loader]
timeout=1
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
------------------------------------------------------------------------------------
Displaying SYSTEM.INI:
; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=app850.FON
EGA80WOA.FON=EGA80850.FON
EGA40WOA.FON=EGA40850.FON
CGA80WOA.FON=CGA80850.FON
CGA40WOA.FON=CGA40850.FON
------------------------------------------------------------------------------------
Displaying WIN.INI:
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMCDLLNAME32=mapi32.dll
CMCDLLNAME=mapi.dll
CMC=1
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wpl=MPEGVideo
wvx=MPEGVideo
------------------------------------------------------------------------------------
Displaying Running Processes:
PROCESS PID PRIO PATH
smss.exe 772 Normal H:\WINDOWS\System32\smss.exe
csrss.exe 824 Normal H:\WINDOWS\system32\csrss.exe
winlogon.exe 852 High H:\WINDOWS\system32\winlogon.exe
services.exe 896 Normal H:\WINDOWS\system32\services.exe
lsass.exe 908 Normal H:\WINDOWS\system32\lsass.exe
svchost.exe 1104 Normal H:\WINDOWS\system32\svchost.exe
svchost.exe 1188 Normal H:\WINDOWS\system32\svchost.exe
svchost.exe 1252 Normal H:\WINDOWS\System32\svchost.exe
svchost.exe 1380 Normal H:\WINDOWS\system32\svchost.exe
svchost.exe 1412 Normal H:\WINDOWS\system32\svchost.exe
ccProxy.exe 1464 Normal H:\Program Files\Common Files\Symantec Shared\ccProxy.exe
ccSetMgr.exe 1504 Normal H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
ISSVC.exe 1516 Normal H:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
SNDSrvc.exe 1536 Normal H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
ccEvtMgr.exe 1560 Normal H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
spoolsv.exe 1860 Normal H:\WINDOWS\system32\spoolsv.exe
guard.exe 632 Normal H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
DefWatch.exe 656 Normal H:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
LxrSII1s.exe 704 Normal H:\WINDOWS\system32\LxrSII1s.exe
MDM.EXE 716 Normal H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
nvsvc32.exe 728 Normal H:\WINDOWS\system32\nvsvc32.exe
svchost.exe 808 Normal H:\WINDOWS\system32\svchost.exe
Rtvscan.exe 1052 Normal H:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
SymSPort.exe 1484 Normal H:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
alg.exe 416 Normal H:\WINDOWS\System32\alg.exe
WgaTray.exe 2636 Normal H:\WINDOWS\system32\WgaTray.exe
ALCWZRD.EXE 2764 Normal H:\WINDOWS\ALCWZRD.EXE
ccApp.exe 2840 Normal H:\Program Files\Common Files\Symantec Shared\ccApp.exe
OfficeKB.EXE 2956 Normal H:\PROGRA~1\OfficeKB\OfficeKB.EXE
SOUNDMAN.EXE 2964 Normal H:\WINDOWS\SOUNDMAN.EXE
VPTray.exe 2972 Normal H:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
ctfmon.exe 2980 Normal H:\WINDOWS\system32\ctfmon.exe
AcroTray.exe 2992 Normal H:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
K9.exe 3020 Normal H:\Program Files\KeirNet\K9\K9.exe
firefox.exe 2388 Normal H:\Program Files\Mozilla Firefox\firefox.exe
explorer.exe 1124 Normal H:\WINDOWS\explorer.exe
cmd.exe 4040 Normal H:\WINDOWS\system32\cmd.exe
ntvdm.exe 496 Normal H:\WINDOWS\system32\ntvdm.exe
wmiprvse.exe 700 Normal H:\WINDOWS\system32\wbem\wmiprvse.exe
pv.exe 2340 Normal H:\ISEEYO~1\pv.exe
------------------------------------------------------------------------------------
Displaying Windows Services:
Name: Alerter
Display Name: Alerter
Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Disabled
State: Stopped
Name: ALG
Display Name: Application Layer Gateway Service
Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
Path Name: H:\WINDOWS\System32\alg.exe
Start Mode: Manual
State: Running
Name: AppMgmt
Display Name: Application Management
Description: Provides software installation services such as Assign, Publish, and Remove.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: aspnet_state
Display Name: ASP.NET State Service
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_state.exe
Start Mode: Manual
State: Stopped
Name: AudioSrv
Display Name: Windows Audio
Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: AVG Anti-Spyware Guard
Display Name: AVG Anti-Spyware Guard
Description:
Path Name: H:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Start Mode: Auto
State: Running
Name: BITS
Display Name: Background Intelligent Transfer Service
Description: Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Stopped
Name: Browser
Display Name: Computer Browser
Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: ccEvtMgr
Display Name: Symantec Event Manager
Description: Event propagation and logging service
Path Name: "H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
Start Mode: Auto
State: Running
Name: ccProxy
Display Name: Symantec Network Proxy
Description: Symantec Proxy Service
Path Name: "H:\Program Files\Common Files\Symantec Shared\ccProxy.exe"
Start Mode: Auto
State: Running
Name: ccPwdSvc
Display Name: Symantec Password Validation
Description: User account management service
Path Name: "H:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
Start Mode: Manual
State: Stopped
Name: ccSetMgr
Display Name: Symantec Settings Manager
Description: Settings storage and management service
Path Name: "H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
Start Mode: Auto
State: Running
Name: CiSvc
Display Name: Indexing Service
Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Path Name: H:\WINDOWS\system32\cisvc.exe
Start Mode: Manual
State: Stopped
Name: ClipSrv
Display Name: ClipBook
Description: Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\clipsrv.exe
Start Mode: Disabled
State: Stopped
Name: COMSysApp
Display Name: COM+ System Application
Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Start Mode: Manual
State: Stopped
Name: CryptSvc
Display Name: Cryptographic Services
Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: DcomLaunch
Display Name: DCOM Server Process Launcher
Description: Provides launch functionality for DCOM services.
Path Name: H:\WINDOWS\system32\svchost -k DcomLaunch
Start Mode: Auto
State: Running
Name: DefWatch
Display Name: Symantec AntiVirus Definition Watcher
Description: Monitors and maintains virus definitions.
Path Name: "H:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe"
Start Mode: Auto
State: Running
Name: Dhcp
Display Name: DHCP Client
Description: Manages network configuration by registering and updating IP addresses and DNS names.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: dmadmin
Display Name: Logical Disk Manager Administrative Service
Description: Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
Path Name: H:\WINDOWS\System32\dmadmin.exe /com
Start Mode: Manual
State: Stopped
Name: dmserver
Display Name: Logical Disk Manager
Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: Dnscache
Display Name: DNS Client
Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k NetworkService
Start Mode: Auto
State: Running
Name: ERSvc
Display Name: Error Reporting Service
Description: Allows error reporting for services and applictions running in non-standard environments.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: Eventlog
Display Name: Event Log
Description: Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Path Name: H:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running
Name: EventSystem
Display Name: COM+ Event System
Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: FastUserSwitchingCompatibility
Display Name: Fast User Switching Compatibility
Description: Provides management for applications that require assistance in a multiple user environment.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: helpsvc
Display Name: Help and Support
Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: HidServ
Display Name: HID Input Service
Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: HTTPFilter
Display Name: HTTP SSL
Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k HTTPFilter
Start Mode: Manual
State: Stopped
Name: IDriverT
Display Name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Path Name: "H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
Start Mode: Manual
State: Stopped
Name: ImapiService
Display Name: IMAPI CD-Burning COM Service
Description: Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\imapi.exe
Start Mode: Manual
State: Stopped
Name: ISSVC
Display Name: IS Service
Description: Internet Security Service
Path Name: "H:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe"
Start Mode: Auto
State: Running
Name: lanmanserver
Display Name: Server
Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: lanmanworkstation
Display Name: Workstation
Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: LmHosts
Display Name: TCP/IP NetBIOS Helper
Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
Path Name: H:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running
Name: LxrSII1s
Display Name: Lexar Secure II
Description:
Path Name: LxrSII1s.exe
Start Mode: Auto
State: Running
Name: MDM
Display Name: Machine Debug Manager
Description: Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly.
Path Name: "H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
Start Mode: Auto
State: Running
Name: Messenger
Display Name: Messenger
Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped
Name: mnmsrvc
Display Name: NetMeeting Remote Desktop Sharing
Description: Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Member
Path Name: H:\WINDOWS\system32\mnmsrvc.exe
Start Mode: Manual
State: Stopped
Name: MSDTC
Display Name: Distributed Transaction Coordinator
Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\msdtc.exe
Start Mode: Manual
State: Stopped
Name: MSIServer
Display Name: Windows Installer
Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\msiexec.exe /V
Start Mode: Manual
State: Stopped
Name: NetDDE
Display Name: Network DDE
Description: Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped
Name: NetDDEdsdm
Display Name: Network DDE DSDM
Description: Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\netdde.exe
Start Mode: Disabled
State: Stopped
Name: Netlogon
Display Name: Net Logon
Description: Supports pass-through authentication of account logon events for computers in a domain.
Path Name: H:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped
Name: Netman
Display Name: Network Connections
Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: Nla
Display Name: Network Location Awareness (NLA)
Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: NtLmSsp
Display Name: NT LM Security Support Provider
Description: Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
Path Name: H:\WINDOWS\system32\lsass.exe
Start Mode: Manual
State: Stopped
Name: NtmsSvc
Display Name: Removable Storage
Description:
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: NVSvc
Display Name: WinFast(R) Display Driver Service
Description: Provides system and desktop level support to the WinFast(R) display driver
Path Name: H:\WINDOWS\system32\nvsvc32.exe
Start Mode: Auto
State: Running
Name: ose
Display Name: Office Source Engine
Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
Path Name: "H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Start Mode: Manual
State: Stopped
Name: PlugPlay
Display Name: Plug and Play
Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
Path Name: H:\WINDOWS\system32\services.exe
Start Mode: Auto
State: Running
Name: PolicyAgent
Display Name: IPSEC Services
Description: Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
Path Name: H:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running
Name: ProtectedStorage
Display Name: Protected Storage
Description: Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Path Name: H:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running
Name: RasAuto
Display Name: Remote Access Auto Connection Manager
Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: RasMan
Display Name: Remote Access Connection Manager
Description: Creates a network connection.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: RDSessMgr
Display Name: Remote Desktop Help Session Manager
Description: Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
Path Name: H:\WINDOWS\system32\sessmgr.exe
Start Mode: Manual
State: Stopped
Name: RemoteAccess
Display Name: Routing and Remote Access
Description: Offers routing services to businesses in local area and wide area network environments.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Disabled
State: Stopped
Name: RemoteRegistry
Display Name: Remote Registry
Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running
Name: RpcLocator
Display Name: Remote Procedure Call (RPC) Locator
Description: Manages the RPC name service database.
Path Name: H:\WINDOWS\system32\locator.exe
Start Mode: Manual
State: Stopped
Name: RpcSs
Display Name: Remote Procedure Call (RPC)
Description: Provides the endpoint mapper and other miscellaneous RPC services.
Path Name: H:\WINDOWS\system32\svchost -k rpcss
Start Mode: Auto
State: Running
Name: RSVP
Display Name: QoS RSVP
Description: Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
Path Name: H:\WINDOWS\system32\rsvp.exe
Start Mode: Manual
State: Stopped
Name: SamSs
Display Name: Security Accounts Manager
Description: Stores security information for local user accounts.
Path Name: H:\WINDOWS\system32\lsass.exe
Start Mode: Auto
State: Running
Name: SavRoam
Display Name: SAVRoam
Description: Symantec AntiVirus Roaming Service
Path Name: "H:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe"
Start Mode: Manual
State: Stopped
Name: SCardSvr
Display Name: Smart Card
Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\SCardSvr.exe
Start Mode: Manual
State: Stopped
Name: Schedule
Display Name: Task Scheduler
Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: seclogon
Display Name: Secondary Logon
Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: SENS
Display Name: System Event Notification
Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: SharedAccess
Display Name: Windows Firewall/Internet Connection Sharing (ICS)
Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: ShellHWDetection
Display Name: Shell Hardware Detection
Description: Provides notifications for AutoPlay hardware events.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: SNDSrvc
Display Name: Symantec Network Drivers Service
Description: Symantec Network Drivers Service
Path Name: "H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
Start Mode: Auto
State: Running
Name: SPBBCSvc
Display Name: Symantec SPBBCSvc
Description: Symantec SPBBC
Path Name: "H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
Start Mode: Manual
State: Stopped
Name: Spooler
Display Name: Print Spooler
Description: Loads files to memory for later printing.
Path Name: H:\WINDOWS\system32\spoolsv.exe
Start Mode: Auto
State: Running
Name: srservice
Display Name: System Restore Service
Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Stopped
Name: SSDPSRV
Display Name: SSDP Discovery Service
Description: Enables discovery of UPnP devices on your home network.
Path Name: H:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Manual
State: Running
Name: stisvc
Display Name: Windows Image Acquisition (WIA)
Description: Provides image acquisition services for scanners and cameras.
Path Name: H:\WINDOWS\system32\svchost.exe -k imgsvc
Start Mode: Auto
State: Running
Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\dllhost.exe /Processid:{AD984AA9-A233-48CF-B24B-9BAB0259E029}
Start Mode: Manual
State: Stopped
Name: Symantec AntiVirus
Display Name: Symantec AntiVirus
Description: Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus.
Path Name: "H:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe"
Start Mode: Auto
State: Running
Name: SymSecurePort
Display Name: Symantec SecurePort
Description: Symantec SecurePort Service
Path Name: "H:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe"
Start Mode: Auto
State: Running
Name: SysmonLog
Display Name: Performance Logs and Alerts
Description: Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\smlogsvc.exe
Start Mode: Manual
State: Stopped
Name: TapiSrv
Display Name: Telephony
Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Running
Name: TermService
Display Name: Terminal Services
Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
Path Name: H:\WINDOWS\System32\svchost -k DComLaunch
Start Mode: Manual
State: Running
Name: Themes
Display Name: Themes
Description: Provides user experience theme management.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: TlntSvr
Display Name: Telnet
Description: Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\tlntsvr.exe
Start Mode: Disabled
State: Stopped
Name: TrkWks
Display Name: Distributed Link Tracking Client
Description: Maintains links between NTFS files within a computer or across computers in a network domain.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: UMWdf
Display Name: Windows User Mode Driver Framework
Description: Enables Windows user mode drivers.
Path Name: H:\WINDOWS\system32\wdfmgr.exe
Start Mode: Manual
State: Stopped
Name: upnphost
Display Name: Universal Plug and Play Device Host
Description: Provides support to host Universal Plug and Play devices.
Path Name: H:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Manual
State: Stopped
Name: UPS
Display Name: Uninterruptible Power Supply
Description: Manages an uninterruptible power supply (UPS) connected to the computer.
Path Name: H:\WINDOWS\System32\ups.exe
Start Mode: Manual
State: Stopped
Name: usnjsvc
Display Name: Messenger Sharing Folders USN Journal Reader service
Description: Service installed by Messenger to enable sharing scenarios
Path Name: "H:\Program Files\MSN Messenger\usnsvc.exe"
Start Mode: Manual
State: Stopped
Name: VSS
Display Name: Volume Shadow Copy
Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\vssvc.exe
Start Mode: Manual
State: Stopped
Name: W32Time
Display Name: Windows Time
Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: WebClient
Display Name: WebClient
Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k LocalService
Start Mode: Auto
State: Running
Name: winmgmt
Display Name: Windows Management Instrumentation
Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: WMConnectCDS
Display Name: Windows Media Connect Service
Description: Shares media with media devices using Universal Plug and Play
Path Name: H:\Program Files\Windows Media Connect 2\wmccds.exe
Start Mode: Manual
State: Stopped
Name: WmdmPmSN
Display Name: Portable Media Serial Number Service
Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: Wmi
Display Name: Windows Management Instrumentation Driver Extensions
Description: Provides systems management information to and from drivers.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Name: WmiApSrv
Display Name: WMI Performance Adapter
Description: Provides performance library information from WMI HiPerf providers.
Path Name: H:\WINDOWS\system32\wbem\wmiapsrv.exe
Start Mode: Manual
State: Stopped
Name: wscsvc
Display Name: Security Center
Description: Monitors system security settings and configurations.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: wuauserv
Display Name: Automatic Updates
Description: Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Path Name: H:\WINDOWS\system32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: WZCSVC
Display Name: Wireless Zero Configuration
Description: Provides automatic configuration for the 802.11 adapters
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Auto
State: Running
Name: xmlprov
Display Name: Network Provisioning Service
Description: Manages XML configuration files on a domain basis for automatic network provisioning.
Path Name: H:\WINDOWS\System32\svchost.exe -k netsvcs
Start Mode: Manual
State: Stopped
Member
------------------------------------------------------------------------------------
Displaying LOG for Microsoft Windows Malicious Software Removal Tool:
*** Microsoft Windows MRT Log NOT Found! ****
----------------------------------------------------------------------------
Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys
if Hidden = 0 then Hidden Files and Folders are not shown
if SuperHidden = 1 is the desired default value.
if ShowSuperHidden = 0 then System Files are not shown
if HideFileExt = 1 then File Extension are not shown
We want their values to be (from top to bottom) 1,1,1,0
----------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\advanced
Hidden REG_DWORD 1 (0x1)
SuperHidden REG_DWORD 1 (0x1)
ShowSuperHidden REG_DWORD 1 (0x1)
HideFileExt REG_DWORD 0 (0x0)
************************************************** **********************************
Examining Select Windows Registry Keys
------------------------------------------------------------------------------------
--------------------------------------------------------------------------
Items Found in ZoneMap\Domains:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\internet settings\zonemap\domains
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\internet settings\zonemap\domains\msn.com
----------------------------------------------------------------------------
Current User ZoneMap ProtocolDefaults
----------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\internet settings\zonemap\protocoldefaults
<NO NAME> REG_SZ
http REG_DWORD 3 (0x3)
https REG_DWORD 3 (0x3)
ftp REG_DWORD 3 (0x3)
file REG_DWORD 3 (0x3)
@ivt REG_DWORD 1 (0x1)
shell REG_DWORD 0 (0x0)
----------------------------------------------------------------------------
Default URL Prefix Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\url
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\url\DefaultPrefix
<NO NAME> REG_SZ http://
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\url\Prefixes
ftp REG_SZ ftp://
gopher REG_SZ gopher://
home REG_SZ http://
mosaic REG_SZ http://
www REG_SZ http://
--------------------------------------------------------------------------
Startup Items Disabled via MSCONFIG:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Select AutoRun Registry Keys:
--------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run
ctfmon.exe REG_SZ H:\WINDOWS\system32\ctfmon.exe
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runonce
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run
AlcWzrd REG_SZ ALCWZRD.EXE
NvCplDaemon REG_SZ RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
ccApp REG_SZ "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
OfficeKB REG_SZ H:\PROGRA~1\OfficeKB\OfficeKB.EXE
SoundMan REG_SZ SOUNDMAN.EXE
vptray REG_SZ H:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonceex
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runservices
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run
HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\run
HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\run
--------------------------------------------------------------------------
WinLogon Notify Registry Key:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ crypt32.dll
Logoff REG_SZ ChainWlxLogoffEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ cryptnet.dll
Logoff REG_SZ CryptnetWlxLogoffEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
DLLName REG_SZ cscdll.dll
Logon REG_SZ WinlogonLogonEvent
Logoff REG_SZ WinlogonLogoffEvent
ScreenSaver REG_SZ WinlogonScreenSaverEvent
Startup REG_SZ WinlogonStartupEvent
Shutdown REG_SZ WinlogonShutdownEvent
StartShell REG_SZ WinlogonStartShellEvent
Impersonate REG_DWORD 0 (0x0)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui
<NO NAME> REG_SZ
DLLName REG_SZ igfxdev.dll
Asynchronous REG_DWORD 1 (0x1)
Impersonate REG_DWORD 1 (0x1)
Unlock REG_SZ WinlogonUnlockEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon
Logoff REG_SZ NavLogoffEvent
DllName REG_SZ H:\WINDOWS\system32\NavLogon.dll
StartShell REG_SZ NavStartShellEvent
LoginDomain REG_SZ DT-32F7CC931ADE
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
DLLName REG_SZ wlnotify.dll
Logon REG_SZ SCardStartCertProp
Logoff REG_SZ SCardStopCertProp
Lock REG_SZ SCardSuspendCertProp
Unlock REG_SZ SCardResumeCertProp
Enabled REG_DWORD 1 (0x1)
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
Asynchronous REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0 (0x0)
StartShell REG_SZ SchedStartShell
Logoff REG_SZ SchedEventLogOff
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
Logoff REG_SZ WLEventLogoff
Impersonate REG_DWORD 0 (0x0)
Asynchronous REG_DWORD 1 (0x1)
DllName REG_EXPAND_SZ sclgntfy.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
DLLName REG_SZ WlNotify.dll
Lock REG_SZ SensLockEvent
Logon REG_SZ SensLogonEvent
Logoff REG_SZ SensLogoffEvent
Safe REG_DWORD 1 (0x1)
MaxWait REG_DWORD 600 (0x258)
StartScreenSaver REG_SZ SensStartScreenSaverEvent
StopScreenSaver REG_SZ SensStopScreenSaverEvent
Startup REG_SZ SensStartupEvent
Shutdown REG_SZ SensShutdownEvent
StartShell REG_SZ SensStartShellEvent
PostShell REG_SZ SensPostShellEvent
Disconnect REG_SZ SensDisconnectEvent
Reconnect REG_SZ SensReconnectEvent
Unlock REG_SZ SensUnlockEvent
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
Asynchronous REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0 (0x0)
Logoff REG_SZ TSEventLogoff
Logon REG_SZ TSEventLogon
PostShell REG_SZ TSEventPostShell
Shutdown REG_SZ TSEventShutdown
StartShell REG_SZ TSEventStartShell
Startup REG_SZ TSEventStartup
MaxWait REG_DWORD 600 (0x258)
Reconnect REG_SZ TSEventReconnect
Disconnect REG_SZ TSEventDisconnect
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
Asynchronous REG_DWORD 0 (0x0)
Disconnect REG_SZ WLEventDisconnect
DllName REG_EXPAND_SZ WgaLogon.dll
Event REG_DWORD 1 (0x1)
Impersonate REG_DWORD 1 (0x1)
Lock REG_SZ WLEventLock
Logoff REG_SZ WLEventLogoff
Logon REG_SZ WLEventLogon
MaxWait REG_DWORD -1 (0xffffffff)
PostShell REG_SZ WLEventPostShell
Reconnect REG_SZ WLEventReconnect
SafeMode REG_DWORD 1 (0x1)
Shutdown REG_SZ WLEventShutdown
StartScreenSaver REG_SZ WLEventStartScreenSaver
StartShell REG_SZ WLEventStartShell
Startup REG_SZ WLEventStartup
StopScreenSaver REG_SZ WLEventStopScreenSaver
Unlock REG_SZ WLEventUnlock
InstallNotifyShown REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Setting s
Data REG_BINARY 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000030 8f29276ba1ec4885e936a0775e922504000000040000005300 000003660000a800000010000000a2b71a631675d6e96ba9bb b9486baa6a0000000004800000a000000010000000e0d11500 4b4026f603d31f18e2a38779180200008536f6faa441bf3848 f2f6dbf788c23877e3ed85a33583354625eb7715f120a993f2 6e94f26e5a1b88c3c98c95bc2ae902e1a87047002f8b2b9c3c b1fdc224c4743e1712d3c71049158801bf69efa0958687335f 77b21bf362dc89005b13ea6c86788c53cec2bd5fb2fd3ea114 1a22b42396a333346d0bfd7243a56b743b340d81aad688fd76 c7e470c6347b0110779c1e8c3d2d1ce2039cc398f6f3225376 dd8e001ea6537eafe080255a0dacd2d00ee2449ac2e1354607 95e4dcdd180c190d2d11a437a606050ed5c34f41952732f333 097ddf591cfbb601dec67a8b8bd4dd11901fb7c878d1ea0e13 5e7042778084dfc91d54a4da76475e93033a88282d3d84d7dc f06cc29a928c51be03f1c4f6fb68ca10b80a4de760920c7a88 68711a98bfd3648bea50751717a8a79dbe4530b6a76e9233e9 f1ca60488f8d687378ea3b1eca37837fc90b3798c0bf2909d2 2b0d740a70a8c3f9ed571b8e255cf01c2f05e379bf9d9047a8 33374ef17b6bebd827475a0ac2d3aeb8bc1dee287fdaffb5fd a0ca50e4168d8a388f6aa4de0fb7de2d900d297f17685e38e1 0b22014f863bd1064cff3cfbb2e6a09ef25d1e5034f01a0047 4044ee9b3b4bfaaac076c9734ae735c4798cb9c3df926a2f8c 8b8e26bd1611a2888e4aa40984f243d332b074c4614450868c 1a76f19b4fd1d15e3c32f93ac54221c10dd0c416824d93e6e8 fa8be07a3f8113b12c1b1fb38aa17f49e631286b02727ff86b dc6814000000fa5fe4d864e159644f1ed4374897ed9b990507 ec
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
DLLName REG_SZ wlnotify.dll
Logon REG_SZ RegisterTicketExpiredNotificationEvent
Logoff REG_SZ UnregisterTicketExpiredNotificationEvent
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)
--------------------------------------------------------------------------
Shared Task Scheduler Registry Items:
--------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon
--------------------------------------------------------------------------
Scheduled Tasks:
--------------------------------------------------------------------------
Volume in drive H has no label.
Volume Serial Number is 9CA1-B56F
Directory of H:\WINDOWS\tasks
01/05/2007 10:02 PM <DIR> .
01/05/2007 10:02 PM <DIR> ..
29/11/2007 07:35 AM 256 Check Updates for Windows Live Toolbar.job
23/08/2001 10:30 PM 65 desktop.ini
29/11/2007 07:50 AM 6 SA.DAT
23/07/2006 08:38 AM 366 Symantec NetDetect.job
4 File(s) 693 bytes
Total Files Listed:
4 File(s) 693 bytes
2 Dir(s) 138,992,046,080 bytes free
A H:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
HR H:\WINDOWS\tasks\desktop.ini
A H H:\WINDOWS\tasks\SA.DAT
A H:\WINDOWS\tasks\Symantec NetDetect.job
----------------------------------------------------------------------------
ShellExecuteHooks Registry Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} REG_SZ AVG Anti-Spyware 7.5
{60E2746A-9C2E-45A2-85CE-7E1A8A890961} REG_SZ
----------------------------------------------------------------------------
ShellServiceObjectDelayLoad Registry Keys
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
----------------------------------------------------------------------------
ModuleUsage Registry Keys:
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage
----------------------------------------------------------------------------
BHO Registry Keys:
----------------------------------------------------------------------------
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{09C16135-34ED-4301-BA9A-8C791EEB1F3C}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}
<NO NAME> REG_SZ Canon Easy Web Print Helper
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
NoExplorer REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\NoExplorer
<NO NAME> REG_DWORD 1 (0x1)
--------------------------------------------------------------------------
Select Policy Keys:
--------------------------------------------------------------------------
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\run
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)
HKEY_CURRENT_USER\software\policies\microsoft\inte rnet explorer
Windows Update Menu Text REG_SZ Microsoft Update
HKEY_CURRENT_USER\software\policies\microsoft\inte rnet explorer\Control Panel
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\Explorer
HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\system
HKEY_USERS\.default\software\policies\microsoft\in ternet explorer
Windows Update Menu Text REG_SZ Microsoft Update
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\system
HKEY_USERS\s-1-5-18\software\policies\microsoft\internet explorer
Windows Update Menu Text REG_SZ Microsoft Update
HKEY_USERS\s-1-5-19\software\policies\microsoft\internet explorer
Windows Update Menu Text REG_SZ Microsoft Update
HKEY_USERS\s-1-5-19\software\policies\microsoft\internet explorer
Windows Update Menu Text REG_SZ Microsoft Update
************************************************** **********************************
Checking File System for suspicious Files
--------------------------------------------------------------------------
Items in the Root Directory:
--------------------------------------------------------------------------
Locating all files created in H:\
H:\
!KILLBOX Sat 24 Nov 2007 22:57:18 .D... <Dir>
587FBB~1 Sat 18 Nov 2006 19:35:56 .D... <Dir>
A4D986~1 Sat 18 Nov 2006 19:35:48 .D... <Dir>
BJPRIN~1 Mon 18 Sep 2006 10:25:30 .D.H. <Dir>
boot.ini Sun 23 Jul 2006 3:43:46 ..SH. 210 0.20 K
CLONED~1 Mon 31 Jul 2006 14:32:58 .D... <Dir>
DECKARD Tue 20 Nov 2007 6:53:54 .D... <Dir>
DOCUME~1 Sun 23 Jul 2006 3:44:42 .D... <Dir>
ETAX2006 Tue 8 Aug 2006 17:19:34 .D... <Dir>
ETAX2007 Thu 23 Aug 2007 18:12:54 .D... <Dir>
hiberfil.sys Thu 29 Nov 2007 7:50:16 A.SH. 1,609,945,088 1535.36 M
ISEEYO~1 Tue 27 Nov 2007 10:32:24 .D... <Dir>
MSOCACHE Sun 23 Jul 2006 8:44:12 .D.HR <Dir>
ntdetect.com Wed 4 Aug 2004 7:08:34 A.SHR 47,564 46.45 K
ntldr Wed 4 Aug 2004 7:29:34 A.SHR 250,032 244.17 K
pagefile.sys Thu 29 Nov 2007 7:50:14 A.SH. 792,723,456 756.00 M
PROGRA~1 Sun 23 Jul 2006 3:46:26 .D..R <Dir>
RECYCLER Mon 26 Nov 2007 10:14:16 .DSH. <Dir>
S400 Mon 18 Sep 2006 10:20:12 .D... <Dir>
sq13b0~1.sqm Sat 2 Jun 2007 11:48:24 A..H. 244 0.24 K
sq13b4~1.sqm Sat 2 Jun 2007 12:11:08 A..H. 244 0.24 K
sq13b8~1.sqm Mon 20 Aug 2007 8:41:44 A..H. 244 0.24 K
sq13bc~1.sqm Mon 20 Aug 2007 8:42:16 A..H. 244 0.24 K
sq23b0~1.sqm Sat 2 Jun 2007 12:11:30 A..H. 244 0.24 K
sq23b4~1.sqm Sat 16 Jun 2007 17:01:10 A..H. 244 0.24 K
sq23b8~1.sqm Sat 2 Jun 2007 12:11:12 A..H. 244 0.24 K
sq23bc~1.sqm Sat 2 Jun 2007 12:11:28 A..H. 244 0.24 K
sq2fa0~1.sqm Thu 19 Jul 2007 21:32:14 A..H. 244 0.24 K
sq2fa4~1.sqm Thu 19 Jul 2007 21:32:38 A..H. 244 0.24 K
sq2fa8~1.sqm Mon 16 Jul 2007 21:42:16 A..H. 244 0.24 K
sq2fac~1.sqm Tue 17 Jul 2007 20:56:24 A..H. 244 0.24 K
sq33b8~1.sqm Sat 16 Jun 2007 17:01:12 A..H. 244 0.24 K
sq33bc~1.sqm Sat 16 Jun 2007 17:01:20 A..H. 244 0.24 K
sq3fa8~1.sqm Fri 20 Jul 2007 18:00:00 A..H. 244 0.24 K
sq3fac~1.sqm Fri 20 Jul 2007 19:34:40 A..H. 244 0.24 K
sqa368~1.sqm Mon 20 Aug 2007 8:41:46 A..H. 232 0.23 K
sqa378~1.sqm Sat 2 Jun 2007 12:11:12 A..H. 232 0.23 K
sqa37a~1.sqm Mon 16 Jul 2007 21:42:16 A..H. 232 0.23 K
sqa388~1.sqm Sat 16 Jun 2007 17:01:12 A..H. 232 0.23 K
sqa38a~1.sqm Fri 20 Jul 2007 18:00:00 A..H. 232 0.23 K
sqa768~1.sqm Mon 20 Aug 2007 8:42:16 A..H. 232 0.23 K
sqa778~1.sqm Sat 2 Jun 2007 12:11:28 A..H. 232 0.23 K
sqa77a~1.sqm Tue 17 Jul 2007 20:56:24 A..H. 232 0.23 K
sqa788~1.sqm Sat 16 Jun 2007 17:01:20 A..H. 232 0.23 K
sqa78a~1.sqm Fri 20 Jul 2007 19:34:40 A..H. 232 0.23 K
sqab68~1.sqm Sat 2 Jun 2007 11:48:24 A..H. 232 0.23 K
sqab78~1.sqm Sat 2 Jun 2007 12:11:30 A..H. 232 0.23 K
sqab7a~1.sqm Thu 19 Jul 2007 21:32:14 A..H. 232 0.23 K
sqaf68~1.sqm Sat 2 Jun 2007 12:11:08 A..H. 232 0.23 K
sqaf78~1.sqm Sat 16 Jun 2007 17:01:10 A..H. 232 0.23 K
sqaf7a~1.sqm Thu 19 Jul 2007 21:32:38 A..H. 232 0.23 K
sqmdat~1.sqm Sun 1 Jul 2007 22:50:22 A..H. 232 0.23 K
sqmdat~2.sqm Mon 2 Jul 2007 21:00:22 A..H. 268 0.26 K
sqmdat~3.sqm Mon 2 Jul 2007 21:00:22 A..H. 136 0.13 K
sqmdat~4.sqm Mon 2 Jul 2007 21:00:22 A..H. 160 0.16 K
sqmnoo~1.sqm Sun 1 Jul 2007 22:50:22 A..H. 244 0.24 K
sqmnoo~2.sqm Mon 2 Jul 2007 21:00:22 A..H. 244 0.24 K
sqmnoo~3.sqm Mon 2 Jul 2007 21:00:22 A..H. 244 0.24 K
sqmnoo~4.sqm Mon 2 Jul 2007 21:00:22 A..H. 172 0.17 K
STUDIO~1 Sun 7 Oct 2007 21:35:30 .D... <Dir>
SYSTEM~1 Sun 23 Jul 2006 3:44:42 .DSH. <Dir>
VIDEO Sun 23 Jul 2006 8:21:18 .D... <Dir>
WINDOWS Sun 23 Jul 2006 3:39:52 .D... <Dir>
63 items found: 45 files (45 H/S), 18 directories (4 H/S).
Total of file sizes: 2,402,975,666 bytes 2.23 G
Member
--------------------------------------------------------------------------
Locating all Backup files on H:
--------------------------------------------------------------------------
Locating all *.BAK* files
H:\ETAX2006\
damian~1.bak Tue 29 Aug 2006 19:21:12 A.... 3,168 3.09 K
H:\ETAX2007\
damian.bak Thu 23 Aug 2007 18:53:14 A.... 2,880 2.81 K
damian07.bak Fri 24 Aug 2007 14:14:20 A.... 3,008 2.94 K
H:\STUDIO~1\
slddin~1.bak Sun 28 Oct 2007 0:18:16 A.... 5,016 4.90 K
H:\PROGRA~1\STUDIO~1\
relaxi~1.bak Sun 28 Oct 2007 0:18:16 A.... 931 0.91 K
H:\PROGRA~1\COMMON~1\SYMANT~1\
firewall.bak Wed 28 Nov 2007 18:11:54 A.... 46,516 45.43 K
persist.bak Thu 22 Nov 2007 12:14:46 A.... 2,212 2.16 K
H:\PROGRA~1\ELABOR~1\CLONED~1\
cloned~1.bak Wed 13 Jul 2005 5:28:38 A.... 4,636,672 4.42 M
rgdrvl~1.bak Wed 13 Jul 2005 5:28:38 A.... 128,000 125.00 K
H:\PROGRA~1\SLYSOFT\ANYDVD\
anydvd~1.bak Mon 27 Nov 2006 4:29:38 A.... 498,176 486.50 K
H:\PROGRA~1\COMMON~1\SYMANT~1\IDS\
idssettg.bak Sat 24 Nov 2007 7:41:44 A.... 3,788 3.70 K
H:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\INTERN~1\
brndlog.bak Sat 22 Jul 2006 18:28:14 A.... 113 0.11 K
H:\DOCUME~1\ALLUSE~1\APPLIC~1\SYMANTEC\COMMON~1\
settings.bak Thu 29 Nov 2007 7:48:00 A.... 5,318,164 5.07 M
H:\DOCUME~1\DAMIAN\APPLIC~1\MICROS~1\INTERN~1\
brndlog.bak Sat 22 Jul 2006 18:28:34 A.... 141 0.14 K
H:\DOCUME~1\DEFAUL~1\APPLIC~1\MICROS~1\INTERN~1\
brndlog.bak Sat 22 Jul 2006 18:28:14 A.... 113 0.11 K
H:\WINDOWS\PCHEALTH\HELPCTR\CONFIG\CACHE\
profes~1.bak Tue 27 Nov 2007 9:56:36 A.... 268,934 262.63 K
H:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA \
opa11.bak Thu 17 Oct 2002 22:23:16 A.... 8,200 8.01 K
H:\DOCUME~1\DAMIAN\APPLIC~1\MOZILLA\FIREFOX\PROFIL ES\B1GKMR~1.DEF\
bookma~1.bak Thu 29 Nov 2007 7:17:24 A.... 41,475 40.50 K
bookma~2.bak Sat 24 Nov 2007 20:59:40 A.... 32,924 32.15 K
H:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\MICRO S~1\INTERN~1\
brndlog.bak Sat 22 Jul 2006 18:28:14 A.... 113 0.11 K
20 items found: 20 files, 0 directories.
Total of file sizes: 11,000,544 bytes 10.49 M
--------------------------------------------------------------------------
Locating all copies of Internet Explorer on H:
--------------------------------------------------------------------------
Locating all copies of Internet Explorer
H:\PROGRA~1\INTERN~1\
iexplore.exe Wed 4 Aug 2004 9:26:52 A.... 93,184 91.00 K
H:\WINDOWS\SYSTEM32\DLLCACHE\
iexplore.exe Wed 4 Aug 2004 9:26:52 A.... 93,184 91.00 K
2 items found: 2 files, 0 directories.
Total of file sizes: 186,368 bytes 182.00 K
--------------------------------------------------------------------------
Locating all copies of Windows Explorer on H:
--------------------------------------------------------------------------
Locating all copies of Windows Explorer
H:\WINDOWS\
explorer.exe Wed 13 Jun 2007 21:56:04 A.... 1,033,216 1009.00 K
H:\WINDOWS\$N7CCA~1\
explorer.exe Thu 20 Jul 2006 6:45:58 ..... 1,032,192 1008.00 K
H:\WINDOWS\SYSTEM32\DLLCACHE\
explorer.exe Wed 13 Jun 2007 21:56:04 A.... 1,033,216 1009.00 K
3 items found: 3 files, 0 directories.
Total of file sizes: 3,098,624 bytes 2.95 M
--------------------------------------------------------------------------
Items in Document and Settings:
--------------------------------------------------------------------------
Listing contents of H:\Documents and Settings
No matches found.
--------------------------------------------------------------------------
Desktop Items:
--------------------------------------------------------------------------
Locating all files created in H:\Documents and Settings\Damian\Desktop within the last 90 days.
No matches found.
Locating all files created in H:\Documents and Settings\All Users\Desktop\ within the last 90 days.
No matches found.
--------------------------------------------------------------------------
Start Menu Items:
--------------------------------------------------------------------------
Locating all files created inH:\Documents and Settings\Damian\Start Menu within the last 90 days.
No matches found.
Locating all files created in H:\Documents and Settings\Damian\Start Menu\Programs\Startup within the last 90 days.
No matches found.
Locating all files created in H:\Documents and Settings\All Users\Start Menu within the last 90 days.
No matches found.
Locating all files created in H:\Documents and Settings\All Users\Start Menu\Programs\Startup\ within the last 90 days.
No matches found.
--------------------------------------------------------------------------
Application Data Items:
--------------------------------------------------------------------------
Locating all files created in H:\Documents and Settings\Damian\Application Data\ within the last 90 days.
No matches found.
Locating all files created in H:\Documents and Settings\Damian\Local Settings\Application Data\ within the last 90 days.
No matches found.
Locating all files created in H:\Documents and Settings\All Users\Application Data\ within the last 90 days.
No matches found.
--------------------------------------------------------------------------
H:\Documents and Settings\Damian\Local Settings\TEMP:
--------------------------------------------------------------------------
Locating all files created in H:\Documents and Settings\Damian\Local Settings\TEMP within the last 90 days.
--------------------------------------------------------------------------
Items in Templates Folder:
--------------------------------------------------------------------------
Locating all files created in H:\Documents and Settings\Damian\Templates
No matches found.
--------------------------------------------------------------------------
Items in Program Files:
--------------------------------------------------------------------------
Locating all files created in H:\Program Files\ within the last 90 days.
No matches found.
Locating all files created in H:\Program Files\Common Files\ within the last 90 days.
No matches found.
Locating all files created in H:\Program Files\Common Files\Microsoft Shared\Web Folders within the last 90 days.
--------------------------------------------------------------------------
Items in the Windows Directory:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\ within the last 90 days.
H:\WINDOWS\
$N28DE~1 Fri 31 Aug 2007 16:46:18 .D.H. <Dir>
$N30AC~1 Thu 11 Oct 2007 9:45:40 .D.H. <Dir>
$N38D4~1 Wed 14 Nov 2007 6:25:54 .D.H. <Dir>
$N48EA~1 Thu 11 Oct 2007 9:46:38 .D.H. <Dir>
$N88B6~1 Thu 11 Oct 2007 9:46:50 .D.H. <Dir>
0.log Thu 29 Nov 2007 7:51:06 A.... 0 0.00 K
alcfdrtm.ver Sat 24 Nov 2007 18:11:26 A.... 81,920 80.00 K
ASSEMBLY Wed 28 Nov 2007 18:10:56 .DS.R <Dir>
bootstat.dat Thu 29 Nov 2007 7:50:22 A.S.. 2,048 2.00 K
ERDNT Tue 20 Nov 2007 6:54:36 .D... <Dir>
FTPCACHE Sun 21 Oct 2007 0:54:50 .DSH. <Dir>
MICROS~1.NET Wed 28 Nov 2007 18:10:56 .D... <Dir>
MINIDUMP Tue 16 Oct 2007 9:17:00 .D... <Dir>
nerodi~1.ini Fri 23 Nov 2007 8:58:02 A.... 116 0.11 K
nsreg.dat Fri 16 Nov 2007 12:23:48 A.... 0 0.00 K
relax.ini Sun 7 Oct 2007 21:35:44 A.... 52 0.05 K
s1650e~1.tmp Sun 14 Oct 2007 22:54:04 ..SH. 24 0.02 K
schedlgu.txt Thu 29 Nov 2007 7:48:00 A.... 21,936 21.42 K
setupapi.log Thu 29 Nov 2007 7:07:42 A.... 1,134 1.11 K
sti_tr~1.log Sun 25 Nov 2007 8:11:58 A.... 0 0.00 K
SUN Thu 8 Nov 2007 19:56:26 .D... <Dir>
thumbs.db Fri 14 Sep 2007 17:49:04 A.SH. 7,680 7.50 K
wiadebug.log Thu 29 Nov 2007 7:50:46 A.... 159 0.15 K
wiaservc.log Thu 29 Nov 2007 7:50:42 A.... 50 0.05 K
window~1.log Thu 29 Nov 2007 7:56:18 A.... 394,819 385.56 K
wininit.ini Mon 19 Nov 2007 13:53:34 A.... 449 0.44 K
26 items found: 15 files (3 H/S), 11 directories (7 H/S).
Total of file sizes: 510,387 bytes 498.42 K
--------------------------------------------------------------------------
H:\WINDOWS\Downloaded Program Files:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\Downloaded Program Files\ within the last 90 days.
No matches found.
--------------------------------------------------------------------------
H:\WINDOWS\PCHealth\HelpCtr\Binaries:
--------------------------------------------------------------------------
Locating all files in H:\WINDOWS\PCHealth\HelpCtr\Binaries
H:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\
brpinfo.dll Thu 23 Aug 2001 22:30:00 A.... 21,504 21.00 K
hcappres.dll Thu 23 Aug 2001 22:30:00 A.... 6,656 6.50 K
helpctr.exe Wed 4 Aug 2004 9:26:50 A.... 768,512 750.50 K
helphost.exe Thu 23 Aug 2001 22:30:00 A.... 99,840 97.50 K
helpsvc.exe Wed 4 Aug 2004 9:26:52 A.... 743,936 726.50 K
hscmui.cab Sat 17 Jul 2004 20:09:14 A.... 68,327 66.72 K
hscsp_w3.cab Sat 17 Jul 2004 20:09:16 A.... 305,145 297.99 K
hscupd.exe Wed 4 Aug 2004 9:26:52 A.... 18,944 18.50 K
msconfig.exe Thu 20 Jul 2006 6:46:18 A.... 169,984 166.00 K
msinfo.dll Wed 4 Aug 2004 9:26:44 A.... 376,320 367.50 K
notiflag.exe Thu 23 Aug 2001 22:30:00 A.... 35,328 34.50 K
pchdt_w3.cab Wed 4 Aug 2004 7:19:10 A.... 2,737,914 2.61 M
pchshell.dll Wed 4 Aug 2004 9:26:46 A.... 102,400 100.00 K
pchsvc.dll Wed 4 Aug 2004 9:26:46 A.... 38,912 38.00 K
14 items found: 14 files, 0 directories.
Total of file sizes: 5,493,722 bytes 5.24 M
--------------------------------------------------------------------------
H:\WINDOWS\system:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\system within the last 90 days.
No matches found.
--------------------------------------------------------------------------
H:\WINDOWS\system32:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\system32 within the last 90 days.
H:\WINDOWS\SYSTEM32\
ADOBE Mon 26 Nov 2007 21:44:16 .D... <Dir>
bassmod.dll Sun 21 Oct 2007 13:45:34 A.... 34,308 33.50 K
java.exe Mon 24 Sep 2007 22:30:28 A.... 135,168 132.00 K
javacpl.cpl Mon 24 Sep 2007 23:31:42 A.... 69,632 68.00 K
javaw.exe Mon 24 Sep 2007 22:30:30 A.... 135,168 132.00 K
javaws.exe Mon 24 Sep 2007 23:31:42 A.... 139,264 136.00 K
jupdat~1.log Thu 8 Nov 2007 19:56:08 A.... 5,387 5.26 K
KASPER~1 Wed 21 Nov 2007 8:02:24 .D... <Dir>
khqgujsh.ini Thu 29 Nov 2007 6:13:24 ..SH. 728,243 711.17 K
mcrh.tmp Thu 29 Nov 2007 8:30:02 A.... 0 0.00 K
mrt.exe Fri 2 Nov 2007 0:12:58 A.... 18,238,072 17.39 M
mwpbtabb.ini Wed 28 Nov 2007 17:53:22 ..... 778,982 760.72 K
nvapps.xml Thu 29 Nov 2007 7:51:12 A.... 61,465 60.02 K
paaivpcd.ini Tue 27 Nov 2007 10:30:16 ..... 778,838 760.58 K
perfc009.dat Wed 28 Nov 2007 18:12:40 A.... 53,724 52.46 K
perfh009.dat Wed 28 Nov 2007 18:12:40 A.... 383,562 374.57 K
perfst~1.ini Wed 28 Nov 2007 18:12:40 A.... 389,304 380.18 K
profile.dat Thu 29 Nov 2007 7:48:00 A.... 40 0.04 K
shell32.dll Fri 26 Oct 2007 14:04:02 A.... 8,460,288 8.07 M
sstts.dll Wed 14 Nov 2007 17:43:56 ..... 320,608 313.09 K
stream~1.dll Tue 20 Nov 2007 15:09:42 ....R 59,392 58.00 K
sttss.ini Thu 29 Nov 2007 8:33:44 A.SH. 489 0.48 K
sttss~1.ini Thu 29 Nov 2007 8:33:22 A.SH. 994 0.97 K
sybsaoxe.ini Mon 26 Nov 2007 17:12:04 ..... 776,492 758.29 K
sytmwgpx.ini Sat 24 Nov 2007 7:42:02 ..... 775,832 757.65 K
tzlog.log Fri 31 Aug 2007 16:46:18 A.... 253,934 247.98 K
URTTEMP Wed 28 Nov 2007 18:10:52 .D... <Dir>
vfxqpvuv.ini Thu 29 Nov 2007 6:44:06 ..SH. 737,206 719.93 K
vuvpqxfv.dll Thu 29 Nov 2007 6:14:38 A.... 86,080 84.06 K
wpa.dbl Sun 18 Nov 2007 14:49:04 A.... 2,206 2.15 K
xpgwmtys.dll Sat 24 Nov 2007 7:41:40 ..... 86,080 84.06 K
xpsp3res.dll Mon 29 Oct 2007 20:34:04 A.... 350,720 342.50 K
32 items found: 29 files (4 H/S), 3 directories.
Total of file sizes: 33,841,478 bytes 32.27 M
--------------------------------------------------------------------------
H:\WINDOWS\system32\com:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\system32\com within the last 90 days.
No matches found.
--------------------------------------------------------------------------
H:\WINDOWS\system32\components:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\system32\components within the last 90 days.
No matches found.
--------------------------------------------------------------------------
H:\WINDOWS\system32\drivers:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\system32\drivers within the last 90 days.
H:\WINDOWS\SYSTEM32\DRIVERS\
anydvd.sys Wed 21 Nov 2007 10:29:48 A.... 97,216 94.94 K
tmcomm.sys Thu 15 Nov 2007 15:25:36 A.... 102,664 100.26 K
2 items found: 2 files, 0 directories.
Total of file sizes: 199,880 bytes 195.20 K
--------------------------------------------------------------------------
H:\WINDOWS\system32\drivers\etc:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\system32\drivers\etc within the last 90 days.
No matches found.
--------------------------------------------------------------------------
H:\WINDOWS\TEMP:
--------------------------------------------------------------------------
Locating all files created in H:\WINDOWS\TEMP within the last 90 days.
H:\WINDOWS\TEMP\
wgaerr~1.txt Thu 29 Nov 2007 7:51:08 A.... 255 0.25 K
wganot~1.set Thu 29 Nov 2007 7:56:08 A.... 409 0.40 K
2 items found: 2 files, 0 directories.
Total of file sizes: 664 bytes 0.65 K
************************************************** **********************************
Checking for .COM files to Delete. They will only print if deleted!
Locating .COM files in the H:\WINDOWS\System32 folder
H:\WINDOWS\SYSTEM32\
chcp.com Thu 23 Aug 2001 22:30:00 A.... 7,680 7.50 K
command.com Thu 23 Aug 2001 22:30:00 A.... 50,620 49.43 K
diskcomp.com Thu 23 Aug 2001 22:30:00 A.... 9,216 9.00 K
diskcopy.com Thu 23 Aug 2001 22:30:00 A.... 7,168 7.00 K
edit.com Thu 23 Aug 2001 22:30:00 A.... 69,886 68.25 K
format.com Thu 23 Aug 2001 22:30:00 A.... 25,600 25.00 K
graftabl.com Thu 23 Aug 2001 22:30:00 A.... 26,112 25.50 K
graphics.com Thu 23 Aug 2001 22:30:00 A.... 19,694 19.23 K
kb16.com Thu 23 Aug 2001 22:30:00 A.... 14,710 14.36 K
loadfix.com Thu 23 Aug 2001 22:30:00 A.... 1,131 1.10 K
locate.com Fri 14 Jan 2005 1:41:48 A.... 11,254 10.99 K
mode.com Thu 23 Aug 2001 22:30:00 A.... 19,456 19.00 K
more.com Thu 23 Aug 2001 22:30:00 A.... 15,872 15.50 K
tree.com Thu 23 Aug 2001 22:30:00 A.... 11,264 11.00 K
win.com Thu 23 Aug 2001 22:30:00 A.... 18,432 18.00 K
15 items found: 15 files, 0 directories.
Total of file sizes: 308,095 bytes 300.87 K
Member
************************************************** **********************************
Miscellaneous Malware Detections:
------------------------------------------------------------------------------------
**** Delfin Media {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! ****
**** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****
**** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! ****
**** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! ****
**** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! ****
**** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! ****
**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****
**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****
**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****
**** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****
**** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****
**** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! ****
**** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! ****
**** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! ****
**** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! ****
**** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! ****
**** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! ****
**** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! ****
**** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! ****
**** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! ****
**** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! ****
**** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! ****
**** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! ****
**** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! ****
**** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! ****
**** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! ****
**** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! ****
**** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! ****
**** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! ****
**** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! ****
**** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! ****
**** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! ****
**** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! ****
**** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! ****
**** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! ****
**** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! ****
**** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! ****
**** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! ****
**** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! ****
**** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! ****
**** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! ****
**** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! ****
**** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! ****
**** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! ****
**** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! ****
**** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! ****
**** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! ****
**** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! ****
**** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! ****
**** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! ****
**** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! ****
**** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! ****
**** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! ****
**** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! ****
**** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! ****
**** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! ****
**** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! ****
**** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! ****
**** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! ****
**** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! ****
**** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! ****
**** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! ****
**** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! ****
**** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! ****
**** Troj/Crafted-A {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****
**** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! ****
**** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! ****
**** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! ****
**** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! ****
**** W32/Almanahe.a Worm NOT FOUND by this tool! ****
**** msctl32.dll SpamBot NOT FOUND by this tool! ****
**** KeyLogger NOT FOUND by this tool! ****
--------------------------------------------------------------------------
CHECKING FOR BOT-TYPE WORMS:
--------------------------------------------------------------------------
**** W32/Sdbot Worm NOT FOUND by this tool! ****
--------------------------------------------------------------------------
CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS:
--------------------------------------------------------------------------
**** i386p.* Stealthing Agent NOT FOUND by this tool! ****
**** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! ****
**** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! ****
**** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! ****
**** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! ****
**** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! ****
--------------------------------------------------------------------------
CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS:
--------------------------------------------------------------------------
**** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! ****
**** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! ****
**** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! ****
**** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! ****
**** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! ****
**** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! ****
**** CmdService adware NOT FOUND by this tool! ****
**** Network_Monitor adware NOT FOUND by this tool! ****
**** Trojan.Peacomm NOT FOUND by this tool! ****
**** Trojan.Peacomm windev NOT FOUND by this tool! ****
**** AVPE Haxdoor NOT FOUND by this tool! ****
**** MEMLOW Haxdoor NOT FOUND by this tool! ****
**** VDMT Haxdoor NOT FOUND by this tool! ****
**** YCSVGA Haxdoor NOT FOUND by this tool! ****
**** PPTP Haxdoor NOT FOUND by this tool! ****
**** DVB Haxdoor NOT FOUND by this tool! ****
**** YVBB Haxdoor NOT FOUND by this tool! ****
**** YVPP Haxdoor NOT FOUND by this tool! ****
**** NKGFS Haxdoor NOT FOUND by this tool! ****
**** XMSK Haxdoor NOT FOUND by this tool! ****
**** AVPX Haxdoor NOT FOUND by this tool! ****
**** MMXF Haxdoor NOT FOUND by this tool! ****
**** DP1112 Vundo Rootkit NOT FOUND by this tool! ****
**** SYSBUS32 Rootkit Driver NOT FOUND by this tool! ****
**** I386P Rootkit Driver NOT FOUND by this tool! ****
**** ERSSDD Rootkit NOT FOUND by this tool! ****
**** GencTurK RootKit NOT FOUND by this tool! ****
**** Troj/NTRootK-BP RootKit NOT FOUND by this tool! ****
**** W32/Almanahe.sys NOT FOUND by this tool! ****
************************************************** **********************************
Dumping HKLM Uninstall Programs list
DisplayName REG_SZ Adobe Acrobat 5.0
DisplayName REG_SZ Adobe Flash Player 9 ActiveX
DisplayName REG_SZ Adobe Flash Player Plugin
DisplayName REG_SZ Agere Systems PCI Soft Modem
DisplayName REG_SZ AnyDVD
DisplayName REG_SZ AVG Anti-Rootkit Free
DisplayName REG_SZ AVG Anti-Spyware 7.5
DisplayName REG_SZ Camera Window
DisplayName REG_SZ Canon Camera Window for ZoomBrowser EX
DisplayName REG_SZ Canon iP4300
DisplayName REG_SZ Canon PhotoRecord
DisplayName REG_SZ Canon Setup Utility 2.3
DisplayName REG_SZ Canon Utilities Easy-PhotoPrint
DisplayName REG_SZ Canon Utilities Easy-PrintToolBox
DisplayName REG_SZ Canon Utilities File Viewer Utility 1.2
DisplayName REG_SZ Canon Utilities PhotoStitch 3.1
DisplayName REG_SZ Canon Utilities RemoteCapture 2.7
DisplayName REG_SZ Canon Utilities ZoomBrowser EX
DisplayName REG_SZ CCleaner (remove only)
DisplayName REG_SZ CD-LabelPrint
DisplayName REG_SZ CDex extraction audio
DisplayName REG_SZ CloneDVD 3.9.4
DisplayName REG_SZ CloneDVD2
DisplayName REG_SZ Diamond View V4.08
DisplayName REG_SZ DVD Decrypter (Remove Only)
DisplayName REG_SZ DVD Shrink 3.2
DisplayName REG_SZ Dynalink ADSL Router USB Driver
DisplayName REG_SZ e-tax 2006
DisplayName REG_SZ e-tax 2007
DisplayName REG_SZ Easy-WebPrint
DisplayName REG_SZ File Viewer Utility 1.2.2
DisplayName REG_SZ HijackThis 1.99.1
DisplayName REG_SZ Hotfix for Windows XP (KB929120)
DisplayName REG_SZ Hotfix for Windows XP (KB935448)
DisplayName REG_SZ Intel(R) Graphics Media Accelerator Driver
DisplayName REG_SZ Java(TM) 6 Update 3
DisplayName REG_SZ K9
DisplayName REG_SZ Kaspersky Online Scanner
DisplayName REG_SZ LiveUpdate 2.6 (Symantec Corporation)
DisplayName REG_SZ Media & Office Keyboard
DisplayName REG_SZ Microsoft .NET Framework 1.1
DisplayName REG_SZ Microsoft Money 2006
DisplayName REG_SZ Microsoft Office Professional Edition 2003
DisplayName REG_SZ Movie Downloader
DisplayName REG_SZ Movie Joiner
DisplayName REG_SZ Mozilla Firefox (2.0.0.10)
DisplayName REG_SZ MSXML 4.0 SP2 (KB925672)
DisplayName REG_SZ MSXML 4.0 SP2 (KB927978)
DisplayName REG_SZ MSXML 4.0 SP2 (KB936181)
DisplayName REG_SZ MSXML 6.0 Parser (KB933579)
DisplayName REG_SZ Nero 7 Ultra Edition
DisplayName REG_SZ ninemsn Internet Software
DisplayName REG_SZ OneCare Advisor (Windows Live Toolbar)
DisplayName REG_SZ PhotoStitch
DisplayName REG_SZ Popup Blocker (Windows Live Toolbar)
DisplayName REG_SZ PowerDVD
DisplayName REG_SZ QuickTime
DisplayName REG_SZ QuickTime
DisplayName REG_SZ Realtek High Definition Audio Driver
DisplayName REG_SZ RemoteCapture 2.7.2
DisplayName REG_SZ S400
DisplayName REG_SZ ScanButton
DisplayName REG_SZ Security Update for CAPICOM (KB931906)
DisplayName REG_SZ Security Update for CAPICOM (KB931906)
DisplayName REG_SZ Security Update for Windows Media Player 10 (KB936782)
DisplayName REG_SZ Security Update for Windows Media Player 6.4 (KB925398)
DisplayName REG_SZ Security Update for Windows XP (KB917422)
DisplayName REG_SZ Security Update for Windows XP (KB918118)
DisplayName REG_SZ Security Update for Windows XP (KB918899)
DisplayName REG_SZ Security Update for Windows XP (KB919007)
DisplayName REG_SZ Security Update for Windows XP (KB920213)
DisplayName REG_SZ Security Update for Windows XP (KB920214)
DisplayName REG_SZ Security Update for Windows XP (KB920670)
DisplayName REG_SZ Security Update for Windows XP (KB920683)
DisplayName REG_SZ Security Update for Windows XP (KB920685)
DisplayName REG_SZ Security Update for Windows XP (KB921398)
DisplayName REG_SZ Security Update for Windows XP (KB921503)
DisplayName REG_SZ Security Update for Windows XP (KB921883)
DisplayName REG_SZ Security Update for Windows XP (KB922616)
DisplayName REG_SZ Security Update for Windows XP (KB922760)
DisplayName REG_SZ Security Update for Windows XP (KB922819)
DisplayName REG_SZ Security Update for Windows XP (KB923191)
DisplayName REG_SZ Security Update for Windows XP (KB923414)
DisplayName REG_SZ Security Update for Windows XP (KB923689)
DisplayName REG_SZ Security Update for Windows XP (KB923694)
DisplayName REG_SZ Security Update for Windows XP (KB923980)
DisplayName REG_SZ Security Update for Windows XP (KB924191)
DisplayName REG_SZ Security Update for Windows XP (KB924270)
DisplayName REG_SZ Security Update for Windows XP (KB924496)
DisplayName REG_SZ Security Update for Windows XP (KB924667)
DisplayName REG_SZ Security Update for Windows XP (KB925454)
DisplayName REG_SZ Security Update for Windows XP (KB925486)
DisplayName REG_SZ Security Update for Windows XP (KB925902)
DisplayName REG_SZ Security Update for Windows XP (KB926255)
DisplayName REG_SZ Security Update for Windows XP (KB926436)
DisplayName REG_SZ Security Update for Windows XP (KB927779)
DisplayName REG_SZ Security Update for Windows XP (KB927802)
DisplayName REG_SZ Security Update for Windows XP (KB928090)
DisplayName REG_SZ Security Update for Windows XP (KB928255)
DisplayName REG_SZ Security Update for Windows XP (KB928843)
DisplayName REG_SZ Security Update for Windows XP (KB929123)
DisplayName REG_SZ Security Update for Windows XP (KB929969)
DisplayName REG_SZ Security Update for Windows XP (KB930178)
DisplayName REG_SZ Security Update for Windows XP (KB931261)
DisplayName REG_SZ Security Update for Windows XP (KB931768)
DisplayName REG_SZ Security Update for Windows XP (KB931784)
DisplayName REG_SZ Security Update for Windows XP (KB932168)
DisplayName REG_SZ Security Update for Windows XP (KB933566)
DisplayName REG_SZ Security Update for Windows XP (KB933729)
DisplayName REG_SZ Security Update for Windows XP (KB935839)
DisplayName REG_SZ Security Update for Windows XP (KB935840)
DisplayName REG_SZ Security Update for Windows XP (KB936021)
DisplayName REG_SZ Security Update for Windows XP (KB937143)
DisplayName REG_SZ Security Update for Windows XP (KB938127)
DisplayName REG_SZ Security Update for Windows XP (KB938829)
DisplayName REG_SZ Security Update for Windows XP (KB939653)
DisplayName REG_SZ Security Update for Windows XP (KB941202)
DisplayName REG_SZ Security Update for Windows XP (KB943460)
DisplayName REG_SZ Smart Menus (Windows Live Toolbar)
DisplayName REG_SZ Software Update for Web Folders
DisplayName REG_SZ Spybot - Search & Destroy 1.4
DisplayName REG_SZ StudioLine Photo Basic
DisplayName REG_SZ Symantec Client Security
DisplayName REG_SZ Tabbed Browsing (Windows Live Toolbar)
DisplayName REG_SZ TrojanHunter 5.0
DisplayName REG_SZ Ultimate Label Printer Pro Version 5.5.2
DisplayName REG_SZ Update for Windows Media Player 10 (KB926251)
DisplayName REG_SZ Update for Windows XP (KB920872)
DisplayName REG_SZ Update for Windows XP (KB922582)
DisplayName REG_SZ Update for Windows XP (KB927891)
DisplayName REG_SZ Update for Windows XP (KB929338)
DisplayName REG_SZ Update for Windows XP (KB930916)
DisplayName REG_SZ Update for Windows XP (KB931836)
DisplayName REG_SZ Update for Windows XP (KB933360)
DisplayName REG_SZ Update for Windows XP (KB936357)
DisplayName REG_SZ Update for Windows XP (KB938828)
DisplayName REG_SZ Windows Live Favorites for Windows Live Toolbar
DisplayName REG_SZ Windows Live Messenger
DisplayName REG_SZ Windows Live Outlook Toolbar (Windows Live Toolbar)
DisplayName REG_SZ Windows Live Sign-in Assistant
DisplayName REG_SZ Windows Live Toolbar
DisplayName REG_SZ Windows Live Toolbar
DisplayName REG_SZ Windows Live Toolbar Extension (Windows Live Toolbar)
DisplayName REG_SZ Windows Live Toolbar Feed Detector (Windows Live Toolbar)
DisplayName REG_SZ WinFast(R) Display Driver
DisplayName REG_SZ WinRAR archiver
DisplayName REG_SZ WinZip
ParentDisplayName REG_SZ CAPICOM
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
ParentDisplayName REG_SZ Windows XP - Software Updates
################################################## ################################################## #
-- All DONE!
~ ShadowPuterDude ~
Super Moderator
OK, I know you have done this before:
Download to your Desktop:
- combofix.exe
- VundoFix.exe
- SDFix
Install SDFixRun ComBoFix:
- Run the SDFix.exe by double clicking on it.
- Allow it to install into the default location which is c:\SDFix
Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Attach this log in the next post.
Note:Do not mouseclick combofix's window while it is running. That may cause it to stall.
Reboot to Safe Mode.
Run VundoFixNote: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Run SDfix:Reboot to Normal Mode.
- Open the C:\SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
- Attach the Report.txt file to your next message.
Run ProcessDll
Attach the following logs:
ComboFix
vundofix.txt
Report.txt from SDFix
prodll.txt from ProcessDll
Attach the logs, posting the logs inline with your reply is making it difficult to read the log.
a-squared Team - www.emsisoft.com
"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Linux Registered User # 363218
Member
VundoFix V6.6.2
Checking Java version...
Scan started at 3:33:42 PM 29/11/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote