BSOD amongst other things

timeoutgang · 2006/12/12

TeMerc, as requested, here is my new thread. Thanks for your help & time on this.

Quote:
Originally Posted by timeoutgang
Ran a panda scan online & the following were found:-

Elite, found in 2 locations,
1) C:\Windows\system32\drivers\tdiip.sys
2) C:\Windows\system32\windump.exe

List.istbar, found in c:\windows\system32\mscache.sys

Thespyguard, found in c:\windows\system32\winsrv32.exe

Mywebsearch, found in hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}

Com.com, found in C:\documents and settings\Dafydd\Cookies\dafydd@com[1].txt

SCKeylog.AC, found in 10 locations,
1) C:\documents and settings\Dafydd\Local Settings\Temp\Temporary Directory 1 for scklpro.zip\scklpro.exe[klenA]
2) C:\documents and settings\Dafydd\Local Settings\Temp\Temporary Directory 1 for scklpro.zip\scklpro.exe[kllnA]
3) C:\documents and settings\Dafydd\Local Settings\Temp\Temporary Directory 2 for scklpro.zip\scklpro.exe[klenA]
4) C:\documents and settings\Dafydd\Local Settings\Temp\Temporary Directory 2 for scklpro.zip\scklpro.exe[kllnA]
5) C:\documents and settings\Dafydd\Local Settings\Temp\Temporary Directory 3 for scklpro.zip\scklpro.exe[klenA]
6) C:\documents and settings\Dafydd\Local Settings\Temp\Temporary Directory 3 for scklpro.zip\scklpro.exe[kllnA]
7) C:\documents and settings\Dafydd\My Documents\My Recieved Files\scklpro.zip[scklpro.exe][klenA]
8) C:\documents and settings\Dafydd\My Documents\My Recieved Files\scklpro.zip[scklpro.exe][kllnA]
9) C:\Program Files\SCKLPRO\klenA
10) C:\Program Files\SCKLPRO\kllnA

Eicar.Mod, found in C:\KAV\PersonalPro\CD French\data1.cab[eicar.html]

Hack Tool/EvID, found in C:\Program Files\PPLive TV\SynaLiveSetup.exe[EvID4226Patch.exe]

Don't know where to turn next! Why haven't AVG, Spybot & AdAware picked these up?
Please help, what now?

I just used the 'search' function for the other thread in Spyware & Virus removal, and neither of these two files:
winsrv32.exe
mscache.sys
appear in the search, so it looks to be newly injected. Of course I have no idea how good the search function is tho.

I just checked manually for:
SCKLPRO

It also does not appear on any of the pages on that thread.

It looks to me that somehow these things have been added. I'm going to do another search for these things later on tonite, when I'm unfettered by Jr and other things.

Cookies of course are harmless.

That reg key for MyWeb won't be causing these blue screens.

Escar thing obviously a f\p, as it's located in your KAV folder.

I'd like you to start a new threead over in S&V removal, so we can start some new searches. We had run the gamut of search tools in the other thread, to no avail.

Most of these are new.
__________________

TeMerc · 2006/12/12

Ok, lets see what these scans\searches find for us this time around.

Please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner icon.
The program will then begin downloading the latest definition files. This will take a few minutes, even with hi-speed.
Once the files have been downloaded click on Next

Now click on [Scan Settings] button.
In the scan settings make sure that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK

Now under the Please select a target to scan:
Select My Computer

The program will begin the scanning process.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Then click on the [Save as Text] button
Save the file to your desktop.

Copy and paste that information in your next post for me to review.

And lets get an uninstall list from HJT.

Start HijackThis

Click on the [Config ]button

Click on the[ Misc Tools ]button

Click on the [Open Uninstall Manager ]button

Then click on the [Save list ]button and specify where you would like to save this file.

When you press [Save list ]button a notepad will open with the contents of that file.

Copy and paste the contents of that notepad back into this thread for me to view.

Open HJT, click the [None of the above, just start the program ]button.
Then click the [Config ]button in the lower right hand of the program.
Then select the [Misc Tools ]button.
In the upper left hand side of the program tick the two boxes [List also minor sections (full)] button and the[ List empty sections (complete)] button and select 'Yes' when prompted by the dialog box. The resultant scan will produce a notepad log file, please paste that log file back here for me to review.

Download Autoruns by Sysinternals from here and save it to your desktop.

Extract the files to your desktop, open the Autoruns folder, and double-click autoruns.exe to run it.

Post the log here for me to view.

Download combofix.exe

Double click combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Post them all along with a HJT log as well.

timeoutgang · 2006/12/12

Will have to post as several seperate threads.

TeMerc, did as requested, however, when running HJT I was unable to follow your instructions below:-
"In the upper left hand side of the program tick the two boxes [List also minor sections (full)] button and the[ List empty sections (complete)] button and select 'Yes' when prompted by the dialog box. <--------- This never came up-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 12, 2006 9:23:09 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/12/2006
Kaspersky Anti-Virus database records: 250332
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 93287
Number of viruses found: 4
Number of infected objects: 20 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:03:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\AvgFwLog.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\AvgFwLog.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12062006-155322.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Dafydd\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\Dafydd\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D0C865E2-E156-4539-8754-CFEB8672A9E6} Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 1 for scklpro.zip\scklpro.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 1 for scklpro.zip\scklpro.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 1 for scklpro.zip\scklpro.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 2 for scklpro.zip\scklpro.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 2 for scklpro.zip\scklpro.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 2 for scklpro.zip\scklpro.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 3 for scklpro.zip\scklpro.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 3 for scklpro.zip\scklpro.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\Temporary Directory 3 for scklpro.zip\scklpro.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\~DF18D0.tmp Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\~DF18D5.tmp Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Temp\~DF1DC9.tmp Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dafydd\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dafydd\My Documents\My Received Files\scklpro.zip/scklpro.exe/data0009 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\My Documents\My Received Files\scklpro.zip/scklpro.exe/data0011 Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\My Documents\My Received Files\scklpro.zip/scklpro.exe Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped
C:\Documents and Settings\Dafydd\My Documents\My Received Files\scklpro.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Dafydd\ntuser.dat Object is locked skipped
C:\Documents and Settings\Dafydd\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\font.exe Infected: not-a-virus:Monitor.Win32.WinSpy.88 skipped
C:\WINDOWS\mscompls.exe Infected: not-a-virus:Monitor.Win32.WinSpy.88 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\nsf2A.tmp Infected: not-a-virus:Monitor.Win32.EliteKeylogger.30 skipped
C:\WINDOWS\system32\nsj21B.tmp Infected: not-a-virus:Monitor.Win32.EliteKeylogger.30 skipped
C:\WINDOWS\system32\nsr217.tmp Infected: not-a-virus:Monitor.Win32.EliteKeylogger.30 skipped
C:\WINDOWS\system32\nsu20E.tmp Infected: not-a-virus:Monitor.Win32.EliteKeylogger.30 skipped
C:\WINDOWS\system32\Vic32.dll Infected: not-a-virus:Monitor.Win32.PCSpy.c skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 21:30:20, on 12/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\4608\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe "
O4 - HKLM\..\Run: [iexplorer] C:\WINDOWS\system32\iexplorer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm594YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jemmaconners.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139423841203
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://online.eversheds.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4825/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: iexplorer - iexplorer.dll (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms

+ rdpclip RDP Clip Monitor Microsoft Corporation c:\windows\system32\rdpclip.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ Apoint Alps Pointing-device Driver Alps Electric Co., Ltd. c:\program files\apoint\apoint.exe

+ AVG7_CC AVG Control Center GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgcc.exe

+ dla Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswctrl.exe

+ iexplorer File not found: C:\WINDOWS\system32\iexplorer.exe

+ IntelWireless Intel Framework MFC Application Intel Corporation c:\program files\intel\wireless\bin\ifrmewrk.exe

+ ISUSPM Startup InstallShield Update Service Update Manager InstallShield Software Corporation c:\program files\common files\installshield\updateservice\isuspm.exe

+ ISUSScheduler InstallShield Update Service Scheduler InstallShield Software Corporation c:\program files\common files\installshield\updateservice\issch.exe

+ KernelFaultCheck Windows Error Reporting Dump Reporting Tool Microsoft Corporation c:\windows\system32\dumprep.exe

+ NvCplDaemon Run a DLL as an App Microsoft Corporation c:\windows\system32\rundll32.exe

+ nwiz NVIDIA nView Wizard, Version 105.28 NVIDIA Corporation c:\windows\system32\nwiz.exe

+ SiteAdvisor SiteAdvisor McAfee, Inc. c:\program files\siteadvisor\4608\siteadv.exe

+ SunJavaUpdateSched Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_09\bin\jusched.exe

+ Windows Defender Windows Defender User Interface Microsoft Corporation c:\program files\windows defender\msascui.exe

+ WinPatrol WinPatrol System Monitor BillP Studios c:\program files\billp studios\winpatrol\winpatrol.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ ctfmon.exe CTF Loader Microsoft Corporation c:\windows\system32\ctfmon.exe

HKLM\SOFTWARE\Classes\Protocols\Filter

+ application/octet-stream Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll

+ application/x-complus Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll

+ application/x-internet-signup insmimefilter Module c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll

+ application/x-msdownload Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll

+ Class Install Handler OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ deflate OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ gzip OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ lzdhtml OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ text/webviewhtml Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

HKLM\SOFTWARE\Classes\Protocols\Handler

+ about Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll

+ belarc Belarc VoilaX Control Belarc, Inc. c:\program files\belarc\advisor\system\bavoilax.dll

+ cdl OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ cdo Microsoft SharePoint Portal Server Object Model Microsoft Corporation c:\program files\common files\microsoft shared\web folders\pkmcdo.dll

+ dvd ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidctl.dll

+ file OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ ftp OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ gopher OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ http OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ https OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.dll

+ javascript Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll

+ livecall MSN Messenger Protocol Handler Microsoft Corporation c:\program files\msn messenger\msgrapp.8.0.0812.00.dll

+ local OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ mailto Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll

+ mhtml Microsoft Internet Messaging API Microsoft Corporation c:\windows\system32\inetcomm.dll

+ mk OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ ms-its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.dll

+ msnim MSN Messenger Protocol Handler Microsoft Corporation c:\program files\msn messenger\msgrapp.8.0.0812.00.dll

+ mso-offdap Microsoft Office XP Web Components Microsoft Corporation c:\program files\common files\microsoft shared\web components\10\owc10.dll

+ res Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll

+ siteadvisor SiteAdvisor McAfee, Inc. c:\program files\siteadvisor\4608\siteadv.dll

+ sysimage Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll

+ tv ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidctl.dll

+ vbscript Microsoft (R) HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll

+ wia WIA Scripting Layer Microsoft Corporation c:\windows\system32\wiascr.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0 File not found: About:Home

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe

+ Browser Customizations IEAK branding Microsoft Corporation c:\windows\system32\iedkcs32.dll

timeoutgang · 2006/12/12

Browser Customizations IEAK branding Microsoft Corporation c:\windows\system32\iedkcs32.dll

+ Fax ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ IE7 Uninstall Stub IE Per User Active Setup Uninstall Utility Microsoft Corporation c:\windows\system32\ieudinit.exe

+ Internet Explorer IE Per-User Initialization Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe

+ Internet Explorer IE Per-User Initialization Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe

+ Microsoft Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\inf\unregmp2.exe

+ Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ n/a Microsoft .NET IE SECURITY REGISTRATION Microsoft Corporation c:\windows\system32\mscories.dll

+ NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe

+ Themes Setup Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe

+ Windows Desktop Update Microsoft(C) Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe

+ Windows Messenger 4.7 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui preloader Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurn Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ PostBootReminder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ SysTray Systray shell service object Microsoft Corporation c:\windows\system32\stobject.dll

+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Microsoft AntiMalware ShellExecuteHook Shell Execution Monitor Microsoft Corporation c:\program files\windows defender\mpshhook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Corporation c:\windows\system32\photowiz.dll

+ &Address Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ &Links Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system32\cabview.dll

+ Accessible Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\windows\system32\occache.dll

+ Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Administrative Tools Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Augmented Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Augmented Shell Folder 2 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Corporation c:\windows\system32\wuaucpl.cpl

+ AVG7 Find Extension AVG Shell Extension GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgse.dll

+ AVG7 Shell Extension AVG Shell Extension GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgse.dll

+ Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Briefcase Windows Briefcase Microsoft Corporation c:\windows\system32\syncui.dll

+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Corporation c:\windows\system32\slayerxp.dll

+ Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ ConnectionAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll

+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll

+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Darwin App Publisher Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Desktop Explorer NVIDIA Desktop Explorer, Version 105.28 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 105.28 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ DfsShell Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshlex.dll

+ Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll

+ Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll

+ Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll

+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquoui.dll

+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskadp.dll

+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmon.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\windows\system32\deskperf.dll

+ Download Status Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswshx.dll

+ DS Security Page Directory Service Security UI Microsoft Corporation c:\windows\system32\dssec.dll

+ E-mail Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Explorer Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Extensions Manager Folder Extensions Manager Microsoft Corporation c:\windows\system32\extmgr.dll

+ Favorites Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Fonts Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll

+ Fonts Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ For &People... Find People Microsoft Corporation c:\program files\outlook express\wabfind.dll

+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Corporation c:\windows\system32\msieftp.dll

+ Fusion Cache Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll

+ GDI+ file thumbnail extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Get a Passport Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ History Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ HTML Thumbnail Extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ IE AutoComplete Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE BandProxy Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Custom MRU AutoCompleted List Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Fade Task Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE IShellFolderBand Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Menu Band Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Menu Desk Bar Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Menu Site Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft BrowserBand Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft History AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft Multiple AutoComplete List Container Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft Shell Folder AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE MRU AutoComplete List Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Navigation Bar Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Registry Tree Options Utility Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE RSS Feeder Folder Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Search Band Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Shell Band Site Menu Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Shell Rebar BandSite Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Tracking Shell Menu Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE User Assist Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ In-pane search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Installed Apps Enumerator Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Internet Name Space Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ InternetShortcut Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ ISFBand OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Messenger Sharing Folders Messenger File Sharing Shell Extensions Microsoft Corporation c:\program files\msn messenger\fsshext.8.0.0812.00.dll

+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll

+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Microsoft Browser Architecture Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll

+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Office HTML Icon Handler Microsoft Office XP component Microsoft Corporation c:\program files\microsoft office\office10\msohev.dll

+ Microsoft Outlook Custom Icon Handler Outlook Shell Hook for Start/Find Microsoft Corporation c:\program files\microsoft office\office10\olkfstub.dll

+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Url History Service Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ Microsoft Url Search Hook Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshext.dll

+ MRU AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Corporation c:\windows\system32\mmsys.cpl

+ MyDocs Copy Hook My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll

+ MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll

+ MyDocs Properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll

+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll

+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll

+ NTFS Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll

+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 105.28 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Offline Files Folder Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll

+ Offline Files Folder Options Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll

+ Offline Files Menu Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll

+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Corporation c:\windows\system32\docprop.dll

+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ PlusPack CPL Extension Windows Theme API Microsoft Corporation c:\windows\system32\themeui.dll

+ Portable Media Devices Portable Media Devices Shell Extension Microsoft Corporation c:\windows\system32\audiodev.dll

+ Portable Media Devices Menu Portable Media Devices Shell Extension Microsoft Corporation c:\windows\system32\audiodev.dll

+ PostAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Previous Versions Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll

+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll

+ Print Ordering via the Web Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Printers Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll

+ Registry Tree Options Utility Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remotepg.dll

+ Run... Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scheduled Tasks Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll

+ Search Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Search Assistant OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll

+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll

+ Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell Application Manager Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DocObject Viewer Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\windows\system32\ntlanui2.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll

+ Shell extensions for Windows Script Host Microsoft (r) Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext.dll

+ Shell Image Data Factory Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell Image Property Handler Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell Image Verbs Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell properties for a DS object Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Shell Publishing Wizard Object Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell Scrap DataHandler Shell scrap object handler Microsoft Corporation c:\windows\system32\shscrap.dll

+ Shell Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Subscription Folder Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Taskbar and Start Menu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll

+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll

+ Temporary Internet Files Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ Temporary Internet Files Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ The Internet Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

+ Track Popup Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ TrayAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ User Accounts Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ User Assist Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Web Folders Microsoft Web Folders Microsoft Corporation c:\program files\common files\microsoft shared\web folders\msonsext.dll

+ Web Printer Shell Extension Print UI DLL Microsoft Corporation c:\windows\system32\printui.dll

+ Web Publishing Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Web Search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheckChannelAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll

+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll

+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ {66742402-F9B9-11D1-A202-0000F81FEDEE} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 6.0 for ActivieX Adobe Systems Incorporated c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll

+ DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\tfswshx.dll

+ SSVHelper Class Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_09\bin\ssv.dll

+ {089FD14D-132B-48FC-8861-0048AE113215} SiteAdvisor McAfee, Inc. c:\program files\siteadvisor\4608\siteadv.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ ieframe.dll Internet Explorer Microsoft Corporation c:\windows\system32\ieframe.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ McAfee SiteAdvisor SiteAdvisor McAfee, Inc. c:\program files\siteadvisor\4608\siteadv.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ Uninstall BitDefender Online Scanner v8 c:\windows\bdoscandel.exe

+ Windows Messenger Windows Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe

Task Scheduler

+ MP Scheduled Scan.job Windows Defender Command Line Utility Microsoft Corporation c:\program files\windows defender\mpcmdrun.exe

HKLM\System\CurrentControlSet\Services

+ AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ Avg7Alrt AVG Alert Manager GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgamsvr.exe

+ Avg7UpdSvc AVG Update Service GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgupsvc.exe

+ AVGFwSrv AVG Firewall Service GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgfwsrv.exe

+ BITS Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. Microsoft Corporation c:\windows\system32\svchost.exe

+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ BthServ Generic Host Process for Win32 Services Microsoft Corporation c:\windows\system32\svchost.exe

+ CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Corporation c:\windows\system32\svchost.exe

+ Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Corporation c:\windows\system32\svchost.exe

+ Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Corporation c:\windows\system32\services.exe

timeoutgang · 2006/12/12

+ EvtEng Intel Event Trace Manager Intel Corporation c:\program files\intel\wireless\bin\evteng.exe

+ Fax Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network. Microsoft Corporation c:\windows\system32\fxssvc.exe

+ helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ HidServ Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Corporation c:\windows\system32\svchost.exe

+ NICCONFIGSVC Configure your Internal Network Card power management settings. Dell Inc. c:\program files\dell\nicconfigsvc\nicconfigsvc.exe

+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe

+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation c:\windows\system32\services.exe

+ PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Corporation c:\windows\system32\lsass.exe

+ ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Corporation c:\windows\system32\lsass.exe

+ RegSrvc Intel Registry Service Intel Corporation c:\program files\intel\wireless\bin\regsrvc.exe

+ RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation c:\windows\system32\svchost.exe

+ S24EventMonitor Handles the Spectrum24 NDIS Traffic Intel Corporation c:\program files\intel\wireless\bin\s24evmon.exe

+ SamSs Stores security information for local user accounts. Microsoft Corporation c:\windows\system32\lsass.exe

+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Corporation c:\windows\system32\svchost.exe

+ SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Corporation c:\windows\system32\svchost.exe

+ ShellHWDetection Provides notifications for AutoPlay hardware events. Microsoft Corporation c:\windows\system32\svchost.exe

+ SiteAdvisor Service Provides low-level support for McAfee SiteAdvisor c:\program files\siteadvisor\4608\saservice.exe

+ Spooler Loads files to memory for later printing. Microsoft Corporation c:\windows\system32\spoolsv.exe

+ srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Corporation c:\windows\system32\svchost.exe

+ stisvc Provides image acquisition services for scanners and cameras. Microsoft Corporation c:\windows\system32\svchost.exe

+ Symantec Core LC Symantec Core LC Symantec Corporation c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe

+ Themes Provides user experience theme management. Microsoft Corporation c:\windows\system32\svchost.exe

+ TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Corporation c:\windows\system32\svchost.exe

+ UMWdf Enables Windows user mode drivers. Microsoft Corporation c:\windows\system32\wdfmgr.exe

+ upnphost Provides support to host Universal Plug and Play devices. Microsoft Corporation c:\windows\system32\svchost.exe

+ UserAccess7 c:\windows\system32\uaservice7.exe

+ w32time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Microsoft Corporation c:\windows\system32\svchost.exe

+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ WinDefend Helps protect users from malicious software, spyware, and other potentially unwanted software Microsoft Corporation c:\program files\windows defender\msmpeng.exe

+ winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ WLANKEEPER Provides Profile Switching Service for SSO Feature Set Intel® Corporation c:\program files\intel\wireless\bin\wlkeeper.exe

+ wscsvc Monitors system security settings and configurations. Microsoft Corporation c:\windows\system32\svchost.exe

+ wuauserv Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. Microsoft Corporation c:\windows\system32\svchost.exe

+ WZCSVC Provides automatic configuration for the 802.11 adapters Microsoft Corporation c:\windows\system32\svchost.exe

HKLM\System\CurrentControlSet\Services

+ ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys

+ aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys

+ AegisP AEGIS Protocol (IEEE 802.1x) v3.1.0.1 Meetinghouse Data Communications c:\windows\system32\drivers\aegisp.sys

+ AFD AFD Networking Support Environment Microsoft Corporation c:\windows\system32\drivers\afd.sys

+ ApfiltrService Alps Touch Pad Driver Alps Electric Co., Ltd. c:\windows\system32\drivers\apfiltr.sys

+ APPDRV App Support Driver Dell Inc c:\windows\system32\drivers\appdrv.sys

+ Arp1394 1394 ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\arp1394.sys

+ AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\windows\system32\drivers\asyncmac.sys

+ atapi IDE/ATAPI Port Driver Microsoft Corporation c:\windows\system32\drivers\atapi.sys

+ Atmarpc ATM ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\atmarpc.sys

+ audstub AudStub Driver Microsoft Corporation c:\windows\system32\drivers\audstub.sys

+ Avg7Core AVG Scanning Engine GRISOFT, s.r.o. c:\windows\system32\drivers\avg7core.sys

+ Avg7RsW AVG Resident Shield Unload Helper GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsw.sys

+ Avg7RsXP AVG Resident Anti-Virus Shield GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsxp.sys

+ AvgClean AVG7 Clean Driver GRISOFT, s.r.o. c:\windows\system32\drivers\avgclean.sys

+ BANTExt c:\windows\system32\drivers\bantext.sys

+ bcm4sbxp Broadcom Corporation NDIS 5.1 ethernet driver Broadcom Corporation c:\windows\system32\drivers\bcm4sbxp.sys

+ BlueletAudio Bluelet Audio Driver IVT Corporation c:\windows\system32\drivers\blueletaudio.sys

+ BT Bluetooth PAN Network Adapter Driver IVT Corporation c:\windows\system32\drivers\btnetdrv.sys

+ Btcsrusb Bluetooth USB Device Driver IVT Corporation c:\windows\system32\drivers\btcusb.sys

+ BthEnum Bluetooth Bus Extender Microsoft Corporation c:\windows\system32\drivers\bthenum.sys

+ BTHidEnum c:\windows\system32\drivers\vbtenum.sys

+ BTHidMgr Bluetooth HID Manager driver IVT Corporation c:\windows\system32\drivers\bthidmgr.sys

+ BTHMODEM Bluetooth Communications Driver Microsoft Corporation c:\windows\system32\drivers\bthmodem.sys

+ BthPan Bluetooth Device (Personal Area Network) Microsoft Corporation c:\windows\system32\drivers\bthpan.sys

+ BTHPORT Bluetooth Bus Driver Microsoft Corporation c:\windows\system32\drivers\bthport.sys

+ BTHUSB Bluetooth Miniport Driver Microsoft Corporation c:\windows\system32\drivers\bthusb.sys

+ BTWUSB File not found: System32\Drivers\btwusb.sys

+ CCDECODE WDM Closed Caption VBI Codec Microsoft Corporation c:\windows\system32\drivers\ccdecode.sys

+ Cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\drivers\cdrom.sys

+ CmBatt Control Method Battery Driver Microsoft Corporation c:\windows\system32\drivers\cmbatt.sys

+ CO_Mon c:\windows\system32\drivers\co_mon.sys

+ Compbatt Composite Battery Driver Microsoft Corporation c:\windows\system32\drivers\compbatt.sys

+ Disk PnP Disk Driver Microsoft Corporation c:\windows\system32\drivers\disk.sys

+ DMusic Microsoft Kernel DLS Synthesizer Microsoft Corporation c:\windows\system32\drivers\dmusic.sys

+ drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys

+ drvmcdb Device Driver Sonic Solutions c:\windows\system32\drivers\drvmcdb.sys

+ E100B NDIS 5 driver Intel Corporation c:\windows\system32\drivers\e100b325.sys

+ Fdc Floppy Disk Controller Driver Microsoft Corporation c:\windows\system32\drivers\fdc.sys

+ Flpydisk Floppy Driver Microsoft Corporation c:\windows\system32\drivers\flpydisk.sys

+ Ftdisk FT Disk Driver Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys

+ Gpc Generic Packet Classifier Microsoft Corporation c:\windows\system32\drivers\msgpc.sys

+ HidUsb USB Miniport Driver for Input Devices Microsoft Corporation c:\windows\system32\drivers\hidusb.sys

+ HSF_DP HSF_DP driver Conexant Systems, Inc. c:\windows\system32\drivers\hsf_dp.sys

+ HSFHWICH HSFHWICH WDM driver Conexant Systems, Inc. c:\windows\system32\drivers\hsfhwich.sys

+ HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\drivers\http.sys

+ i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys

+ Imapi IMAPI Kernel Driver Microsoft Corporation c:\windows\system32\drivers\imapi.sys

+ IntelIde Intel PCI IDE Driver Microsoft Corporation c:\windows\system32\drivers\intelide.sys

+ intelppm Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\intelppm.sys

+ Ip6Fw Provides intrusion prevention service for a home or small office network. Microsoft Corporation c:\windows\system32\drivers\ip6fw.sys

+ IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys

+ IpInIp IP in IP Tunnel Driver Microsoft Corporation c:\windows\system32\drivers\ipinip.sys

+ IpNat IP Network Address Translator Microsoft Corporation c:\windows\system32\drivers\ipnat.sys

+ IPSec IPSEC driver Microsoft Corporation c:\windows\system32\drivers\ipsec.sys

+ IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys

+ isapnp PNP ISA Bus Driver Microsoft Corporation c:\windows\system32\drivers\isapnp.sys

+ IWCA Intel Wireless Connection Agent Intel Corporation c:\windows\system32\drivers\iwca.sys

+ JL2005 Universal Serial Bus Camera Driver Windows (R) 2000 DDK provider c:\windows\system32\drivers\toywdm.sys

+ Kbdclass Keyboard Class Driver Microsoft Corporation c:\windows\system32\drivers\kbdclass.sys

+ kmixer Kernel Mode Audio Mixer Microsoft Corporation c:\windows\system32\drivers\kmixer.sys

+ mdmxsdk Diagnostic Interface DRIVER Conexant c:\windows\system32\drivers\mdmxsdk.sys

+ Mouclass Mouse Class Driver Microsoft Corporation c:\windows\system32\drivers\mouclass.sys

+ mouhid HID Mouse Filter Driver Microsoft Corporation c:\windows\system32\drivers\mouhid.sys

+ MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\drivers\mskssrv.sys

+ MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\drivers\mspclock.sys

+ MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\drivers\mspqm.sys

+ mssmbios System Management BIOS Driver Microsoft Corporation c:\windows\system32\drivers\mssmbios.sys

+ MSTEE WDM Tee/Communication Transform Filter Microsoft Corporation c:\windows\system32\drivers\mstee.sys

+ NABTSFEC WDM NABTS/FEC VBI Codec Microsoft Corporation c:\windows\system32\drivers\nabtsfec.sys

+ NdisIP Microsoft IP Driver Microsoft Corporation c:\windows\system32\drivers\ndisip.sys

+ NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\windows\system32\drivers\ndistapi.sys

+ Ndisuio NDIS Usermode I/O Protocol Microsoft Corporation c:\windows\system32\drivers\ndisuio.sys

+ NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\windows\system32\drivers\ndiswan.sys

+ NetBT NetBios over Tcpip Microsoft Corporation c:\windows\system32\drivers\netbt.sys

+ NIC1394 IEEE1394 Ndis Miniport and Call Manager Microsoft Corporation c:\windows\system32\drivers\nic1394.sys

+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 78.11 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys

+ NwlnkFlt IPX Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkflt.sys

+ NwlnkFwd IPX Traffic Forwarder Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkfwd.sys

+ ohci1394 1394 OpenHCI Port Driver Microsoft Corporation c:\windows\system32\drivers\ohci1394.sys

+ omci OMCI Device Driver Dell Inc c:\windows\system32\drivers\omci.sys

+ ovt519 Dual Mode USB Camera 519 Stream Class Mini Driver OmniVision Technologies, Inc. c:\windows\system32\drivers\ov519vid.sys

+ Parport Parallel Port Driver Microsoft Corporation c:\windows\system32\drivers\parport.sys

+ PCAMPR5 File not found: C:\WINDOWS\system32\PCAMPR5.SYS

+ PCANDIS5 PCAUSA NDIS 5.0 Protocol Driver Printing Communications Assoc., Inc. (PCAUSA) c:\windows\system32\pcandis5.sys

+ PCI NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\drivers\pci.sys

+ PCIIde Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\drivers\pciide.sys

+ Pcmcia PCMCIA Bus Driver Microsoft Corporation c:\windows\system32\drivers\pcmcia.sys

+ Pcouffin File not found: System32\Drivers\Pcouffin.sys

+ PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys

+ PRISM_A02 The 802.11g USB 2.0 Adapter provides wireless local area networking. Conexant Systems, Inc. c:\windows\system32\drivers\prisma02.sys

+ PSched QoS Packet Scheduler Microsoft Corporation c:\windows\system32\drivers\psched.sys

+ PsSdk30 File not found: C:\WINDOWS\system32\Drivers\PsSdk30.drv

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\drivers\rasacd.sys

+ Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys

+ RasPppoe Remote Access PPPOE Driver Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys

+ Raspti Direct Parallel Microsoft Corporation c:\windows\system32\drivers\raspti.sys

+ RDPCDD RDP Miniport Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys

+ rdpdr Microsoft RDP Device redirector Microsoft Corporation c:\windows\system32\drivers\rdpdr.sys

+ redbook Redbook Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\redbook.sys

+ RFCOMM Bluetooth Device (RFCOMM Protocol TDI) Microsoft Corporation c:\windows\system32\drivers\rfcomm.sys

+ s24trans WLAN Transport Intel Corporation c:\windows\system32\drivers\s24trans.sys

+ sdbus SecureDigital Bus Driver Microsoft Corporation c:\windows\system32\drivers\sdbus.sys

+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys

+ serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\drivers\serenum.sys

+ Serial Serial Device Driver Microsoft Corporation c:\windows\system32\drivers\serial.sys

+ SLIP Microsoft Slip Deframing Filter Minidriver Microsoft Corporation c:\windows\system32\drivers\slip.sys

+ splitter Microsoft Kernel Audio Splitter Microsoft Corporation c:\windows\system32\drivers\splitter.sys

+ STAC97 SigmaTel Audio Driver (WDM) SigmaTel, Inc. c:\windows\system32\drivers\stac97.sys

+ streamip Microsoft IP Test Driver Microsoft Corporation c:\windows\system32\drivers\streamip.sys

+ swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys

+ swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\windows\system32\drivers\swmidi.sys

+ symlcbrd Symantec Core Component Symantec Corporation c:\windows\system32\drivers\symlcbrd.sys

+ sysaudio System Audio WDM Filter Microsoft Corporation c:\windows\system32\drivers\sysaudio.sys

+ Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\windows\system32\drivers\tcpip.sys

+ TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\drivers\termdd.sys

+ tmcomm TrendMicro Common Module Trend Micro Inc. c:\windows\system32\drivers\tmcomm.sys

+ Update Update Driver Microsoft Corporation c:\windows\system32\drivers\update.sys

+ usbaudio USB Audio Class Driver Microsoft Corporation c:\windows\system32\drivers\usbaudio.sys

+ usbccgp USB Common Class Generic Parent Driver Microsoft Corporation c:\windows\system32\drivers\usbccgp.sys

+ usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbehci.sys

+ usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\drivers\usbhub.sys

+ usbscan USB Scanner Driver Microsoft Corporation c:\windows\system32\drivers\usbscan.sys

+ USBSTOR USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\drivers\usbstor.sys

+ usbuhci UHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbuhci.sys

+ VComm Bluetooth Serial Port Driver IVT Corporation c:\windows\system32\drivers\vcomm.sys

+ VcommMgr Bluetooth VcommMgr driver IVT Corporation c:\windows\system32\drivers\vcommmgr.sys

+ VgaSave VGA/Super VGA Video Driver Microsoft Corporation c:\windows\system32\drivers\vga.sys

+ w29n51 Intel® Wireless LAN Driver Intel® Corporation c:\windows\system32\drivers\w29n51.sys

+ Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\windows\system32\drivers\wanarp.sys

+ wanatw File not found: system32\DRIVERS\wanatw4.sys

+ wdmaud MMSYSTEM Wave/Midi API mapper Microsoft Corporation c:\windows\system32\drivers\wdmaud.sys

+ winachsf HSF_CNXT driver Conexant Systems, Inc. c:\windows\system32\drivers\hsf_cnxt.sys

+ WSTCODEC WDM WST Codec Driver Microsoft Corporation c:\windows\system32\drivers\wstcodec.sys

+ zntport File not found: C:\WINDOWS\system32\zntport.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk * Auto Check Utility Microsoft Corporation c:\windows\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation c:\windows\system32\ntsd.exe

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi32.dll

+ comdlg32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll

+ gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll

+ imagehlp Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll

+ kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel32.dll

+ lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\windows\system32\lz32.dll

+ ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.dll

+ oleaut32 Microsoft Corporation c:\windows\system32\oleaut32.dll

+ olecli32 Object Linking and Embedding Client Library Microsoft Corporation c:\windows\system32\olecli32.dll

+ olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olecnv32.dll

+ olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\windows\system32\olesvr32.dll

+ olethk32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olethk32.dll

+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll

+ shell32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ url Internet Shortcut Shell Extension DLL Microsoft Corporation c:\windows\system32\url.dll

+ urlmon OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll

+ version Version Checking and File Installation Libraries Microsoft Corporation c:\windows\system32\version.dll

+ wininet Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\wininet.dll

+ wldap32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost

+ logonui.exe Windows Logon UI Microsoft Corporation c:\windows\system32\logonui.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ crypt32chain Crypto API32 Microsoft Corporation c:\windows\system32\crypt32.dll

+ cryptnet Crypto Network Related API Microsoft Corporation c:\windows\system32\cryptnet.dll

+ cscdll Offline Network Agent Microsoft Corporation c:\windows\system32\cscdll.dll

+ IntelWireless LogonNotify DLL Intel Corporation c:\program files\intel\wireless\bin\lgnotify.dll

+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ Schedule Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation c:\windows\system32\sclgntfy.dll

+ SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ termsrv Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ WgaLogon Windows Genuine Advantage Notification Microsoft Corporation c:\windows\system32\wgalogon.dll

+ wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ WRNotifier File not found: WRLogonNTF.dll

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ Grisoft Firewall AFU over [MSAFD Tcpip [RAW/IP]] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll

+ Grisoft Firewall AFU over [MSAFD Tcpip [TCP/IP]] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll

+ Grisoft Firewall AFU over [MSAFD Tcpip [UDP/IP]] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll

+ Grisoft Firewall AFU over [RSVP TCP Service Provider] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll

+ Grisoft Firewall AFU over [RSVP UDP Service Provider] AVG Firewall Filter Unit GRISOFT, s.r.o. c:\windows\system32\avgfwafu.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{0663BC06-F7EA-4012-9E76-0781BADE41B4}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{0663BC06-F7EA-4012-9E76-0781BADE41B4}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{149D67C3-1576-446C-BA92-ECF5934C9B3C}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{149D67C3-1576-446C-BA92-ECF5934C9B3C}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{216FB4DF-AE69-4E4A-B612-E45099A16A00}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{216FB4DF-AE69-4E4A-B612-E45099A16A00}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AE4B349-379F-45C6-A01A-13D60C022021}] DATAGRAM 8 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AE4B349-379F-45C6-A01A-13D60C022021}] SEQPACKET 8 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{7777FB44-8BB5-4404-BE57-03AA02E6715E}] DATAGRAM 6 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{7777FB44-8BB5-4404-BE57-03AA02E6715E}] SEQPACKET 6 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{9585A398-5F24-4DA5-9BBA-3C206AC9C7A0}] DATAGRAM 11 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{9585A398-5F24-4DA5-9BBA-3C206AC9C7A0}] SEQPACKET 11 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD186E48-A098-4F96-89C0-D1EBCD8A113E}] DATAGRAM 7 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

timeoutgang · 2006/12/12

MSAFD NetBIOS [\Device\NetBT_Tcpip_{AD186E48-A098-4F96-89C0-D1EBCD8A113E}] SEQPACKET 7 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{CF8A9C19-8551-4141-BB64-220AE7E75585}] DATAGRAM 10 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{CF8A9C19-8551-4141-BB64-220AE7E75585}] SEQPACKET 10 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E8A40512-7E18-4482-B63D-EE941CA25756}] DATAGRAM 9 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E8A40512-7E18-4482-B63D-EE941CA25756}] SEQPACKET 9 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E90AC282-5088-4318-81EC-1B32F42BC6A7}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E90AC282-5088-4318-81EC-1B32F42BC6A7}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD RfComm [Bluetooth] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll

+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\windows\system32\cnbjmon.dll

+ Local Port Local Spooler DLL Microsoft Corporation c:\windows\system32\localspl.dll

+ Microsoft Shared Fax Monitor Microsoft Fax Print Monitor Microsoft Corporation c:\windows\system32\fxsmon.dll

+ PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon.dll

+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon.dll

+ USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon.dll

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders

+ digest.dll Digest SSPI Authentication Package Microsoft Corporation c:\windows\system32\digest.dll

+ msapsspc.dll DPA Client for 32 bit platforms Microsoft Corporation c:\windows\system32\msapsspc.dll

+ msnsspc.dll MSN Internet Access Microsoft Corporation c:\windows\system32\msnsspc.dll

+ schannel.dll TLS / SSL Security Provider Microsoft Corporation c:\windows\system32\schannel.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages

+ msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages

+ scecli Windows Security Configuration Editor Client Engine Microsoft Corporation c:\windows\system32\scecli.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages

+ kerberos Kerberos Security Package Microsoft Corporation c:\windows\system32\kerberos.dll

+ msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0.dll

+ schannel TLS / SSL Security Provider Microsoft Corporation c:\windows\system32\schannel.dll

+ wdigest Microsoft Digest Access Microsoft Corporation c:\windows\system32\wdigest.dll

Dafydd - 06-12-12 21:35:22.96 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Dafydd\Desktop "

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

Granting sedebugprivilege to Administrators ... successful

((((((((((((((((((((((((((((((( Files Created from 2006-11-12 to 2006-12-12 ))))))))))))))))))))))))))))))))))

2006-12-12 18:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2006-12-10 15:23 12,307 --a------ C:\removekl.exe
2006-12-07 09:19 <DIR> d-------- C:\Temp
2006-12-07 08:46 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2006-12-07 08:46 <DIR> d-------- C:\Program Files\Belarc
2006-12-06 19:02 151,552 --a------ C:\WINDOWS\system32\Vic32.dll
2006-12-03 21:03 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-12-03 19:02 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-03 19:02 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-12-03 18:57 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-03 18:51 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-03 00:52 124,928 --a------ C:\WINDOWS\msfont.exe
2006-12-01 16:06 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-27 23:07 <DIR> d-------- C:\Program Files\PC Doc Pro
2006-11-27 22:36 <DIR> d-------- C:\Documents and Settings\Dafydd\Application Data\Uniblue
2006-11-20 18:50 <DIR> d-------- C:\Program Files\Emission
2006-11-19 03:14 <DIR> d-------- C:\69a471539b98660353ca
2006-11-16 19:14 <DIR> d-------- C:\Program Files\SiteAdvisor
2006-11-16 19:14 <DIR> d-------- C:\Documents and Settings\Dafydd\Application Data\SiteAdvisor
2006-11-16 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2006-11-16 19:09 <DIR> d-------- C:\Documents and Settings\Dafydd\Application Data\WinPatrol
2006-11-16 19:08 <DIR> d-------- C:\Program Files\BillP Studios
2006-11-16 18:38 <DIR> d-------- C:\ie-spyad
2006-11-16 17:49 <DIR> d-------- C:\Program Files\SpywareBlaster
2006-11-15 17:01 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2006-11-12 02:33 <DIR> d-------- C:\WINDOWS\system32\XMLEXT
2006-11-12 02:26 <DIR> d--h----- C:\WINDOWS\system32\CTF
2006-11-12 02:04 <DIR> d-------- C:\Program Files\ExpressZIP
2006-11-12 01:49 <DIR> d-------- C:\Program Files\Sync Manager Demo

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-12 16:15 -------- d-------- C:\Documents and Settings\Dafydd\Application Data\AVG7
2006-12-11 22:59 -------- d-------- C:\Program Files\Windows Defender
2006-12-11 22:59 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-11 22:53 -------- d-------- C:\Program Files\Internet Explorer
2006-12-11 22:46 -------- d-------- C:\Program Files\Apoint
2006-12-09 18:46 -------- d-------- C:\Program Files\Debugging Tools for Windows
2006-12-08 23:47 -------- d-------- C:\Program Files\ShortKeys2
2006-12-08 23:47 -------- d-------- C:\Program Files\NetWaiting
2006-12-08 23:47 -------- d-------- C:\Program Files\Modem Helper
2006-12-08 23:47 -------- d-------- C:\Program Files\Microsoft Works
2006-12-08 23:47 -------- d-------- C:\Program Files\Messenger
2006-12-08 23:47 -------- d-------- C:\Program Files\LimeWire
2006-12-08 23:47 -------- d-------- C:\Program Files\AOL 9.0
2006-12-07 18:40 6664 --a------ C:\WINDOWS\slog.dll
2006-12-07 09:17 431616 --a------ C:\WINDOWS\system32\riched20.dll
2006-12-07 08:32 -------- d-------- C:\Program Files\WinRAR
2006-12-06 20:47 -------- d-------- C:\Program Files\Accessories
2006-12-06 15:58 20 --a------ C:\WINDOWS\rem.bat
2006-12-04 20:00 -------- d-------- C:\Documents and Settings\Dafydd\Application Data\dvdcss
2006-12-03 01:18 -------- d-------- C:\Program Files\BitLord
2006-12-01 16:06 -------- d-------- C:\Documents and Settings\Dafydd\Application Data\Lavasoft
2006-11-28 21:49 -------- d-------- C:\Program Files\Java
2006-11-27 23:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-27 23:21 -------- d-------- C:\Program Files\QuickTime
2006-11-20 23:05 -------- d---s---- C:\Documents and Settings\Dafydd\Application Data\Microsoft
2006-11-19 17:38 -------- d-------- C:\Program Files\Adobe
2006-11-19 17:38 -------- d-------- C:\Documents and Settings\Dafydd\Application Data\AdobeUM
2006-11-18 19:09 -------- d-------- C:\Program Files\MSN Messenger
2006-11-18 19:05 -------- d-------- C:\Program Files\ArtMoney
2006-11-10 10:58 -------- d-------- C:\Program Files\tvants
2006-11-09 19:47 -------- d-------- C:\Program Files\McAfee.com
2006-11-09 19:47 -------- d-------- C:\Program Files\McAfee
2006-11-09 19:47 -------- d-------- C:\Program Files\Common Files
2006-11-08 00:33 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-05 14:53 -------- d-------- C:\Program Files\Dell
2006-11-05 14:49 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-05 14:48 -------- d-------- C:\Program Files\Common Files\aolshare
2006-11-04 20:34 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-04 19:16 -------- d-------- C:\Documents and Settings\Dafydd\Application Data\Atari
2006-11-04 19:12 -------- d-------- C:\Program Files\Common Files\PocketSoft
2006-11-04 19:07 -------- d-------- C:\Program Files\Atari
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 20:53 110592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2006-11-02 20:37 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-02 20:37 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-02 20:37 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-02 20:37 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-02 20:37 18240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-02 20:37 -------- d-------- C:\Program Files\Grisoft
2006-10-31 19:57 -------- d-------- C:\Program Files\TND
2006-10-20 17:58 -------- d-------- C:\Documents and Settings\Dafydd\Application Data\McAfee.com Personal Firewall
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-15 18:42 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-15 18:41 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-15 17:54 -------- d-------- C:\Program Files\Retina-X Studios
2006-10-13 20:51 -------- d-------- C:\Program Files\Spytector
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon "= "\ "RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
"nwiz "= "\ "nwiz.exe\" /installquiet "
"IntelWireless "= "\ "C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless "
"Apoint "= "\ "C:\\Program Files\\Apoint\\Apoint.exe\" "
"ISUSPM Startup "= "\ "C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup "
"ISUSScheduler "= "\ "C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start "
"dla "= "C:\\WINDOWS\\system32\\dla\\tfswctrl.exe "
"Windows Defender "= "\ "C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide "
"AVG7_CC "= "\ "C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe\" /STARTUP "
"WinPatrol "= "C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe "
"KernelFaultCheck "=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SiteAdvisor "= "C:\\Program Files\\SiteAdvisor\\4608\\SiteAdv.exe "
"SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\" "
"iexplorer "= "C:\\WINDOWS\\system32\\iexplorer.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE "= "C:\\WINDOWS\\system32\\CTFMON.EXE "
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE "

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator "= "Narrator.exe "

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE "= "C:\\WINDOWS\\system32\\CTFMON.EXE "
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE "

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator "= "Narrator.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "= "Microsoft AntiMalware ShellExecuteHook "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091
"NoFolderOptions "=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions "=dword:00000000
"NoCDBurning "=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-12-12 21:38:27.70
C:\ComboFix.txt ... 06-12-12 21:38
C:\ComboFix2.txt ... 06-11-26 09:52

TeMerc · 2006/12/12

timeoutgang said:

Will have to post as several seperate threads.

TeMerc, did as requested, however, when running HJT I was unable to follow your instructions below:-
"In the upper left hand side of the program tick the two boxes [List also minor sections (full)] button and the[ List empty sections (complete)] button and select 'Yes' when prompted by the dialog box. <--------- This never came up[/B
Click to expand...

You get the gold star, I omitted one bit, to 'hit the [Generate StartupList log] button, then select 'Yes'.

Thanks for noticing that, lord knows how long it's been that way and you're the first one ever to come back and mention my mistake.

I've just corrected my canned speech.

timeoutgang · 2006/12/12

Here's the new hjt log, in 2 parts:-
StartupList report, 13/12/2006, 01:21:29
StartupList version: 1.52.2
Started from : C:\HJT\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\4608\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Dafydd\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = "nwiz.exe" /installquiet
IntelWireless = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
Apoint = "C:\Program Files\Apoint\Apoint.exe "
ISUSPM Startup = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
AVG7_CC = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
WinPatrol = C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
SiteAdvisor = C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe "
iexplorer = C:\WINDOWS\system32\iexplorer.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[>{FD3F5707-4F67-40E2-9B2A-8495121A373F}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll - {089FD14D-132B-48FC-8861-0048AE113215}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

MP Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[SupportSoft SmartIssue]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlsi.dll
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

[SupportSoft Script Runner Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlsr.dll
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

[SysProWmi Class]
InProcServer32 = C:\WINDOWS\system32\Dell\SystemProfiler\SysPro.ocx
CODEBASE = http://support.euro.dell.com/systemprofiler/SysPro.CAB

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://download.microsoft.com/downl...-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab

[LSSupCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.2\LSSupCtl.dll
CODEBASE = https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

[Malicious Software Removal Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WebCleaner.dll
CODEBASE = http://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab

[{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}]
CODEBASE = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://jemmaconners.spaces.live.com//PhotoUpload/MsnPUpld.cab

[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139423841203

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586-jc.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

[VideoEgg ActiveX Loader]
InProcServer32 = C:\Program Files\VideoEgg\Loader\2364\npvideoegg-loader.dll
CODEBASE = http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

[{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}]
CODEBASE = http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab

[Crystal Report Viewer Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CRViewer.dll
CODEBASE = https://online.eversheds.com/viewer/activeXViewer/activexviewer.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

[ActiveDataInfo Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.2\SymAData.dll
CODEBASE = https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[McFreeScan Class]
InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4825/mcfscan.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\system32\wshbth.dll
Protocol #1: C:\WINDOWS\system32\avgfwafu.dll
Protocol #2: C:\WINDOWS\system32\avgfwafu.dll
Protocol #3: C:\WINDOWS\system32\avgfwafu.dll
Protocol #4: C:\WINDOWS\system32\avgfwafu.dll
Protocol #5: C:\WINDOWS\system32\avgfwafu.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\rsvpsp.dll
Protocol #10: C:\WINDOWS\system32\rsvpsp.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\mswsock.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\mswsock.dll
Protocol #30: C:\WINDOWS\system32\mswsock.dll
Protocol #31: C:\WINDOWS\system32\mswsock.dll
Protocol #32: C:\WINDOWS\system32\mswsock.dll
Protocol #33: C:\WINDOWS\system32\mswsock.dll
Protocol #34: C:\WINDOWS\system32\mswsock.dll
Protocol #35: C:\WINDOWS\system32\mswsock.dll

timeoutgang · 2006/12/12

And.....the second part:-

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AEGIS Protocol (IEEE 802.1x) v3.1.0.1: system32\DRIVERS\AegisP.sys (autostart)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\DRIVERS\agp440.sys (disabled)
Compaq AGP Bus Filter: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\system32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled)
Alps Touch Pad Filter Driver for Windows 2000/XP: system32\DRIVERS\Apfiltr.sys (manual start)
APPDRV: \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
AVG Firewall: C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe /srvfsys (autostart)
Belarc SMBios Access: \SystemRoot\System32\Drivers\BANTExt.sys (system)
Broadcom 440x 10/100 Integrated Controller XP Driver: system32\DRIVERS\bcm4sbxp.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Bluetooth Audio Service: system32\DRIVERS\blueletaudio.sys (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Bluetooth PAN Network Adapter: system32\DRIVERS\btnetdrv.sys (manual start)
Bluetooth USB For Bluetooth Service: System32\Drivers\btcusb.sys (manual start)
Bluetooth Request Block Driver: system32\DRIVERS\BthEnum.sys (manual start)
Bluetooth HID Enumerator: system32\DRIVERS\vbtenum.sys (manual start)
Bluetooth HID Manager Service: System32\Drivers\BTHidMgr.sys (system)
Bluetooth Serial Communications Driver: system32\DRIVERS\bthmodem.sys (manual start)
Bluetooth Device (Personal Area Network): system32\DRIVERS\bthpan.sys (manual start)
Bluetooth Port Driver: System32\Drivers\BTHport.sys (manual start)
Bluetooth Support Service: %SystemRoot%\system32\svchost.exe -k bthsvcs (autostart)
Bluetooth Radio USB Driver: System32\Drivers\BTHUSB.sys (manual start)
WIDCOMM USB Bluetooth Driver: System32\Drivers\btwusb.sys (manual start)
cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
CO_Mon: \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys (manual start)
Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
drvmcdb: system32\drivers\drvmcdb.sys (system)
drvnddm: system32\drivers\drvnddm.sys (autostart)
Intel(R) PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
EvtEng: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled)
HSFHWICH: system32\DRIVERS\HSFHWICH.sys (manual start)
HSF_DP: system32\DRIVERS\HSF_DP.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Intel Wireless Connection Agent Miniport for Win XP: system32\DRIVERS\iwca.sys (manual start)
JL2005A Toy Camera: System32\Drivers\toywdm.sys (manual start)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
NICCONFIGSVC: C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (autostart)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
OMCI WDM Device Driver: system32\DRIVERS\omci.sys (system)
D-Link VGA Webcam: System32\Drivers\ov519vid.sys (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCAMPR5 NDIS Protocol Driver: \??\C:\WINDOWS\system32\PCAMPR5.SYS (manual start)
PCANDIS5 NDIS Protocol Driver: \??\C:\WINDOWS\system32\PCANDIS5.SYS (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Pcmcia: system32\DRIVERS\pcmcia.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
802.11g USB 2.0 adapter: system32\DRIVERS\PRISMA02.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
PsSdk30: \??\C:\WINDOWS\system32\Drivers\PsSdk30.drv (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
RegSrvc: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (autostart)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Bluetooth Device (RFCOMM Protocol TDI): system32\DRIVERS\rfcomm.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Spectrum24 Event Monitor: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (autostart)
WLAN Transport: system32\DRIVERS\s24trans.sys (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
sdbus: system32\DRIVERS\sdbus.sys (manual start)
Secdrv: system32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled)
SiteAdvisor Service: C:\Program Files\SiteAdvisor\4608\SAService.exe (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Windows Service Pack Installer update service: C:\WINDOWS\system32\spupdsvc.exe (disabled)
System Restore Filter Driver: \SystemRoot\system32\DRIVERS\sr.sys (disabled)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
sscdbhk5: system32\drivers\sscdbhk5.sys (system)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
ssrtln: system32\drivers\ssrtln.sys (system)
SigmaTel C-Major Audio: system32\drivers\STAC97.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4} (manual start)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
tfsnboio: system32\dla\tfsnboio.sys (autostart)
tfsncofs: system32\dla\tfsncofs.sys (autostart)
tfsndrct: system32\dla\tfsndrct.sys (autostart)
tfsndres: system32\dla\tfsndres.sys (autostart)
tfsnifs: system32\dla\tfsnifs.sys (autostart)
tfsnopio: system32\dla\tfsnopio.sys (autostart)
tfsnpool: system32\dla\tfsnpool.sys (autostart)
tfsnudf: system32\dla\tfsnudf.sys (autostart)
tfsnudfa: system32\dla\tfsnudfa.sys (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)
TosIde: \SystemRoot\system32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\system32\DRIVERS\ultra.sys (disabled)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
SecuROM User Access Service (V7): C:\WINDOWS\system32\UAService7.exe (autostart)
Messenger Sharing USN Journal Reader service: C:\WINDOWS\system32\svchost.exe -k usnsvc (disabled)
Virtual Serial port driver: system32\DRIVERS\VComm.sys (manual start)
Bluetooth VComm Manager Service: System32\Drivers\VcommMgr.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\system32\DRIVERS\viaide.sys (disabled)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP: system32\DRIVERS\w29n51.sys (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Defender: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WLANKEEPER: C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NTPort Library Driver: \??\C:\WINDOWS\system32\zntport.sys (autostart)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 45,425 bytes
Report generated in 0.328 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

TeMerc · 2006/12/13

OK, well after looking thru all those file logs I have found a few things which may or may not be bad in sys32:
C:\WINDOWS\system32\nsf2A.tmp
C:\WINDOWS\system32\nsj21B.tmp
C:\WINDOWS\system32\nsr217.tmp
C:\WINDOWS\system32\nsu20E.tmp

And without a scan from Jotti, I'd hesitate to say they are malicious.

Then there is these:
C:\Documents and Settings\Dafydd\My Documents\My Received Files\scklpro.zip/scklpro.exe Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped

Which would be something you DLed via IM, the location being the default download folder.

Any idea what sckpro.zip is?

And if KAV didn't remove this one:
C:\WINDOWS\font.exe

Then delete it.

I'm still awaiting the Uninstall list, altho, we went thru that once already.

timeoutgang · 2006/12/13

TeMerc, scanned these files on Jotti & the results are as follows:-

TeMerc said:

OK, well after looking thru all those file logs I have found a few things which may or may not be bad in sys32:
C:\WINDOWS\system32\nsf2A.tmp--> EliteKeylogger
C:\WINDOWS\system32\nsj21B.tmp--> EliteKeylogger
C:\WINDOWS\system32\nsr217.tmp--> EliteKeylogger
C:\WINDOWS\system32\nsu20E.tmp--> EliteKeylogger

And without a scan from Jotti, I'd hesitate to say they are malicious.

Then there is these:
C:\Documents and Settings\Dafydd\My Documents\My Received Files\scklpro.zip/scklpro.exe Infected: Trojan-Spy.Win32.SCKeyLog.ap skipped--> Trojan.Spy.Win32.SCKeylog

Which would be something you DLed via IM, the location being the default download folder.

Any idea what sckpro.zip is?

And if KAV didn't remove this one:
C:\WINDOWS\font.exe -->Done

Then delete it.

I'm still awaiting the Uninstall list, altho, we went thru that once already.-->Wasn't this in my last post or have I done it wrong?
Click to expand...

TeMerc · 2006/12/13

Delete these:
C:\WINDOWS\system32\nsf2A.tmp<<<--this file
C:\WINDOWS\system32\nsj21B.tmp<<<--this file
C:\WINDOWS\system32\nsr217.tmp<<<--this file
C:\WINDOWS\system32\nsu20E.tmp<<<--this file
C:\Documents and Settings\Dafydd\My Documents\My Received Files\scklpro.zip<<<<---this folder

I'm still awaiting the Uninstall list, altho, we went thru that once already.-->Wasn't this in my last post or have I done it wrong?
Click to expand...

Not been done yet.
Start HijackThis
Click on the [Config] button
Click on the[ Misc Tools] button
Click on the [Open Uninstall Manager] button
Then click on the [Save list] button and specify where you would like to save this file.
When you press [Save list] button a notepad will open with the contents of that file.
Copy and paste the contents of that notepad back into this thread for me to view.

timeoutgang · 2006/12/14

Sorry TeMerc, I didn't follow your instructions correctly for the uninstall list. Here it is. Also, I couldn't find the scklpro.zip folder to delete. The only folder/file I could locate was "SCKLPRO.EXE-0C8A393C.pf" which is located in "C:\WINDOWS\Prefetch "

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Reader 6.0.1
Adobe Shockwave Player
ArtMoney SE v7.21
AVG 7.5
Belarc Advisor 7.2
BitLord 1.1
Championship Manager 5
Debugging Tools for Windows
Dell Media Experience
Dell Picture Studio v3.0
D-Link VGA Webcam
Football Manager 2006
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Kaspersky Online Scanner
LimeWire PRO 4.12.3
McAfee SiteAdvisor
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
Microsoft Works 7.0
mIWA
mIWCA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
mToolkit
mWlsSafe
mXML
Mysee WebTV
mZConfig
nBinder 4 LIMITED
NCAA Championship Run 2006
NetWaiting
Network Play System (Patching)
Panda ActiveScan
PPLive 1.1.0.7
RollerCoaster Tycoon 3
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
ShortKeys Lite
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Synacast Plug-in 1.1.0.7
Tiscali Internet
Tvants 1.0
TVUPlayer 2.2.0
Uninstall JL2005A Toy Camera
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
versione 0.4 Beta
VideoLAN VLC media player 0.8.2
whufc crest screensaver
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinPatrol
WinRAR archiver

TeMerc · 2006/12/14

Well nothing in add\rem to worry about, tho I didn't expect ther to be.

Any improvements on bsods? Ad-Aware running normally yet?

timeoutgang · 2006/12/15

BSOD seems to have been fixed, thanks. AdAware is running as normal, thanks.
I did run an AVG scan yesterday & it found 6 instances of trojans, all found in "Temporary Internet Files" (details below). I am just about to run another AVG scan, AdAware scan & a Spybot scan to see if things are as they should be. My feelings are that my two sons are surfing the net & paying no attention to any firewall prompts & downloading loads of CR*P, which I need to address. Once the scans are complete I'll post my results, along with a fresh HJT, if that's OK?

Trojan horse BackDoor.Generic2.AAKW - Outcome, deleted.
Trojan horse BackDoor.Generic3.IFN - Outcome, deleted.
Trojan horse BackDoor.Generic3.SW - Outcome, deleted.
Trojan horse BackDoor.Generic3.SA - Outcome, deleted.
Trojan horse BackDoor.Generic3.QP - Outcome, deleted.
Trojan horse BackDoor.Generic3.QW - Outcome, deleted.

TeMerc · 2006/12/15

Don't post either of the Spybot nor Ad-Aware logs, both are too long and won't be nearly as helpful as HJT log.

You should perhaps set the boys up on limited accounts so they can't download anything.

Always tho, post the specific findings, file paths from ActiveScan or the like. Online av scans typically find more negligible items than valid threats.

timeoutgang · 2006/12/15

Logfile of HijackThis v1.99.1
Scan saved at 21:00:36, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\4608\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm594YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jemmaconners.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139423841203
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://online.eversheds.com/viewer/activeXViewer/activexviewer.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4825/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

TeMerc · 2006/12/15

You can fix the following with HJT, minor items btw, not nasty :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Also, to help with the kids, have you installed IE-Spyads or hosts files? Granted, both can only offer protection if sites are in the database, but it's worth it, especially when you consider they use no resources.

timeoutgang · 2006/12/16

Looks like everything is as it should be guys.

mailman · 2006/12/16

Whew! That's GREAT news, timeoutgang!

I'm glad your BSODs have stopped and AD-Aware now runs properly too.

Best wishes to you for keeping your system clean.

Log in or Sign up

BSOD amongst other things

timeoutgang Inactive Thread Starter

TeMerc Inactive Alumni

timeoutgang Inactive Thread Starter

timeoutgang Inactive Thread Starter

timeoutgang Inactive Thread Starter

timeoutgang Inactive Thread Starter

TeMerc Inactive Alumni

timeoutgang Inactive Thread Starter

timeoutgang Inactive Thread Starter

TeMerc Inactive Alumni

timeoutgang Inactive Thread Starter

TeMerc Inactive Alumni

timeoutgang Inactive Thread Starter

TeMerc Inactive Alumni

timeoutgang Inactive Thread Starter

TeMerc Inactive Alumni

timeoutgang Inactive Thread Starter

TeMerc Inactive Alumni

timeoutgang Inactive Thread Starter

mailman Geek Member

Share This Page

Log in or Sign up

BSOD amongst other things

timeoutgang Inactive Thread Starter

TeMerc Inactive Alumni

timeoutgang Inactive Thread Starter

timeoutgang Inactive Thread Starter

timeoutgang Inactive Thread Starter

timeoutgang Inactive Thread Starter

TeMerc Inactive Alumni

timeoutgang Inactive Thread Starter

timeoutgang Inactive Thread Starter

TeMerc Inactive Alumni

timeoutgang Inactive Thread Starter

TeMerc Inactive Alumni

timeoutgang Inactive Thread Starter

TeMerc Inactive Alumni

timeoutgang Inactive Thread Starter

TeMerc Inactive Alumni

timeoutgang Inactive Thread Starter

TeMerc Inactive Alumni

timeoutgang Inactive Thread Starter

mailman Geek Member

Share This Page

Useful Searches