Unwanted Programs CONTINUOUSLY Load at Startup.

I don't believe this is an AIM issue like I had earlier. I suspect another spyware. I welcome myself back to these forums.
Recently, I installed free ZoneAlarm, my computer has gotten slower but also crashes once in awhile so I think it is time for a log.
Remember - sniper9228 ms1033 does not like posting useless logs unless he is suspicious of a threat.

Logfile of HijackThis v1.99.1
Scan saved at 10:35:22 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\V-Stream Multimedia\PVR Plus\TVR\Scheduled.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Plustek\OpticBook 3600 Plus\Am32Plus.exe
C:\Program Files\V-Stream Multimedia\TV88X Utilities\C8XRCtl.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\V-Stream Multimedia\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Action Express (OpticBook 3600 Plus).lnk = ?
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV88X Utilities\C8XRCtl.exe
O4 - Global Startup: Windows Desktop Search.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1182711802990
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182711885729
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

sniper:

Please let me offer up your own quote from three weeks back.

 

Hi

I don't see anything in your log.

Please give me a list of the programs you say are starting up.

Is this what is telling you that they are starting?

Geri

 

**** - http://www.windowsbbs.com/showthread.php?t=64724
No I am not doing a repeat.

I suspect a parasite (spyware) living off the host of aim;;; that is the difference with the thread above.

Acrobat Assistant 8.0 "c:\program files\adobe\acrobat 8.0\acrobat\acrotray.exe " All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Action Express (OpticBook 3600 Plus) c:\progra~1\plustek\opticb~1\am32plus.exe All Users Common Startup

I wondered if that might be related to spyware, I take it off of startup and it still starts up
Aim6 "c:\program files\aim6\aim6.exe" /d locale=en-us ee://aol/imapp


Jordan\Jordy HKU\S-1-5-21-1177238915-1606980848-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BootSkin Startup Jobs "c:\progra~1\stardock\wincus~1\bootskin\bootskin.exe" /startupjobs All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTRegRun c:\windows\ctregrun.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTSysVol c:\program files\creative\sblive 24-bit external\surround mixer\ctsysvol.exe /r All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CoolSwitch c:\windows\system32\taskswitch.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DWQueuedReporting "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t NT AUTHORITY\SYSTEM HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DWQueuedReporting "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IntelliPoint "c:\program files\microsoft intellipoint\ipoint.exe " All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MULTIMEDIA KEYBOARD c:\program files\netropa\multimedia keyboard\mmkeybd.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PVR Agent c:\program files\v-stream multimedia\pvr plus\tvr\scheduled.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SbUsb AudCtrl rundll32 sbusbdll.dll,rcmonitor All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
StartCCC c:\program files\ati technologies\ati.ace\core-static\clistart.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TV Remote Control c:\progra~1\v-stre~1\tv88xu~1\c8xrctl.exe All Users Common Startup
UpdReg c:\windows\updreg.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
VisualTooltip c:\program files\visualtooltip\visualtooltip.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Defender "c:\program files\windows defender\msascui.exe" -hide All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Desktop Search.lnk c:\program files\windows desktop search\windowssearch.exe /startup All Users Common Startup
ZoneAlarm Client "c:\program files\zone labs\zonealarm\zlclient.exe " All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp "c:\program files\common files\symantec shared\ccapp.exe " All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe c:\windows\system32\ctfmon.exe ****-OFF\Jordy HKU\S-1-5-21-1177238915-1606980848-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
desktop desktop.ini NT AUTHORITY\SYSTEM Startup
desktop desktop.ini ****-OFF\Jordy Startup
desktop desktop.ini .DEFAULT Startup
desktop desktop.ini All Users Common Startup
vptray c:\progra~1\symant~1\vptray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

Logs look OK.

But use HJT to remove
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

Your primary problem is Norton. Execllent Virus scanner but everything else about it stinks. Bloated, slows system lots of incompatabilities. And if it or a firewall get a little problem then they are multiplied.

Your secondary problem Zonealaram with Norton. ZA execllent program but combined with Norton in some cases will cause these issues.

My suggestion.

Remove Norton. Another problem is Norton is hard to remove. If you do so after uninstall search this BBS for Norton Removal tools and advice to completely remove Norton.

Remove ZA. Then if you want to continue do another clean ZA install.


Best choice. Get a Virus scanner and Firewall that know about and cooperate with each other. Comodo AntiVirus and Comodo Firewall. Comodo recently aquired the acclaimed BOClean product and are incorperating it int their product.

Some are turned off by free Virus scanners and Firewalls but as in "the best things in life are free" this applies to these two items.

My opinion and also of many others these are probably the best!

JJ

 

Hi

OK You don't want these to start up? Correct?
Acrobat Assistant 8.0 "c:\program files\adobe\acrobat 8.0\acrobat\acrotray.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Action Express (OpticBook 3600 Plus) c:\progra~1\plustek\opticb~1\am32plus.exe All Users Common Startup

Many of the items in that long list are "needed " for your system to work. You can not disable them all.

Here is a good program that will help keep these things under control and is pretty easy to use.

Install WinPatrol to prevent unknown applications from being inserted to start up on your machine

It has a start up section that you can use to keep them from starting up at boot.

This is a legit file for Aim6.

OK Download this and post the log.

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As ", in FF it's "Save Link As ") to download Silent Runners.

• Save it to the desktop.
• Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
• You will receive a prompt:
  • Do you want to skip supplementary searches?
    click NO
• If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
• You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
• Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

Geri

 

Here

OK You don't want these to start up? Correct?
Acrobat Assistant 8.0 "c:\program files\adobe\acrobat 8.0\acrobat\acrotray.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Action Express (OpticBook 3600 Plus) c:\progra~1\plustek\opticb~1\am32plus.exe All Users Common Startup

yes I do, i dont really see what you are asking

I got Winpatrol

"Silent Runners.vbs ", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++} "


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"E07AXLRD_4884153" = " "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2007\EDICT.EXE" -m" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"StartCCC" = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [null data]
"CTSysVol" = "C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r" [ "Creative Technology Ltd"]
"SbUsb AudCtrl" = "RunDll32 sbusbdll.dll,RCMonitor" [MS]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" [ "Creative Technology Ltd."]
"CTRegRun" = "C:\WINDOWS\CTRegRun.EXE" [ "Creative Technology Ltd "]
"Windows Defender" = " "C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"ccApp" = " "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" " [ "Symantec Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~1\VPTray.exe" [ "Symantec Corporation"]
"BootSkin Startup Jobs" = " "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs" [empty string]
"CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data]
"IntelliPoint" = " "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" " [MS]
"MULTIMEDIA KEYBOARD" = "C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [ "Netropa Corp."]
"VisualTooltip" = "C:\Program Files\VisualTooltip\VisualToolTip.exe" [ "Christian Salmon"]
"Acrobat Assistant 8.0" = " "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" " [ "Adobe Systems Inc."]
"PVR Agent" = "C:\Program Files\V-Stream Multimedia\PVR Plus\TVR\Scheduled.exe" [empty string]
"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" [ "Sygate Technologies, Inc."]
"WinPatrol" = "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [ "BillP Studios"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" [ "Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [ "Safer Networking Limited"]
{955BE0B8-BC85-4CAF-856E-8E0D8B610560}\(Default) = "Encarta Web Companion Helper Object "
-> {HKLM...CLSID} = "Encarta Web Companion Helper Object "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL" [MS]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "NTFS Security Page "
-> {HKLM...CLSID} = "Security Shell Extension "
\InProcServer32\(Default) = "rshx32_5.dll" [MS]
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension "
-> {HKLM...CLSID} = "Display Panning CPL Extension "
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
-> {HKLM...CLSID} = "HyperTerminal Icon Ext "
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [ "Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension "
-> {HKLM...CLSID} = "SimpleShlExt Class "
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [empty string]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions "
-> {HKLM...CLSID} = "VpshellEx Class "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" [ "Symantec Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler "
-> {HKLM...CLSID} = "Outlook File Icon Extension "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler "
-> {HKLM...CLSID} = "Microsoft Office Outlook "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler "
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler "
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler "
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler "
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{80933416-C33F-407E-BCC1-6246E3EE34DF}" = "ExtractNow "
-> {HKLM...CLSID} = "ExtractNow "
\InProcServer32\(Default) = "C:\Program Files\ExtractNow\extractmenu.dll" [ "Nathan Moinvaziri"]
"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS]
"{efb97cb8-a4a4-4357-a261-002ffaed0267}" = "CD Slideshow Powertoy "
-> {HKLM...CLSID} = "CD Burn Slideshow Hook "
\InProcServer32\(Default) = "C:\WINDOWS\system32\slideshow.dll" [MS]
"{709C6E11-538F-4759-86AC-6ACB302AA0DE}" = "Desktop Manager "
-> {HKLM...CLSID} = "Desktop Manager "
\InProcServer32\(Default) = "C:\WINDOWS\system32\msvdm.dll" [null data]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page "
-> {HKLM...CLSID} = "Wireless Property Page "
\InProcServer32\(Default) = " "c:\Program Files\Microsoft IntelliPoint\ipcplwir.dll" " [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page "
-> {HKLM...CLSID} = "Wheel Property Page "
\InProcServer32\(Default) = " "c:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll" " [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page "
-> {HKLM...CLSID} = "Activities Property Page "
\InProcServer32\(Default) = " "c:\Program Files\Microsoft IntelliPoint\ipcplact.dll" " [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page "
-> {HKLM...CLSID} = "Buttons Property Page "
\InProcServer32\(Default) = " "c:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll" " [MS]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension "
-> {HKLM...CLSID} = "UnlockerShellExtension "
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW "
-> {HKLM...CLSID} = "Shell Extension for CDRW "
\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" [ "Nero AG"]
"{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451}" = "OODefrag "
-> {HKLM...CLSID} = "OODShellExtObj Class "
\InProcServer32\(Default) = "C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll" [ "O&O Software GmbH"]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu "
-> {HKLM...CLSID} = "Acrobat Elements Context Menu "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" [ "Adobe Systems Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook "
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook "
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "
-> {HKLM...CLSID} = "WPDShServiceObj Class "
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk * "| "OODBS" [ "O&O Software GmbH"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" [ "ATI Technologies Inc."]
<<!>> NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" [ "Symantec Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945} "
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter "
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{B3AFAE44-F603-4456-808F-C9F8F0C76082}\(Default) = "Microsoft Digital Image Viewer Extension Column Provider "
-> {HKLM...CLSID} = "CRawViewerExtension Class "
\InProcServer32\(Default) = "C:\Program Files\Pro Imaging Powertoys\Microsoft RAW Image Thumbnailer and Viewer for Windows XP\CRawViewerExtension.dll" [MS]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info "
-> {HKLM...CLSID} = "PDF Shell Extension "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" [ "Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "
-> {HKLM...CLSID} = "Acrobat Elements Context Menu "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" [ "Adobe Systems Inc."]
ExtractNow\(Default) = "{80933416-C33F-407E-BCC1-6246E3EE34DF} "
-> {HKLM...CLSID} = "ExtractNow "
\InProcServer32\(Default) = "C:\Program Files\ExtractNow\extractmenu.dll" [ "Nathan Moinvaziri"]
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C} "
-> {HKLM...CLSID} = "VpshellEx Class "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" [ "Symantec Corporation"]
OODefrag\(Default) = "{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} "
-> {HKLM...CLSID} = "OODShellExtObj Class "
\InProcServer32\(Default) = "C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll" [ "O&O Software GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "
-> {HKLM...CLSID} = "Acrobat Elements Context Menu "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" [ "Adobe Systems Inc."]
ExtractNow\(Default) = "{80933416-C33F-407E-BCC1-6246E3EE34DF} "
-> {HKLM...CLSID} = "ExtractNow "
\InProcServer32\(Default) = "C:\Program Files\ExtractNow\extractmenu.dll" [ "Nathan Moinvaziri"]
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C} "
-> {HKLM...CLSID} = "VpshellEx Class "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" [ "Symantec Corporation"]
OODefrag\(Default) = "{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} "
-> {HKLM...CLSID} = "OODShellExtObj Class "
\InProcServer32\(Default) = "C:\PROGRA~1\OOSOFT~1\DEFRAG~1\oodsh.dll" [ "O&O Software GmbH"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "
-> {HKLM...CLSID} = "UnlockerShellExtension "
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "
-> {HKLM...CLSID} = "UnlockerShellExtension "
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

"Homepage" = (REG_DWORD) hex:0x00000000
{Disable changing home page settings}

HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

"NoBrowserOptions" = (REG_DWORD) hex:0x00000000
{Tools menu: Disable Internet Options... menu option}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp "

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Jordy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp "


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ribbons.scr" [MS]


Startup items in "Jordy" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Action Express (OpticBook 3600 Plus)" -> shortcut to: "C:\Program Files\Plustek\OpticBook 3600 Plus\Am32Plus.exe" [ "Impacct"]
"TV Remote Control" -> shortcut to: "C:\Program Files\V-Stream Multimedia\TV88X Utilities\C8XRCtl.exe" [ "Kworld Computer Co., Ltd."]
<<!>> "Windows Desktop Search.lnk.disabled" [null data]


Enabled Scheduled Tasks:
------------------------

"D12 Eminem - I Remember" -> launches: "D:\Music Downloads\D12 Eminem - I Remember.mp3" [null data]
"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
"ViStart 2490" -> launches: "C:\Program Files\VStart\ViStart 2490.exe" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{147D6308-0614-4112-89B1-31402F9B82C4} "
-> {HKLM...CLSID} = "Encarta Web Companion "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL" [MS]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93} "
-> {HKLM...CLSID} = "Adobe PDF "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]
"{F2CF5485-4E02-4F68-819C-B92DE9277049} "
-> {HKLM...CLSID} = "&Links "
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{147D6308-0614-4112-89B1-31402F9B82C4}" = "Encarta Web Companion "
-> {HKLM...CLSID} = "Encarta Web Companion "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL" [MS]
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint "
-> {HKLM...CLSID} = "Easy-WebPrint "
\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]

HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint "
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research "
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research "

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM "
"Exec" = "C:\Program Files\AIM\aim.exe" [ "America Online, Inc."]

{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\
"ButtonText" = "Encarta Search Bar "

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001 "
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger "
"MenuText" = "Windows Messenger "
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" [ "ATI Technologies Inc."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" [ "Creative Technology Ltd"]
FLEXnet Licensing Service, FLEXnet Licensing Service, " "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" " [ "Macrovision Europe Ltd."]
InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" [ "Nero AG"]
Netropa NHK Server, nhksrv, "C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe" [null data]
O&O Defrag, O&O Defrag, "C:\WINDOWS\system32\oodag.exe" [ "O&O Software GmbH"]
Sygate Personal Firewall Pro, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" [ "Sygate Technologies, Inc."]
Symantec AntiVirus, Symantec AntiVirus, " "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" " [ "Symantec Corporation"]
Symantec AntiVirus Definition Watcher, DefWatch, " "C:\Program Files\Symantec AntiVirus\DefWatch.exe" " [ "Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, " "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" " [ "Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, " "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" " [ "Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, " "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" " [ "Symantec Corporation"]
Windows Defender, WinDefend, " "C:\Program Files\Windows Defender\MsMpEng.exe" " [MS]


Keyboard Driver Filters:
------------------------

HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <<!>> "msikbd2k" [ "Netropa Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" [ "Adobe Systems Incorporated."]
Canon BJ Language Monitor PIXMA iP4000\Driver = "CNMLM64.DLL" [ "CANON INC."]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 37 seconds.
---------- (total run time: 172 seconds)

 

Hi sniper9228

Ok There is nothing showing in the silentRunners log.

I see no signs of any malware on your system. There is only one entry for AIM and it is legit.

You can rest assured that you are free from nasties at this time.

You can delete SilentRunners, there will be newer virsions if ever needed again anyway.

surf safely
Geri