Tech Support Forum - View Single Post

**bughunta** · 08-30-2005, 01:36 PM

Here are the logs you requested (Kaspersky not possible as the link is dead)

WinPFind

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
FSG! 29/11/2004 17:27:02 10156943 C:\Program Files\avg70free_289a392.exe

Checking %WinDir% folder...
PECompact2 18/08/2005 14:24:00 15636721 C:\WINNT\LPT$VPN.791
qoologic 18/08/2005 14:24:00 15636721 C:\WINNT\LPT$VPN.791
SAHAgent 18/08/2005 14:24:00 15636721 C:\WINNT\LPT$VPN.791
UPX! 18/02/2005 18:40:14 1044560 C:\WINNT\vsapi32.dll
aspack 18/02/2005 18:40:14 1044560 C:\WINNT\vsapi32.dll
UPX! 10/01/2005 16:17:24 170053 C:\WINNT\tsc.exe
UPX! 03/05/2005 11:44:44 25157 C:\WINNT\RMAgentOutput.dll
PECompact2 18/08/2005 14:24:00 15636721 C:\WINNT\VPTNFILE.791
qoologic 18/08/2005 14:24:00 15636721 C:\WINNT\VPTNFILE.791
SAHAgent 18/08/2005 14:24:00 15636721 C:\WINNT\VPTNFILE.791

Checking %System% folder...
UPX! 11/08/2003 18:30:42 R 1024 C:\WINNT\SYSTEM32\TFTP1212
winsync 26/07/2000 12:00:00 1309184 C:\WINNT\SYSTEM32\wbdbase.deu
Umonitor 19/06/2003 20:05:04 529168 C:\WINNT\SYSTEM32\RASDLG.DLL

Checking %System%\Drivers folder and sub-folders...
UPX! 24/08/2005 20:31:34 726016 C:\WINNT\SYSTEM32\drivers\avg7core.sys
FSG! 24/08/2005 20:31:34 726016 C:\WINNT\SYSTEM32\drivers\avg7core.sys
PEC2 24/08/2005 20:31:34 726016 C:\WINNT\SYSTEM32\drivers\avg7core.sys
aspack 24/08/2005 20:31:34 726016 C:\WINNT\SYSTEM32\drivers\avg7core.sys

Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
30/08/2005 09:36:32 H 924914 C:\WINNT\ShellIconCache
30/08/2005 19:54:46 H 1024 C:\WINNT\system32\config\software.LOG
30/08/2005 19:26:22 H 1024 C:\WINNT\system32\config\default.LOG
30/08/2005 19:49:16 H 1024 C:\WINNT\system32\config\SECURITY.LOG
30/08/2005 19:51:26 H 1024 C:\WINNT\system32\config\SAM.LOG
29/07/2005 16:27:32 H 0 C:\WINNT\inf\oem3.inf
31/07/2005 23:11:42 H 10820 C:\WINNT\Help\update.GID
30/08/2005 19:26:18 H 6 C:\WINNT\Tasks\SA.DAT
21/08/2005 21:13:54 S 64 C:\WINNT\CSC\csc1.tmp
30/08/2005 19:26:16 S 64 C:\WINNT\CSC\00000001
22/08/2005 07:53:16 S 64 C:\WINNT\CSC\00000002

Checking for CPL files...
Microsoft Corporation 26/07/2000 12:00:00 31504 C:\WINNT\SYSTEM32\fax.cpl
Microsoft Corporation 26/07/2000 12:00:00 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 26/07/2000 12:00:00 118032 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 26/07/2000 12:00:00 36112 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 26/07/2000 12:00:00 122128 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 26/07/2000 12:00:00 303888 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 26/07/2000 12:00:00 17168 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 26/07/2000 12:00:00 41232 C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation 19/06/2003 20:05:04 237328 C:\WINNT\SYSTEM32\DESK.CPL
Microsoft Corporation 19/06/2003 20:05:04 125712 C:\WINNT\SYSTEM32\SYSDM.CPL
Microsoft Corporation 26/07/2000 12:00:00 5904 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 26/07/2000 12:00:00 61200 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 19/06/2003 20:05:04 301328 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 29/08/2002 07:14:40 292352 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 19/06/2003 20:05:04 41232 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 19/06/2003 20:05:04 90896 C:\WINNT\SYSTEM32\powercfg.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 26/07/2000 12:00:00 67344 C:\WINNT\SYSTEM32\access.cpl
Microsoft Corporation 30/10/2001 08:10:00 326144 C:\WINNT\SYSTEM32\joy.cpl
Microsoft Corporation 19/06/2003 20:05:04 83216 C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation 29/08/2002 07:14:40 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 26/07/2000 12:00:00 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl
IBM Corporation 23/09/1999 18:44:36 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
27/03/2005 21:48:02 1478 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG Shell Extension
{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{e0d79300-84be-11ce-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG Shell Extension
{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{e0d79300-84be-11ce-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{e0d79300-84be-11ce-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINNT\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{4E7BD74F-2B8D-469E-D7E4-F660B597BF2A} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Synchronization Manager mobsync.exe /logon
EPSON Stylus C82 Series C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82"
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Microsoft System Checkup libsys32.exe
NT Logging Service syslog32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
Microsoft System Checkup libsys32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
internat.exe internat.exe
msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Windows Security Service windows.pif

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
Windows Security Service windows.pif

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149
CDRAutoRun 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\System32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 30/08/2005 20:13:32

Track qoo

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"EPSON Stylus C82 Series"="C:\\WINNT\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C82 Series\" /O6 \"USB001\" /M \"Stylus C82\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Microsoft System Checkup"="libsys32.exe"
"NT Logging Service"="syslog32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

Subkey --- AVG Shell Extension
{1E2CDF40-419B-11D2-A5A1-002018648BA7}
0

Subkey --- AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
C:\Program Files\Grisoft\AVG Free\avgse.dll

Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINNT\system32\shell32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINNT\system32\shell32.dll

Subkey --- WinZip
{e0d79300-84be-11ce-9641-444553540000}
C:\PROGRA~1\WinZip\wzshlext.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers

Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINNT\system32\shell32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\shell32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\shell32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINNT\System32\docprop2.dll

Subkey --- {7f9609be-af9a-11d1-83e0-00c04fb6e984}
C:\WINNT\system32\faxshell.dll

Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINNT\System32\docprop2.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Microsoft Office.lnk
==============================
C:\Documents and Settings\pete\Start Menu\Programs\Startup

Microsoft Office.lnk
==============================
C:\WINNT\system32 cpl files

fax.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
DESK.CPL Microsoft Corporation
SYSDM.CPL Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
access.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
sticpl.cpl Microsoft Corporation

bug

08-30-2005, 01:36 PM	#22 (permalink)
bughunta I helped the forums. Join Date: Sep 2004 Location: Edinburgh, Scotland Posts: 60 OS: W2K	Here are the logs you requested (Kaspersky not possible as the link is dead) WinPFind WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195 Internet Explorer Version: 6.0.2800.1106 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... FSG! 29/11/2004 17:27:02 10156943 C:\Program Files\avg70free_289a392.exe Checking %WinDir% folder... PECompact2 18/08/2005 14:24:00 15636721 C:\WINNT\LPT$VPN.791 qoologic 18/08/2005 14:24:00 15636721 C:\WINNT\LPT$VPN.791 SAHAgent 18/08/2005 14:24:00 15636721 C:\WINNT\LPT$VPN.791 UPX! 18/02/2005 18:40:14 1044560 C:\WINNT\vsapi32.dll aspack 18/02/2005 18:40:14 1044560 C:\WINNT\vsapi32.dll UPX! 10/01/2005 16:17:24 170053 C:\WINNT\tsc.exe UPX! 03/05/2005 11:44:44 25157 C:\WINNT\RMAgentOutput.dll PECompact2 18/08/2005 14:24:00 15636721 C:\WINNT\VPTNFILE.791 qoologic 18/08/2005 14:24:00 15636721 C:\WINNT\VPTNFILE.791 SAHAgent 18/08/2005 14:24:00 15636721 C:\WINNT\VPTNFILE.791 Checking %System% folder... UPX! 11/08/2003 18:30:42 R 1024 C:\WINNT\SYSTEM32\TFTP1212 winsync 26/07/2000 12:00:00 1309184 C:\WINNT\SYSTEM32\wbdbase.deu Umonitor 19/06/2003 20:05:04 529168 C:\WINNT\SYSTEM32\RASDLG.DLL Checking %System%\Drivers folder and sub-folders... UPX! 24/08/2005 20:31:34 726016 C:\WINNT\SYSTEM32\drivers\avg7core.sys FSG! 24/08/2005 20:31:34 726016 C:\WINNT\SYSTEM32\drivers\avg7core.sys PEC2 24/08/2005 20:31:34 726016 C:\WINNT\SYSTEM32\drivers\avg7core.sys aspack 24/08/2005 20:31:34 726016 C:\WINNT\SYSTEM32\drivers\avg7core.sys Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 30/08/2005 09:36:32 H 924914 C:\WINNT\ShellIconCache 30/08/2005 19:54:46 H 1024 C:\WINNT\system32\config\software.LOG 30/08/2005 19:26:22 H 1024 C:\WINNT\system32\config\default.LOG 30/08/2005 19:49:16 H 1024 C:\WINNT\system32\config\SECURITY.LOG 30/08/2005 19:51:26 H 1024 C:\WINNT\system32\config\SAM.LOG 29/07/2005 16:27:32 H 0 C:\WINNT\inf\oem3.inf 31/07/2005 23:11:42 H 10820 C:\WINNT\Help\update.GID 30/08/2005 19:26:18 H 6 C:\WINNT\Tasks\SA.DAT 21/08/2005 21:13:54 S 64 C:\WINNT\CSC\csc1.tmp 30/08/2005 19:26:16 S 64 C:\WINNT\CSC\00000001 22/08/2005 07:53:16 S 64 C:\WINNT\CSC\00000002 Checking for CPL files... Microsoft Corporation 26/07/2000 12:00:00 31504 C:\WINNT\SYSTEM32\fax.cpl Microsoft Corporation 26/07/2000 12:00:00 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl Microsoft Corporation 26/07/2000 12:00:00 118032 C:\WINNT\SYSTEM32\intl.cpl Microsoft Corporation 26/07/2000 12:00:00 36112 C:\WINNT\SYSTEM32\irprops.cpl Microsoft Corporation 26/07/2000 12:00:00 122128 C:\WINNT\SYSTEM32\main.cpl Microsoft Corporation 26/07/2000 12:00:00 303888 C:\WINNT\SYSTEM32\mmsys.cpl Microsoft Corporation 26/07/2000 12:00:00 17168 C:\WINNT\SYSTEM32\ncpa.cpl Microsoft Corporation 26/07/2000 12:00:00 41232 C:\WINNT\SYSTEM32\nwc.cpl Microsoft Corporation 19/06/2003 20:05:04 237328 C:\WINNT\SYSTEM32\DESK.CPL Microsoft Corporation 19/06/2003 20:05:04 125712 C:\WINNT\SYSTEM32\SYSDM.CPL Microsoft Corporation 26/07/2000 12:00:00 5904 C:\WINNT\SYSTEM32\telephon.cpl Microsoft Corporation 26/07/2000 12:00:00 61200 C:\WINNT\SYSTEM32\timedate.cpl Microsoft Corporation 19/06/2003 20:05:04 301328 C:\WINNT\SYSTEM32\appwiz.cpl Microsoft Corporation 29/08/2002 07:14:40 292352 C:\WINNT\SYSTEM32\inetcpl.cpl Microsoft Corporation 19/06/2003 20:05:04 41232 C:\WINNT\SYSTEM32\odbccp32.cpl Microsoft Corporation 19/06/2003 20:05:04 90896 C:\WINNT\SYSTEM32\powercfg.cpl Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl Microsoft Corporation 26/07/2000 12:00:00 67344 C:\WINNT\SYSTEM32\access.cpl Microsoft Corporation 30/10/2001 08:10:00 326144 C:\WINNT\SYSTEM32\joy.cpl Microsoft Corporation 19/06/2003 20:05:04 83216 C:\WINNT\SYSTEM32\sticpl.cpl Microsoft Corporation 29/08/2002 07:14:40 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation 26/07/2000 12:00:00 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl IBM Corporation 23/09/1999 18:44:36 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 27/03/2005 21:48:02 1478 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... Checking files in %USERPROFILE%\Startup folder... Checking files in %USERPROFILE%\Application Data folder... »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\AVG Shell Extension {1E2CDF40-419B-11D2-A5A1-002018648BA7} = HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\AVG7 Shell Extension {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\ewido {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\\shellex\ContextMenuHandlers\WinZip {e0d79300-84be-11ce-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG Shell Extension {1E2CDF40-419B-11D2-A5A1-002018648BA7} = HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {e0d79300-84be-11ce-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {e0d79300-84be-11ce-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\shell32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = C:\WINNT\System32\docprop2.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984} = %SystemRoot%\system32\faxshell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1} = C:\WINNT\System32\docprop2.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\system32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINNT\System32\msdxm.ocx [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Search Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} Media Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\system32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\system32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer Band = %SystemRoot%\system32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = : {4E7BD74F-2B8D-469E-D7E4-F660B597BF2A} = : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Synchronization Manager mobsync.exe /logon EPSON Stylus C82 Series C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C82 Series" /O6 "USB001" /M "Stylus C82" AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime Microsoft System Checkup libsys32.exe NT Logging Service syslog32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] Microsoft System Checkup libsys32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] internat.exe internat.exe msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background Windows Security Service windows.pif [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] Windows Security Service windows.pif [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 149 CDRAutoRun 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINNT\System32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif = wzcdlg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.3.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 30/08/2005 20:13:32 Track qoo REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe /logon" "EPSON Stylus C82 Series"="C:\\WINNT\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S10IC2.EXE /P23 \"EPSON Stylus C82 Series\" /O6 \"USB001\" /M \"Stylus C82\"" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "Microsoft System Checkup"="libsys32.exe" "NT Logging Service"="syslog32.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" ----------------- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers Subkey --- AVG Shell Extension {1E2CDF40-419B-11D2-A5A1-002018648BA7} 0 Subkey --- AVG7 Shell Extension {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} C:\Program Files\Grisoft\AVG Free\avgse.dll Subkey --- ewido {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} C:\Program Files\ewido\security suite\context.dll Subkey --- Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} cscui.dll Subkey --- Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} C:\WINNT\system32\shell32.dll Subkey --- Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} C:\WINNT\system32\shell32.dll Subkey --- WinZip {e0d79300-84be-11ce-9641-444553540000} C:\PROGRA~1\WinZip\wzshlext.dll ===================== HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871} C:\WINNT\system32\shell32.dll Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF} C:\WINNT\system32\shell32.dll Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF} C:\WINNT\system32\shell32.dll Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE} C:\WINNT\System32\docprop2.dll Subkey --- {7f9609be-af9a-11d1-83e0-00c04fb6e984} C:\WINNT\system32\faxshell.dll Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1} C:\WINNT\System32\docprop2.dll ============================== C:\Documents and Settings\All Users\Start Menu\Programs\Startup Microsoft Office.lnk ============================== C:\Documents and Settings\pete\Start Menu\Programs\Startup Microsoft Office.lnk ============================== C:\WINNT\system32 cpl files fax.cpl Microsoft Corporation hdwwiz.cpl Microsoft Corporation intl.cpl Microsoft Corporation irprops.cpl Microsoft Corporation main.cpl Microsoft Corporation mmsys.cpl Microsoft Corporation ncpa.cpl Microsoft Corporation nwc.cpl Microsoft Corporation DESK.CPL Microsoft Corporation SYSDM.CPL Microsoft Corporation telephon.cpl Microsoft Corporation timedate.cpl Microsoft Corporation appwiz.cpl Microsoft Corporation inetcpl.cpl Microsoft Corporation odbccp32.cpl Microsoft Corporation powercfg.cpl Microsoft Corporation wuaucpl.cpl Microsoft Corporation access.cpl Microsoft Corporation joy.cpl Microsoft Corporation sticpl.cpl Microsoft Corporation bug