Thread: New log for you.
View Single Post
Old 08-30-2005, 09:06 PM   #10 (permalink)
untruehero
Member
 
Join Date: Jul 2004
Posts: 41
OS: XP


Thanks sUBs

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 8:10:07 PM, on 8/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Documents and Settings\scott\My Documents\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Bulldog Plus\MUPS.exe
O4 - Global Startup: TEW-424UB Utility.lnk = ?
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.verizon.net/sfp/Cabs...WebInstall.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Delta - C:\Program Files\Belkin Bulldog Plus\upsd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


End of KRC HijackThis Analyzer Log.
====================================================================

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, August 30, 2005 23:02:07
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 31/08/2005
Kaspersky Anti-Virus database records: 137657
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 188418
Number of viruses found: 39
Number of infected objects: 89
Number of suspicious objects: 0
Duration of the scan process: 5506 sec

Infected Object Name - Virus Name
C:\Documents and Settings\scott\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-a84a25a-7fd6bcff.zip/Beyond.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\scott\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-a84a25a-7fd6bcff.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.af
C:\Documents and Settings\scott\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-a84a25a-7fd6bcff.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.ai
C:\Documents and Settings\scott\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-a84a25a-7fd6bcff.zip Infected: Trojan.Java.ClassLoader.ai
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP104\A0021366.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP107\A0021436.exe Infected: Trojan.Win32.StartPage.zq
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP107\A0021437.exe Infected: Trojan.Win32.StartPage.zq
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP107\A0021443.exe Infected: Trojan-Clicker.Win32.Delf.cf
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP107\A0021445.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP107\A0021448.exe Infected: Trojan.Win32.StartPage.zq
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP108\A0021490.exe Infected: Trojan-Downloader.Win32.Delmed.a
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP108\A0021491.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018160.exe Infected: Trojan-Downloader.Win32.Small.aal
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018161.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018163.exe Infected: Trojan-Downloader.Win32.Adload.a
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018164.exe Infected: Trojan-Dropper.Win32.Agent.lu
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018166.exe Infected: Trojan-Downloader.Win32.Apropo.ae
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018167.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018169.exe Infected: Trojan-Downloader.Win32.Qoologic.v
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018170.exe Infected: Trojan-Downloader.Win32.Small.apm
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018174.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018175.exe Infected: Trojan-Downloader.Win32.Qoologic.u
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018187.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018190.dll Infected: Trojan-Downloader.Win32.Qoologic.t
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018197.exe Infected: Trojan.Win32.Stervis.d
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018199.exe Infected: Trojan-Dropper.Win32.SurfSide.a
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018212.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018244.exe Infected: Trojan-Downloader.Win32.Qoologic.u
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP97\A0018247.dll Infected: Trojan-Downloader.Win32.Agent.le
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018251.exe Infected: Trojan-Downloader.Win32.Delf.cb
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018261.dll Infected: Trojan-Clicker.Win32.Small.ez
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018262.exe Infected: Email-Worm.Win32.Bagz.i
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018263.exe Infected: Trojan-Dropper.Win32.Small.wv
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018268.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018270.exe Infected: Trojan-Dropper.Win32.Small.zp
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018273.exe Infected: Email-Worm.Win32.Bagz.h
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018278.exe Infected: Trojan-Downloader.Win32.Agent.ro
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018281.cpl Infected: Trojan-Downloader.Win32.Qoologic.p
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018283.dll Infected: Trojan-Downloader.Win32.Adload.g
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018284.dll Infected: Trojan-Downloader.Win32.Lastad.h
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018286.exe Infected: Trojan-Dropper.Win32.Agent.ka
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018287.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018288.exe Infected: Trojan-Downloader.Win32.Qoologic.u
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018289.dll Infected: Trojan-Downloader.Win32.Qoologic.s
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018295.exe Infected: Trojan.Win32.Stervis.d
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018299.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018302.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018303.dll Infected: Trojan-Downloader.Win32.Qoologic.p
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018304.dll Infected: Trojan-Proxy.Win32.Small.bk
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018322.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018333.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018334.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018335.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018336.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018403.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018404.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0018405.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019007.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019008.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019009.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019010.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019028.exe Infected: Trojan-Dropper.Win32.Agent.lu
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019034.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019035.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019036.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019037.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019051.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019052.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019053.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019055.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019126.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019128.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019129.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019130.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019150.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019151.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019152.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP98\A0019153.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP99\A0019177.exe Infected: Trojan-Downloader.Win32.Dyfuca.dk
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP99\A0019178.exe Infected: Trojan-Downloader.Win32.Adload.a
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP99\A0019179.exe Infected: Trojan-Downloader.Win32.Small.asf
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP99\A0019184.DLL Infected: Trojan-Clicker.Win32.Small.ez
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP99\A0019189.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP99\A0019190.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP99\A0019191.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP99\A0019193.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP99\A0019197.exe Infected: Trojan-Downloader.Win32.Dyfuca.dk
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP99\A0019223.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{5ED30C24-4599-4D38-AD7C-4E34402C9700}\RP99\A0019229.exe Infected: Trojan-Downloader.Win32.Qoologic.ac

Scan process completed.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:58:06 PM, 8/30/2005
+ Report-Checksum: 8A717165

+ Scan result:

:mozilla.30:C:\Documents and Settings\scott\Application Data\Mozilla\Firefox\Profiles\knk2eeyd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\scott\Application Data\Mozilla\Firefox\Profiles\knk2eeyd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\scott\Application Data\Mozilla\Firefox\Profiles\knk2eeyd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\scott\Application Data\Mozilla\Firefox\Profiles\knk2eeyd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\scott\Application Data\Mozilla\Firefox\Profiles\knk2eeyd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\scott\Application Data\Mozilla\Firefox\Profiles\knk2eeyd.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\scott\Application Data\Mozilla\Firefox\Profiles\knk2eeyd.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.39:C:\Documents and Settings\scott\Application Data\Mozilla\Firefox\Profiles\knk2eeyd.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\scott\Local Settings\Application Data\Wildtangent\Cdacache\00\00\2B.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup



::Report End

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe"
"ABIT uGuru"="C:\\Program Files\\ABIT\\ABIT uGuru\\uGuru.exe"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"NvMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"Profiler"="C:\\Program Files\\Saitek\\Software\\Profiler.exe"
"SaiSmart"="C:\\Program Files\\Saitek\\Software\\SaiSmart.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"Motive SmartBridge"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\SMARTB~1\\MotiveSB.exe"
"Media Gateway"="C:\\Program Files\\Media Gateway\\MediaGateway.exe"
"A Verizon App"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\VERIZO~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll

Subkey --- AlphaZipContextMenu
{5AD42C8A-F224-4113-9851-8A9A489A0CA6}
C:\PROGRA~1\AlphaZIP\AlphaZip.dll

Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll

Subkey --- mxnsfkns
{8f9e96ed-ec9f-47ad-b882-3bbd48cbe818}
C:\WINDOWS\System32\eanrj.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRAR\rarext.dll

Subkey --- ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}
C:\Program Files\WinAce\arcext.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Acrobat Speed Launcher.lnk
Adobe Gamma Loader.lnk
BlackICE PC Protection.lnk
desktop.ini
MUPS.lnk
TEW-424UB Utility.lnk
==============================
C:\Documents and Settings\scott\Start Menu\Programs\Startup

Adobe Acrobat Speed Launcher.lnk
Adobe Gamma Loader.lnk
BlackICE PC Protection.lnk
desktop.ini
MUPS.lnk
TEW-424UB Utility.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files


access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
MBLLNK.CPL AvantGo, Inc.
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nvtuicpl.cpl NVIDIA Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
plugincpl131_04.cpl Sun Microsystems
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
untruehero is offline