Here's the 2 scan logs. In the task manager under processes, i have CSRSS.exe still running, and 3 CLI.exe's running. Is this csrss a good one now? And are there supposed to be three CLI's? Thanks.
GMER log:
GMER 1.0.10.10122 -
http://www.gmer.net
Rootkit 2006-08-13 12:17:25
Windows 5.0.2195 Service Pack 4
---- System - GMER 1.0.10 ----
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwClose
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwCreateKey
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteValueKey
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwFlushKey
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwOpenKey
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwSetValueKey
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwClose
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwCreateFile
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwCreateSection
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwOpenFile
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwWriteFile
---- Devices - GMER 1.0.10 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B6F66A80] css-dvp.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSEIRP_MJ_READ [B6F66C00] css-dvp.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B6F66AE0] css-dvp.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B6F66BA0] css-dvp.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE [B6F66F70] css-dvp.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSEIRP_MJ_READ [B6F670F0] css-dvp.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [B6F66FD0] css-dvp.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [B6F6A040] css-dvp.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [B6F67090] css-dvp.sys
Device \Driver\FreeTdi \??\LATERALUS IRP_MJ_SHUTDOWN [ED50485A] avgtdi.sys
---- Files - GMER 1.0.10 ----
File C:\System Volume Information\tracking.log
---- EOF - GMER 1.0.10 ----
WinPFind Log:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! 2/16/2005 11
16 AM 218112 C:\HijackThis.exe
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 2/24/2004 5:58:16 PM 146642 C:\WINNT\Cheats24.org[cheats24-org,de,1].exe
UPX! 7/26/2006 6:21:38 PM 267882496 C:\WINNT\MEMORY.DMP
FSG! 7/26/2006 6:21:38 PM 267882496 C:\WINNT\MEMORY.DMP
PEC2 7/26/2006 6:21:38 PM 267882496 C:\WINNT\MEMORY.DMP
aspack 7/26/2006 6:21:38 PM 267882496 C:\WINNT\MEMORY.DMP
abetterinternet.com 7/26/2006 6:21:38 PM 267882496 C:\WINNT\MEMORY.DMP
web-nex 7/26/2006 6:21:38 PM 267882496 C:\WINNT\MEMORY.DMP
ad-w-a-r-e.com 7/26/2006 6:21:38 PM 267882496 C:\WINNT\MEMORY.DMP
UPX! 5/17/2004 5:05:18 AM 44032 C:\WINNT\Unwash5.exe
Checking %System% folder...
aspack 5/3/2006 4:30:06 PM 1212928 C:\WINNT\SYSTEM32\Incinerator.dll
PTech 7/12/2005 6:04:22 PM 520456 C:\WINNT\SYSTEM32\LegitCheckControl.dll
PECompact2 8/2/2006 9:22:50 PM 8255912 C:\WINNT\SYSTEM32\MRT.exe
aspack 8/2/2006 9:22:50 PM 8255912 C:\WINNT\SYSTEM32\MRT.exe
Umonitor 1/12/2005 3:39:46 PM 531216 C:\WINNT\SYSTEM32\RASDLG.DLL
winsync 7/24/2002 8:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu
UPX! 8/8/2003 2:20:58 PM R 252416 C:\WINNT\SYSTEM32\wget.exe
Checking %System%\Drivers folder and sub-folders...
UPX! 8/7/2006 9:38:46 AM 777472 C:\WINNT\SYSTEM32\drivers\avg7core.sys
FSG! 8/7/2006 9:38:46 AM 777472 C:\WINNT\SYSTEM32\drivers\avg7core.sys
PEC2 8/7/2006 9:38:46 AM 777472 C:\WINNT\SYSTEM32\drivers\avg7core.sys
aspack 8/7/2006 9:38:46 AM 777472 C:\WINNT\SYSTEM32\drivers\avg7core.sys
aspack 5/2/2004 10:51:44 AM R 498264 C:\WINNT\SYSTEM32\drivers\css-dvp.sys
Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts
Items found in C:\WINNT\SYSTEM32\drivers\etc\LMhosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/13/2006 12:18:02 PM H 256398 C:\WINNT\ShellIconCache
8/13/2006 12:22:12 PM S 64 C:\WINNT\CSC\00000001
8/9/2006 6:33:28 PM S 64 C:\WINNT\CSC\00000002
8/7/2006 1:20:54 AM S 64 C:\WINNT\CSC\csc1.tmp
7/23/2006 4:39:50 AM H 0 C:\WINNT\inf\oem36.inf
7/11/2006 8:25:48 PM RHS 152 C:\WINNT\system32\07B81EF572.sys
7/11/2006 9:04:02 PM HS 6686 C:\WINNT\system32\KGyGaAvL.sys
8/13/2006 12:23:26 PM H 1024 C:\WINNT\system32\config\default.LOG
8/13/2006 12:34:16 PM H 1024 C:\WINNT\system32\config\SAM.LOG
8/13/2006 12:31:00 PM H 1024 C:\WINNT\system32\config\SECURITY.LOG
8/13/2006 1:51:38 PM H 1024 C:\WINNT\system32\config\software.LOG
8/13/2006 12:22:16 PM H 6 C:\WINNT\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 7/24/2002 8:00:00 AM 67344 C:\WINNT\SYSTEM32\access.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 301328 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 237328 C:\WINNT\SYSTEM32\DESK.CPL
Microsoft Corporation 7/24/2002 8:00:00 AM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 118032 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 36112 C:\WINNT\SYSTEM32\irprops.cpl
Macrovision Corporation 8/11/2005 4:29:46 PM 73728 C:\WINNT\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 10/30/2001 8:10:00 AM 326144 C:\WINNT\SYSTEM32\joy.cpl
Sun Microsystems 2/22/2004 11:44:42 PM 61555 C:\WINNT\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 122128 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 303888 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 17168 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 41232 C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 41232 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 90896 C:\WINNT\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINNT\SYSTEM32\QuickTime.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 83216 C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation 6/19/2003 3:05:04 PM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL
Microsoft Corporation 7/24/2002 8:00:00 AM 5904 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 61200 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 1/12/2005 3:40:00 PM 64784 C:\WINNT\SYSTEM32\dllcache\msmq.cpl
IBM Corporation 9/23/1999 6:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl
Microsoft Corporation 7/24/2002 8:00:00 AM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
1/4/2006 6:59:38 PM 1669 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
1/4/2006 7:04:50 PM 663 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
7/20/2006 11:38:06 PM 690 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
1/4/2006 7:23:48 PM 1477 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Checking files in %USERPROFILE%\Startup folder...
7/4/2004 2:29:44 PM 540 C:\Documents and Settings\mangemeer\Start Menu\Programs\Startup\SpywareGuard.lnk
Checking files in %USERPROFILE%\Application Data folder...
11/6/2005 9:23:46 PM 88416 C:\Documents and Settings\mangemeer\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{81559C35-8464-49F7-BB0E-07A383BEF910} = C:\Program Files\SpywareGuard\spywareguard.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Macromedia.FlashPaper.ContextMenu
{9DED7A30-D572-4D21-8D82-6945EA697400} = C:\Program Files\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TheCleaner
{2DE506B9-4320-11d3-8E42-002035221EDA} = C:\Program Files\The Cleaner\tcshellex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Washer
{6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}
= C:\Program Files\Zero Knowledge\Freedom\AVContextR.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TheCleaner
{2DE506B9-4320-11D3-8E42-002035221EDA} = C:\Program Files\The Cleaner\tcshellex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}
= C:\Program Files\Zero Knowledge\Freedom\AVContextR.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TheCleaner
{2DE506B9-4320-11D3-8E42-002035221EDA} = C:\Program Files\The Cleaner\tcshellex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Washer
{6EE51AA0-77A0-11D7-B4E1-000347126E46} = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}
= C:\Program Files\Zero Knowledge\Freedom\AVContextR.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}
PopKill Class = C:\Program Files\Zero Knowledge\Freedom\pkR.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}
ZKBho Class = C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN Toolbar : C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-ca\msntb.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINNT\system32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}
ButtonText = Run IMVU : C:\Documents and Settings\mangemeer\Start Menu\Programs\IMVU2\Run IMVU.lnk
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\browseui.dll
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} = :
{4EC4CD8A-8B52-6583-5200-0771A1F3C89B} = driveamok : C:\PROGRA~1\DARTPR~1\INTRA DELETE.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{40D41A8B-D79B-43D7-99A7-9EE0F344C385} = AIM Search : C:\Program Files\AIM Toolbar\AIMBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HPAIO_PrintFolderMgr C:\WINNT\System32\spool\DRIVERS\W32X86\hpoopm07.exe
Logitech Utility Logi_MwX.Exe
Freedom C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
HPHmon04 C:\WINNT\system32\hphmon04.exe
HPHUPD04 "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
Synchronization Manager mobsync.exe /logon
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149
CDRAutoRun 0
SpecifyDefaultButtons 0
Btn_Search 0
NoBandCustomize 0
NoToolbarCustomize 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 1
NoAdminPage 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINNT\system32\NavLogon.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/13/2006 4:52:03 PM