Logfile of HijackThis v1.99.1 Scan saved at 21:29:02, on 09/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mclogsrv.exe C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\McAfee\MSC\mctskshd.exe C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\McAfee\MSK\MskAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\nikki\Desktop\HijackThis_v1.99.1.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?94c25e86a41f4686b73ef7a69742328b O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?94c25e86a41f4686b73ef7a69742328b O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe SmitFraudFix v2.106 Scan done at 21:21:07.70, 09/10/2006 Run from C:\Documents and Settings\nikki\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{b166be07-30a4-4d38-b781-44528a630706}"="hydrodictyon" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted C:\Program Files\SoftCodec\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End
Should have posted this in your first thread. You have Ewido and AVG AS running. AVG AS is Ewido upgraded, so uninstall Ewido. Running both may produce false positives. Log is clean now, any problems?
hiya..a few probelms still..with internet explorer...pages arent opening still opening as blank and i am unable to close them i have to minimize them..this is what is says "about blank:mircosoft internet explorer iexplore.exe.application error the instruction at 0x648b9f5..(5 or s at the end) referrenced memory at 0x6484b9fs the memory could not be read
lol, I don't know...kind of hoping it would help something. Control Panel > Internet Options > change your homepage from there. Did Check Disk replace anything?
hiya me again...well i did what you said...but its still not opening emails and going blank then i have to go back into my inbox and try and open them again...also the saftey page has been coming on as my home page...why am i sooo rubbish at this
oh another blank page there everywhere and i cant close them...this is wierd,and starting to freak me out maybe its me..maybe im doing this to the pc...i seem to attract virus,spyware,malware,adware any ware you name it it comes looking for me!!!
Let's try this. Download WinPFind2 from here. * Extract the files to a folder(C:\WinPFind2). * Open WinPFind2.exe. * Under File Options click the [bold]Select All[/bold] button. * Under AddOn Options check the following: [bold]HKLM_IE_Main.def[/bold] * Click the [bold]Run All Scans[/bold] button. * When its finished scanning you will see Scans Complete! at the bottom left of the program. * Click the [bold]Simple Report[/bold] button. * Notepad will open with the log. * Post that log in your next reply.
Logfile created on: 10/11/2006 10:41 WinPFind2 by OldTimer - Version 1.0.10 Folder = C:\Documents and Settings\nikki\my computer\WinPFind2\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 6.0.2900.2180) < Processes (Non-Microsoft Only) > c:\windows\system32\ati2evxx.exe - ( ) c:\windows\system32\ati2evxx.exe - ( ) c:\program files\ati technologies\ati control panel\atiptaxx.exe - (ATI Technologies, Inc. ) c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe - (Anti-Malware Development a.s. ) c:\program files\grisoft\avg anti-spyware 7.5\guard.exe - (Anti-Malware Development a.s. ) c:\program files\common files\mcafee\hackerwatch\hwapi.exe - (McAfee, Inc. ) c:\program files\java\jre1.5.0_09\bin\jusched.exe - (Sun Microsystems, Inc. ) c:\progra~1\mcafee.com\agent\mcagent.exe - (McAfee, Inc. ) c:\progra~1\mcafee\msc\mclogsrv.exe - (McAfee, Inc. ) c:\program files\common files\mcafee\mna\mcnasvc.exe - (McAfee, Inc. ) c:\progra~1\mcafee\msc\mcpromgr.exe - (McAfee, Inc. ) c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe - (McAfee, Inc. ) c:\progra~1\mcafee.com\vso\mcshield.exe - (McAfee Inc. ) c:\progra~1\mcafee\msc\mctskshd.exe - (McAfee, Inc. ) c:\progra~1\mcafee\msc\mcupdmgr.exe - (McAfee, Inc. ) c:\program files\mcafee\msc\mcupdui.exe - (McAfee, Inc. ) c:\progra~1\mcafee\msc\mcusrmgr.exe - (McAfee, Inc. ) c:\progra~1\mcafee.com\vso\mcvsescn.exe - (McAfee, Inc. ) c:\progra~1\mcafee.com\vso\mcvsftsn.exe - (McAfee, Inc. ) c:\program files\mcafee.com\vso\mcvsshld.exe - (McAfee, Inc. ) c:\progra~1\mcafee.com\person~1\mpfagent.exe - (McAfee Security ) c:\progra~1\mcafee.com\person~1\mpfservice.exe - (McAfee Corporation ) c:\progra~1\mcafee.com\person~1\mpftray.exe - (McAfee Security ) c:\progra~1\mcafee\mps\mps.exe - (McAfee, Inc. ) c:\program files\mcafee\mps\mpsevh.exe - (McAfee, Inc. ) c:\program files\mcafee\msk\mskagent.exe - (McAfee Inc. ) c:\program files\mcafee\msk\msksrver.exe - (McAfee Inc. ) c:\program files\mcafee.com\vso\oasclnt.exe - (McAfee, Inc. ) c:\program files\real\realplayer\realplay.exe - (RealNetworks, Inc. ) c:\program files\common files\real\update_ob\realsched.exe - (RealNetworks, Inc. ) c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe - (McAfee, Inc. ) c:\windows\soundman.exe - (Realtek Semiconductor Corp. ) c:\documents and settings\nikki\my computer\winpfind2\winpfind2.exe - (OldTimer Tools ) < Registry Entries > [>> Internet Explorer Settings <<] HKLM->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM->Main\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM->Main\\Local Page - C:\windows\system32\blank.htm HKCU->Main\\Start Page - http://yahoo.co.uk/ HKCU->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU->Main\\Local Page - C:\windows\system32\blank.htm HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM->Search\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation ) HKCU->Internet Settings\\ProxyEnable - 0 [>> BHO's <<] {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. ) {53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited ) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc. ) {9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation ) {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar Helper = C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation ) {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - CPub Object = c:\program files\mcafee\mps\mcpopup.dll (McAfee, Inc. ) [>> Internet Explorer Bars, Toolbars and Extensions <<] [HKLM-> Internet Explorer Bars] {4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation ) [HKLM-> Internet Explorer ToolBars] {BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan = c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc. ) {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar = C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation ) {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. ) [HKCU-> Internet Explorer ToolBars] WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation ) WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation ) WebBrowser\\{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} - Reg Data missing or invalid = Reg Data missing or invalid (File not found)) WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar = C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation ) WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc. ) [HKCU-> Internet Explorer CmdMapping] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 - Sun Java Console {FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 - Windows Messenger NextId - 8194 [HKLM-> Internet Explorer Extensions] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc. ) {08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc. ) {FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation ) [HKCU-> Internet Explorer Menu Extensions] &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm (File not found)) Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?94c25e86a41f4686b73ef7a69742328b (File not found)) Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?94c25e86a41f4686b73ef7a69742328b (File not found)) [>> Approved Shell Extensions (Non-Microsoft only) <<] [HKLM-> Approved Shell Extensions] {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data missing or invalid (File not found)) {0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found)) {42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = Reg Data missing or invalid (File not found)) {764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found)) {7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found)) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found)) {88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc. ) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. ) [>> ContextMenuHandlers (Non-Microsoft only) <<] [HKLM-> ContextMenuHandlers] * - {CFC7205E-2792-4378-9591-3879CC6C9022} - Reg Data missing or invalid = c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc. ) * - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = Reg Data missing or invalid (File not found)) Directory - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = Reg Data missing or invalid (File not found)) Folder - {CFC7205E-2792-4378-9591-3879CC6C9022} - Reg Data missing or invalid = c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc. ) [>> ColumnHandlers (Non-Microsoft only) <<] [HKLM-> ColumnHandlers] [>> File Associations Keys <<] HKLM->SOFTWARE\Classes\.bat\\'' - batfile HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %* HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %* HKLM->SOFTWARE\Classes\.com\\'' - comfile HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %* HKLM->SOFTWARE\Classes\.exe\\'' - exefile HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %* HKLM->SOFTWARE\Classes\.hta\\'' - htafile HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\system32\mshta.exe "%1" %* HKLM->SOFTWARE\Classes\.js\\'' - JSFile HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %* HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %* HKLM->SOFTWARE\Classes\.scr\\'' - scrfile HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %* HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %* HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %* HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %* HKLM->SOFTWARE\Classes\.txt\\'' - txtfile HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1 [>> Registry Run Keys <<] HKLM->Run\\!AVG Anti-Spyware - "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized (Anti-Malware Development a.s. ) HKLM->Run\\ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc. ) HKLM->Run\\CleanUp - C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup (McAfee, Inc ) HKLM->Run\\MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe (McAfee Security ) HKLM->Run\\MskAgentexe - C:\Program Files\McAfee\MSK\MskAgent.exe (McAfee Inc. ) HKLM->Run\\NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh ) HKLM->Run\\OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc. ) HKLM->Run\\SoundMan - SOUNDMAN.EXE (Realtek Semiconductor Corp. ) HKLM->Run\\SunJavaUpdateSched - "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" (Sun Microsystems, Inc. ) HKLM->Run\\TkBellExe - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc. ) HKLM->Run\\VirusScan Online - C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc. ) HKLM->Run\\VSOCheckTask - "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask (McAfee, Inc. ) HKCU->Run\\CTFMON.EXE - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation ) HKCU->Run\\MsnMsgr - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation ) [>> Miscellaneous Startup Keys <<] [AppInit DLLs] AppInit_DLL - (File not found)) [Image File Execution Options] Your Image File Name Here without a path - Debugger = ntsd -d [Shell Service Object Delay Load] CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation ) PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation ) SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation ) WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation ) [Shell Execute Hooks] {AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation ) [Shared Task Scheduler] {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation ) {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation ) [SafeBoot Option] [HKLM Command Processor AutoRun] HKLM->Command Processor\\AutoRun - [HKCU Command Processor AutoRun] [Security Providers] SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll [BootExecute] Session Manager\\BootExecute - autocheck autochk *; [PendingFileRenameOperations] [FileRenameOperations] [ExcludeFromKnownDlls] Session Manager\\ExcludeFromKnownDlls - [>> Disabled MSConfig Items <<] [>> User Agent Post Platform <<] SV1 - [>> Winlogon <<] HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation ) HKLM->Shell - Explorer.exe (Microsoft Corporation ) HKLM->System - (File not found)) HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl" Notify\AtiExtEvent - Ati2evxx.dll ( ) Notify\crypt32chain - crypt32.dll (Microsoft Corporation ) Notify\cryptnet - cryptnet.dll (Microsoft Corporation ) Notify\cscdll - cscdll.dll (Microsoft Corporation ) Notify\ScCertProp - wlnotify.dll (Microsoft Corporation ) Notify\Schedule - wlnotify.dll (Microsoft Corporation ) Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation ) Notify\SensLogn - WlNotify.dll (Microsoft Corporation ) Notify\termsrv - wlnotify.dll (Microsoft Corporation ) Notify\wlballoon - wlnotify.dll (Microsoft Corporation ) [>> DNS Name Servers <<] {28165594-DADC-4AEB-AF75-22FD0D61914D} - (PRISM 802.11 Adapter (3886)) {420050BD-66C1-406E-B033-8B04B0C7B141} - (1394 Net Adapter) {D74269AC-DE87-487C-BD84-F04C49325BB0} - (SiS 900-Based PCI Fast Ethernet Adapter) {F231B1C4-33D5-47C7-853C-41B4ECAFF437} - () [>> All Winsock2 Catalogs <<] NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation ) NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation ) NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) [>> Protocol Handlers (Non-Microsoft only) <<] ipp - (File not found)) msdaipp - (File not found)) [>> Protocol Filters (Non-Microsoft only) <<] < Services (Non-Microsoft Only) > Ati HotKey Poller (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe ( ) [Automatic - Running - Win32, running in it's own process] AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process] McAfee HackerWatch Service (McAfee HackerWatch Service) - "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process] McAfee Log Manager (McLogManagerService) - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process] McAfee Update Manager (mcmispupdmgr) - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process] McAfee Network Agent (McNASvc) - "c:\program files\common files\mcafee\mna\mcnasvc.exe" (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process] McAfee Protection Manager (mcpromgr) - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process] McAfee Proxy Service (McProxy) - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process] McAfee Redirector Service (McRedirector) - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process] McAfee.com McShield (McShield) - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (McAfee Inc. ) [Automatic - Running - Win32, running in it's own process] McAfee Task Scheduler (McTskshd.exe) - C:\PROGRA~1\McAfee\MSC\mctskshd.exe (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process] McAfee User Manager (mcusrmgr) - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process] McAfee Personal Firewall Service (MpfService) - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (McAfee Corporation ) [Automatic - Running - Win32, running in it's own process] McAfee Privacy Service (MPS9) - C:\PROGRA~1\McAfee\MPS\mps.exe (McAfee, Inc. ) [Automatic - Running - Win32, running in it's own process] McAfee SpamKiller Service (MSK80Service) - "C:\Program Files\McAfee\MSK\MskSrver.exe" (McAfee Inc. ) [Automatic - Running - Win32, running in it's own process] < Files > %SystemDrive% %ProgramFilesDir% %WinDir% %System% C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL - WSUD (Realtek Semiconductor Corp. [Ver = 2.2.28 | Size = 15684608 bytes | Date = 06/18/2004 16:32 | Attr = ]) C:\WINDOWS\SYSTEM32\dfrg.msc - PEC2 ( [Ver = | Size = 41397 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\LegitCheckControl.dll - PTech (Microsoft Corporation [Ver = 1.5.0530.0 | Size = 579888 bytes | Date = 05/17/2006 11:23 | Attr = ]) C:\WINDOWS\SYSTEM32\MRT.exe - PECompact2 (Microsoft Corporation [Ver = 1.20.1625.0 | Size = 8960936 bytes | Date = 09/11/2006 10:37 | Attr = ]) C:\WINDOWS\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.20.1625.0 | Size = 8960936 bytes | Date = 09/11/2006 10:37 | Attr = ]) C:\WINDOWS\SYSTEM32\ntdll.dll - aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\nusrmgr.cpl - WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\rasdlg.dll - Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\SrchSTS.exe - UPX! (S!Ri [Ver = | Size = 288417 bytes | Date = 10/09/2006 21:13 | Attr = ]) C:\WINDOWS\SYSTEM32\swreg.exe - UPX! (SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Date = 10/09/2006 21:13 | Attr = ]) C:\WINDOWS\SYSTEM32\swsc.exe - UPX! ( [Ver = | Size = 40960 bytes | Date = 10/09/2006 21:13 | Attr = ]) C:\WINDOWS\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 08/04/2004 13:00 | Attr = ]) %System%\Drivers folder and sub-folders C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys - PTech ( [Ver = Apr 19 2004 11:25:58 | Size = 1301488 bytes | Date = 04/18/2004 20:26 | Attr = ]) %windir% + sub-dirs for System or Hidden files less than 60 days old C:\WINDOWS\bootstat.dat - ( [Ver = | Size = 2048 bytes | Date = 10/11/2006 10:22 | Attr = S]) C:\WINDOWS\WindowsShell.Manifest - ( [Ver = | Size = 749 bytes | Date = 09/28/2006 21:04 | Attr = RH ]) C:\WINDOWS\assembly\Desktop.ini - ( [Ver = | Size = 227 bytes | Date = 09/28/2006 21:08 | Attr = RHS]) C:\WINDOWS\Downloaded Program Files\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 09/28/2006 21:05 | Attr = H ]) C:\WINDOWS\Fonts\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 09/28/2006 21:05 | Attr = HS]) C:\WINDOWS\inf\oem12.inf - ( [Ver = | Size = 0 bytes | Date = 09/28/2006 21:56 | Attr = H ]) C:\WINDOWS\inf\oem16.inf - ( [Ver = | Size = 0 bytes | Date = 09/28/2006 22:19 | Attr = H ]) C:\WINDOWS\Offline Web Pages\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 09/28/2006 21:05 | Attr = H ]) C:\WINDOWS\pchealth\helpctr\PackageStore\package_1.cab - ( [Ver = | Size = 727 bytes | Date = 09/28/2006 21:05 | Attr = RHS]) C:\WINDOWS\pchealth\helpctr\PackageStore\package_2.cab - ( [Ver = | Size = 19854 bytes | Date = 09/28/2006 21:05 | Attr = RHS]) C:\WINDOWS\pchealth\helpctr\PackageStore\package_3.cab - ( [Ver = | Size = 244933 bytes | Date = 09/28/2006 21:05 | Attr = RHS]) C:\WINDOWS\repair\ntuser.dat - ( [Ver = | Size = 229376 bytes | Date = 09/28/2006 21:10 | Attr = H ]) C:\WINDOWS\system32\cdplayer.exe.manifest - ( [Ver = | Size = 749 bytes | Date = 09/28/2006 21:04 | Attr = RH ]) C:\WINDOWS\system32\logonui.exe.manifest - ( [Ver = | Size = 488 bytes | Date = 09/28/2006 21:05 | Attr = RH ]) C:\WINDOWS\system32\ncpa.cpl.manifest - ( [Ver = | Size = 749 bytes | Date = 09/28/2006 21:04 | Attr = RH ]) C:\WINDOWS\system32\nwc.cpl.manifest - ( [Ver = | Size = 749 bytes | Date = 09/28/2006 21:04 | Attr = RH ]) C:\WINDOWS\system32\sapi.cpl.manifest - ( [Ver = | Size = 749 bytes | Date = 09/28/2006 21:04 | Attr = RH ]) C:\WINDOWS\system32\WindowsLogon.manifest - ( [Ver = | Size = 488 bytes | Date = 09/28/2006 21:05 | Attr = RH ]) C:\WINDOWS\system32\wuaucpl.cpl.manifest - ( [Ver = | Size = 749 bytes | Date = 09/28/2006 21:04 | Attr = RH ]) C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat - ( [Ver = | Size = 11749 bytes | Date = 08/21/2006 14:00 | Attr = S]) C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat - ( [Ver = | Size = 8847 bytes | Date = 09/18/2006 15:40 | Attr = S]) C:\WINDOWS\system32\config\default.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/11/2006 10:33 | Attr = H ]) C:\WINDOWS\system32\config\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/11/2006 10:22 | Attr = H ]) C:\WINDOWS\system32\config\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/11/2006 10:23 | Attr = H ]) C:\WINDOWS\system32\config\software.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/11/2006 10:37 | Attr = H ]) C:\WINDOWS\system32\config\system.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/11/2006 10:31 | Attr = H ]) C:\WINDOWS\system32\config\TempKey.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/28/2006 21:45 | Attr = H ]) C:\WINDOWS\system32\config\userdiff.LOG - ( [Ver = | Size = 1024 bytes | Date = 09/28/2006 21:45 | Attr = H ]) C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/03/2006 09:30 | Attr = H ]) C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 09/28/2006 21:48 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 - ( [Ver = | Size = 341 bytes | Date = 09/28/2006 22:09 | Attr = S]) C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 - ( [Ver = | Size = 413 bytes | Date = 09/28/2006 22:09 | Attr = S]) C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 - ( [Ver = | Size = 574 bytes | Date = 09/28/2006 22:08 | Attr = S]) C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 - ( [Ver = | Size = 558 bytes | Date = 10/02/2006 14:55 | Attr = S]) C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 - ( [Ver = | Size = 126 bytes | Date = 09/28/2006 22:09 | Attr = S]) C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 - ( [Ver = | Size = 98 bytes | Date = 09/28/2006 22:09 | Attr = S]) C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 - ( [Ver = | Size = 136 bytes | Date = 09/28/2006 22:08 | Attr = S]) C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 - ( [Ver = | Size = 144 bytes | Date = 10/02/2006 14:55 | Attr = S]) C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 09/28/2006 21:48 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini - ( [Ver = | Size = 113 bytes | Date = 09/28/2006 21:14 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini - ( [Ver = | Size = 113 bytes | Date = 09/28/2006 21:14 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 09/28/2006 21:14 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 09/28/2006 21:14 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2HSQ42QS\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 09/28/2006 21:14 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7NPV62E7\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 09/28/2006 21:14 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KACHMAR7\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 09/28/2006 21:14 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\L8YQCPPA\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 09/28/2006 21:14 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini - ( [Ver = | Size = 181 bytes | Date = 09/28/2006 21:05 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 09/28/2006 21:48 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini - ( [Ver = | Size = 148 bytes | Date = 09/28/2006 21:06 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini - ( [Ver = | Size = 482 bytes | Date = 09/28/2006 21:06 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini - ( [Ver = | Size = 348 bytes | Date = 09/28/2006 21:06 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 09/28/2006 21:06 | Attr = HS]) C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 09/28/2006 21:06 | Attr = HS]) C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\d8d01ed3-2f13-4a17-bb41-0a41fc5d1acc - ( [Ver = | Size = 388 bytes | Date = 10/07/2006 22:53 | Attr = HS]) C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred - ( [Ver = | Size = 24 bytes | Date = 10/07/2006 22:53 | Attr = HS]) C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3fb4e892-19ed-4dc9-8d67-0869756d06e1 - ( [Ver = | Size = 388 bytes | Date = 09/28/2006 21:14 | Attr = HS]) C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred - ( [Ver = | Size = 24 bytes | Date = 09/28/2006 21:14 | Attr = HS]) C:\WINDOWS\Tasks\McDefragTask.job - ( [Ver = | Size = 264 bytes | Date = 10/07/2006 22:53 | Attr = H ]) C:\WINDOWS\Tasks\McQcTask.job - ( [Ver = | Size = 352 bytes | Date = 10/07/2006 22:53 | Attr = H ]) C:\WINDOWS\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 10/11/2006 10:22 | Attr = H ]) C:\WINDOWS\Temp\History\History.IE5\desktop.ini - ( [Ver = | Size = 113 bytes | Date = 10/08/2006 18:40 | Attr = HS]) C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 10/08/2006 18:40 | Attr = HS]) C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\85EJSLM7\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 10/08/2006 18:40 | Attr = HS]) C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GT2F096R\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 10/08/2006 18:40 | Attr = HS]) C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\K5UVC9UV\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 10/08/2006 18:40 | Attr = HS]) C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SLQZWDEN\desktop.ini - ( [Ver = | Size = 67 bytes | Date = 10/08/2006 18:40 | Attr = HS]) CPL files - C:\WINDOWS\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL - (Realtek Semiconductor Corp. [Ver = 2.2.28 | Size = 15684608 bytes | Date = 06/18/2004 16:32 | Attr = ]) C:\WINDOWS\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 49265 bytes | Date = 09/07/2006 15:51 | Attr = ]) C:\WINDOWS\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\slcpappl.cpl - ( [Ver = 2, 92, 0, 2 | Size = 454656 bytes | Date = 04/19/2004 13:52 | Attr = ]) C:\WINDOWS\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 04:16 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl - (Microsoft Corporation [Ver = 5.1.4111.00 (xpsp_sp2_rtm.040803-2158) | Size = 155648 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/04/2004 13:00 | Attr = ]) C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 04:16 | Attr = ]) Auto-Start Folders HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Date = 08/06/2002 14:37 | Attr = ]) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 09/28/2006 21:06 | Attr = HS]) HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\nikki\Start Menu\Programs\Startup C:\Documents and Settings\nikki\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 09/28/2006 21:06 | Attr = HS]) HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup Miscellaneous Auto-Start Files System.ini->[Boot]\\Shell - Explorer.exe Config.nt: Line 1 - REM Windows MS-DOS Startup File Config.nt: Line 2 - REM Config.nt: Line 3 - REM CONFIG.SYS vs CONFIG.NT Config.nt: Line 4 - REM CONFIG.SYS is not used to initialize the MS-DOS environment. Config.nt: Line 5 - REM CONFIG.NT is used to initialize the MS-DOS environment unless a Config.nt: Line 6 - REM different startup file is specified in an application's PIF. Config.nt: Line 7 - REM Config.nt: Line 8 - REM ECHOCONFIG Config.nt: Line 9 - REM By default, no information is displayed when the MS-DOS environment Config.nt: Line 10 - REM is initialized. To display CONFIG.NT/AUTOEXEC.NT information, add Config.nt: Line 11 - REM the command echoconfig to CONFIG.NT or other startup file. Config.nt: Line 12 - REM Config.nt: Line 13 - REM NTCMDPROMPT Config.nt: Line 14 - REM When you return to the command prompt from a TSR or while running an Config.nt: Line 15 - REM MS-DOS-based application, Windows runs COMMAND.COM. This allows the Config.nt: Line 16 - REM TSR to remain active. To run CMD.EXE, the Windows command prompt, Config.nt: Line 17 - REM rather than COMMAND.COM, add the command ntcmdprompt to CONFIG.NT or Config.nt: Line 18 - REM other startup file. Config.nt: Line 19 - REM Config.nt: Line 20 - REM DOSONLY Config.nt: Line 21 - REM By default, you can start any type of application when running Config.nt: Line 22 - REM COMMAND.COM. If you start an application other than an MS-DOS-based Config.nt: Line 23 - REM application, any running TSR may be disrupted. To ensure that only Config.nt: Line 24 - REM MS-DOS-based applications can be started, add the command dosonly to Config.nt: Line 25 - REM CONFIG.NT or other startup file. Config.nt: Line 26 - REM Config.nt: Line 27 - REM EMM Config.nt: Line 28 - REM You can use EMM command line to configure EMM(Expanded Memory Manager). Config.nt: Line 29 - REM The syntax is: Config.nt: Line 30 - REM Config.nt: Line 31 - REM EMM = [A=AltRegSets] [B=BaseSegment] [RAM] Config.nt: Line 32 - REM Config.nt: Line 33 - REM AltRegSets Config.nt: Line 34 - REM specifies the total Alternative Mapping Register Sets you Config.nt: Line 35 - REM want the system to support. 1 <= AltRegSets <= 255. The Config.nt: Line 36 - REM default value is 8. Config.nt: Line 37 - REM BaseSegment Config.nt: Line 38 - REM specifies the starting segment address in the Dos conventional Config.nt: Line 39 - REM memory you want the system to allocate for EMM page frames. Config.nt: Line 40 - REM The value must be given in Hexdecimal. Config.nt: Line 41 - REM 0x1000 <= BaseSegment <= 0x4000. The value is rounded down to Config.nt: Line 42 - REM 16KB boundary. The default value is 0x4000 Config.nt: Line 43 - REM RAM Config.nt: Line 44 - REM specifies that the system should only allocate 64Kb address Config.nt: Line 45 - REM space from the Upper Memory Block(UMB) area for EMM page frames Config.nt: Line 46 - REM and leave the rests(if available) to be used by DOS to support Config.nt: Line 47 - REM loadhigh and devicehigh commands. The system, by default, would Config.nt: Line 48 - REM allocate all possible and available UMB for page frames. Config.nt: Line 49 - REM Config.nt: Line 50 - REM The EMM size is determined by pif file(either the one associated Config.nt: Line 51 - REM with your application or _default.pif). If the size from PIF file Config.nt: Line 52 - REM is zero, EMM will be disabled and the EMM line will be ignored. Config.nt: Line 53 - REM Config.nt: Line 54 - dos=high, umb Config.nt: Line 55 - device=%SystemRoot%\system32\himem.sys Config.nt: Line 56 - files=40 AutoExec.nt: Line 1 - @echo off AutoExec.nt: Line 3 - REM AUTOEXEC.BAT is not used to initialize the MS-DOS environment. AutoExec.nt: Line 4 - REM AUTOEXEC.NT is used to initialize the MS-DOS environment unless a AutoExec.nt: Line 5 - REM different startup file is specified in an application's PIF. AutoExec.nt: Line 7 - REM Install CD ROM extensions AutoExec.nt: Line 8 - lh %SystemRoot%\system32\mscdexnt.exe AutoExec.nt: Line 10 - REM Install network redirector (load before dosx.exe) AutoExec.nt: Line 11 - lh %SystemRoot%\system32\redir AutoExec.nt: Line 13 - REM Install DPMI support AutoExec.nt: Line 14 - lh %SystemRoot%\system32\dosx AutoExec.nt: Line 16 - REM The following line enables Sound Blaster 2.0 support on NTVDM. AutoExec.nt: Line 17 - REM The command for setting the BLASTER environment is as follows: AutoExec.nt: Line 18 - REM SET BLASTER=A220 I5 D1 P330 AutoExec.nt: Line 19 - REM where: AutoExec.nt: Line 20 - REM A specifies the sound blaster's base I/O port AutoExec.nt: Line 21 - REM I specifies the interrupt request line AutoExec.nt: Line 22 - REM D specifies the 8-bit DMA channel AutoExec.nt: Line 23 - REM P specifies the MPU-401 base I/O port AutoExec.nt: Line 24 - REM T specifies the type of sound blaster card AutoExec.nt: Line 25 - REM 1 - Sound Blaster 1.5 AutoExec.nt: Line 26 - REM 2 - Sound Blaster Pro I AutoExec.nt: Line 27 - REM 3 - Sound Blaster 2.0 AutoExec.nt: Line 28 - REM 4 - Sound Blaster Pro II AutoExec.nt: Line 29 - REM 6 - SOund Blaster 16/AWE 32/32/64 AutoExec.nt: Line 30 - REM AutoExec.nt: Line 31 - REM The default value is A220 I5 D1 T3 and P330. If any of the switches is AutoExec.nt: Line 32 - REM left unspecified, the default value will be used. (NOTE, since all the AutoExec.nt: Line 33 - REM ports are virtualized, the information provided here does not have to AutoExec.nt: Line 34 - REM match the real hardware setting.) NTVDM supports Sound Blaster 2.0 only. AutoExec.nt: Line 35 - REM The T switch must be set to 3, if specified. AutoExec.nt: Line 36 - SET BLASTER=A220 I5 D1 P330 T3 AutoExec.nt: Line 38 - REM To disable the sound blaster 2.0 support on NTVDM, specify an invalid AutoExec.nt: Line 39 - REM SB base I/O port address. For example: AutoExec.nt: Line 40 - REM SET BLASTER=A0 Miscellaneous Folders AllUsers ApplicationData Folder C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 09/28/2006 21:48 | Attr = HS]) CurrentUser ApplicationData Folder C:\Documents and Settings\nikki\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 09/28/2006 21:48 | Attr = HS]) Program Files Folder Common Files Folder DPF files {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab Hosts file = 734 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts # Copyright (c) 1993-1999 Microsoft Corp. - # - # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. - # - # This file contains the mappings of IP addresses to host names. Each - # entry should be kept on an individual line. The IP address should - # be placed in the first column followed by the corresponding host name. - # The IP address and the host name should be separated by at least one - # space. - # - # Additionally, comments (such as these) may be inserted on individual - # lines or following the machine name denoted by a '#' symbol. - # - # For example: - # - # 102.54.94.97 rhino.acme.com # source server - # 38.25.63.10 x.acme.com # x client host - - 127.0.0.1 localhost - < Add On's > >>>>Output for AddOn file HKLM_IE_Main.def<<<< KEY - HKLM\software\microsoft\internet explorer\main - No SUBKEYS HKLM\software\microsoft\internet explorer\main - main\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch main\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch main\\Enable_Disk_Cache - yes main\\Cache_Percent_of_Disk - 0A 00 00 00 main\\Delete_Temp_Files_On_Exit - yes main\\Local Page - C:\windows\system32\blank.htm main\\Anchor_Visitation_Horizon - 01 00 00 00 main\\Use_Async_DNS - yes main\\Placeholder_Width - 1A 00 00 00 main\\Placeholder_Height - 1A 00 00 00 main\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home main\\CompanyName - Microsoft Corporation main\\Custom_Key - MICROSO main\\Wizard_Version - 6.0.2600.0000 main\\FullScreen - no main\ErrorThresholds - main\FeatureControl - main\UrlTemplate - < End of report >
Go here and download CWShredder. Open cwshredder.exe Click "Fix->". What, if anything, did it find anything?
