PDA

View Full Version : Virus?Trojan?Spyware?Help!


laralives
26-08-08, 23:50
http://i35.************/30w2u6s.jpg

Hope it's self-explanatory. I got this as my wallpaper but it won't change.
Should I be worried?

Please help!

Titanium
27-08-08, 01:02
Yes, it appears a rogue anti-virus product is trying to trick you into thinking you have them viruses.

Best thing to do would be to download Ad-Aware 2008 (www.lavasoft.com) and Spybot Search and Destroy (www.safer-networking.org). Update them both and do a full scan and delete what it finds.

Once you've done that, do a scan with ardiag (http://www.tombraiderhub.com/download/ardiag.exe) which will help out the main tech support people.

spikejones
27-08-08, 02:35
and it is best to do those while running in SAFE MODE.
also run a virus scan with AVG or Avira (http://www.free-av.com)

and it looks like you must have the messenger service running. I would recommend turning that service OFF. start -> run (or search box) -> services.msc

look for the service called Microsoft (or Windows) Messenger and disable it completely.

laralives
02-09-08, 14:12
Yes, it appears a rogue anti-virus product is trying to trick you into thinking you have them viruses.

Best thing to do would be to download Ad-Aware 2008 (http://www.lavasoft.com) and Spybot Search and Destroy (http://www.safer-networking.org). Update them both and do a full scan and delete what it finds.

Once you've done that, do a scan with ardiag (http://www.tombraiderhub.com/download/ardiag.exe) which will help out the main tech support people.
I did this...;)

Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
Entry name:
stera
Program path & name:
File not found: stera"
Enabled: [V]


Program:
N/A
Publisher:
"(Verified) Lavasoft AB"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
Entry name:
lsdelete
Program path & name:
"c:\windows\system32\lsdelete.exe"
Enabled: [V]


Program:
"Ad-Aware service"
Publisher:
"(Verified) Lavasoft AB"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
aawservice
Program path & name:
"c:\program files\lavasoft\ad-aware\aawservice.exe"
Enabled: [V]


Program:
"Provides the interface to Apple mobile devices."
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Apple Mobile Device
Program path & name:
"c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
Enabled: [V]


Program:
"Anchor service for Autodesk products licensed with SafeCast"
Publisher:
"(Not verified) Autodesk"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Autodesk Licensing Service
Program path & name:
"c:\program files\common files\autodesk shared\service\adskscsrv.exe"
Enabled: [V]


Program:
"AVG Alert Manager"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Avg7Alrt
Program path & name:
"c:\program files\grisoft\avg free\avgamsvr.exe"
Enabled: [V]


Program:
"AVG Update Service"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Avg7UpdSvc
Program path & name:
"c:\program files\grisoft\avg free\avgupsvc.exe"
Enabled: [V]


Program:
"AVG E-Mail Scanner"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AVGEMS
Program path & name:
"c:\program files\grisoft\avg free\avgemc.exe"
Enabled: [V]


Program:
"##Id_String2.6844F930_1628_4223_B5CC_5BB94B879762# #"
Publisher:
"(Not verified) Apple Computer Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Bonjour Service
Program path & name:
"c:\program files\bonjour\mdnsresponder.exe"
Enabled: [V]


Program:
"Handles installation and removal of Bluetooth devices."
Publisher:
"(Not verified) Broadcom Corporation."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
btwdins
Program path & name:
"c:\program files\widcomm\bluetooth software\bin\btwdins.exe"
Enabled: [V]


Program:
"mental ray 3.4 Satellite"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
mi-raysat_3dsmax8
Program path & name:
c:\program files\autodesk\3dsmax8\mentalray\satellite\raysat_ 3dsmax8server.exe"
Enabled: [V]


Program:
"Enables network access to local burners via iSCSI protocol."
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
StarWindServiceAE
Program path & name:
File not found: H:\Alcohol 120\StarWind\StarWindServiceAE.exe"
Enabled: [V]


Program:
"Ensures Viewpoint 3D and Rich Media Technologies are up to date"
Publisher:
"(Not verified) Viewpoint Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Viewpoint Manager Service
Program path & name:
"c:\program files\viewpoint\common\viewpointservice.exe"
Enabled: [V]


Program:
"Monitors internet traffic and generates alerts for disallowed access."
Publisher:
"(Verified) Check Point Software Technologies Ltd."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
vsmon
Program path & name:
"c:\windows\system32\zonelabs\vsmon.exe"
Enabled: [V]


Program:
"TightVNC Win32 Server"
Publisher:
"(Not verified) TightVNC Group"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
winvnc
Program path & name:
"c:\program files\tightvnc\winvnc.exe"
Enabled: [V]


Program:
"AVG Scanning Engine"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Avg7Core
Program path & name:
"c:\windows\system32\drivers\avg7core.sys"
Enabled: [V]


Program:
"AVG Resident Shield Unload Helper"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Avg7RsW
Program path & name:
"c:\windows\system32\drivers\avg7rsw.sys"
Enabled: [V]


Program:
"AVG Resident Anti-Virus Shield"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Avg7RsXP
Program path & name:
"c:\windows\system32\drivers\avg7rsxp.sys"
Enabled: [V]


Program:
"AVG7 Clean Driver"
Publisher:
"(Verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgClean
Program path & name:
"c:\windows\system32\drivers\avgclean.sys"
Enabled: [V]


Program:
"AVG Network connection watcher"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgTdi
Program path & name:
"c:\windows\system32\drivers\avgtdi.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BT
Program path & name:
File not found: system32\DRIVERS\btnetdrv.sys"
Enabled: [V]


Program:
"Bluetooth Audio Device"
Publisher:
"(Not verified) Broadcom Corporation."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
btaudio
Program path & name:
"c:\windows\system32\drivers\btaudio.sys"
Enabled: [V]


Program:
"Bluetooth BTPORT Driver for Windows 2000"
Publisher:
"(Not verified) Broadcom Corporation."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTDriver
Program path & name:
"c:\windows\system32\drivers\btport.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTHidEnum
Program path & name:
File not found: System32\Drivers\vbtenum.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTHidMgr
Program path & name:
File not found: System32\Drivers\BTHidMgr.sys"
Enabled: [V]


Program:
"Bluetooth Bus Enumerator"
Publisher:
"(Not verified) Broadcom Corporation."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTKRNL
Program path & name:
"c:\windows\system32\drivers\btkrnl.sys"
Enabled: [V]


Program:
"Bluetooth Serial Driver for Windows 2000"
Publisher:
"(Not verified) Broadcom Corporation."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTSERIAL
Program path & name:
"c:\windows\system32\drivers\btserial.sys"
Enabled: [V]


Program:
"Bluetooth Serial Driver for Windows 2000"
Publisher:
"(Not verified) Broadcom Corporation."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTSLBCSP
Program path & name:
"c:\windows\system32\drivers\btslbcsp.sys"
Enabled: [V]


Program:
"Bluetooth LAN Access Server Driver"
Publisher:
"(Not verified) Broadcom Corporation."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTWDNDIS
Program path & name:
"c:\windows\system32\drivers\btwdndis.sys"
Enabled: [V]


Program:
"Bluetooth Virtual HID Minidriver"
Publisher:
"(Not verified) Broadcom Corporation."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
btwhid
Program path & name:
"c:\windows\system32\drivers\btwhid.sys"
Enabled: [V]


Program:
"Driver for Bluetooth USB Devices"
Publisher:
"(Not verified) Broadcom Corporation."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTWUSB
Program path & name:
"c:\windows\system32\drivers\btwusb.sys"
Enabled: [V]


Program:
"Device Driver"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
drvmcdb
Program path & name:
"c:\windows\system32\drivers\drvmcdb.sys"
Enabled: [V]


Program:
"CD/DVD Class Filter Driver"
Publisher:
"(Verified) GEAR Software Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
GEARAspiWDM
Program path & name:
"c:\windows\system32\drivers\gearaspiwdm.sys"
Enabled: [V]


Program:
"Padus(R) ASPI Shell"
Publisher:
"(Not verified) Padus Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
pfc
Program path & name:
"c:\windows\system32\drivers\pfc.sys"
Enabled: [V]


Program:
"Px Engine Device Driver for Windows 2000/XP"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PxHelp20
Program path & name:
"c:\windows\system32\drivers\pxhelp20.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SABProcEnum
Program path & name:
File not found: C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
slabbus
Program path & name:
File not found: system32\DRIVERS\slabbus.sys"
Enabled: [V]


Program:
"USB Data Cable Drivers"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
slabser
Program path & name:
File not found: system32\DRIVERS\slabser.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sptd
Program path & name:
c:\windows\system32\drivers\sptd.sys"
Enabled: [V]


Program:
"srescan"
Publisher:
"(Verified) Check Point Software Technologies Ltd."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
srescan
Program path & name:
"c:\windows\system32\zonelabs\srescan.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VComm
Program path & name:
File not found: system32\DRIVERS\VComm.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VcommMgr
Program path & name:
File not found: System32\Drivers\VcommMgr.sys"
Enabled: [V]


Program:
"Ultravnc Mirror Driver"
Publisher:
"(Not verified) RDV Soft"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
vncdrv
Program path & name:
"c:\windows\system32\drivers\vncdrv.sys"
Enabled: [V]


Program:
"TrueVector Device Driver"
Publisher:
"(Verified) Check Point Software Technologies Ltd."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
vsdatant
Program path & name:
"c:\windows\system32\vsdatant.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
wanatw
Program path & name:
File not found: system32\DRIVERS\wanatw4.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
XTrapD12
Program path & name:
File not found: C:\WINDOWS\system32\XTrapD12.sys"
Enabled: [V]


Program:
"Windows Logon UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
Entry name:
logonui.exe
Program path & name:
"c:\windows\system32\logonui.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Control Panel\Desktop\Scrnsave.exe
Entry name:
C:\WINDOWS\system32\blphcvtmj0e5a7.scr
Program path & name:
File not found: C:\WINDOWS\system32\blphcvtmj0e5a7.scr"
Enabled: [V]


Program:
"bthcrp DLL"
Publisher:
"(Not verified) Broadcom Corporation."
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
Bluetooth Printer Port
Program path & name:
"c:\windows\system32\bthcrp.dll"
Enabled: [V]


Program:
"Standard TCP/IP Port Monitor DLL"
Publisher:
"(Not verified) Hewlett Packard"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
HP Standard TCP/IP Port
Program path & name:
"c:\windows\system32\hptcpmon.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
PrimoMon
Program path & name:
c:\windows\system32\primomonnt.dll"
Enabled: [V]


Program:
"Internet Shortcut Shell Extension DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
Entry name:
url
Program path & name:
"c:\windows\system32\url.dll"
Enabled: [V]


Program:
"ZoneAlarm Client"
Publisher:
"(Verified) Check Point Software Technologies Ltd."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ZoneAlarm Client
Program path & name:
"c:\program files\zone labs\zonealarm\zlclient.exe"
Enabled: [V]


Program:
"AVG Control Center"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AVG7_CC
Program path & name:
"c:\program files\grisoft\avg free\avgcc.exe"
Enabled: [V]


Program:
"Hewlett-Packard Product Assistant"
Publisher:
"(Not verified) Hewlett-Packard Development Company L.P."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HP Software Update
Program path & name:
"c:\program files\hp\hp software update\hpwuschd2.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
"iTunesHelper Module"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iTunesHelper
Program path & name:
"c:\program files\itunes\ituneshelper.exe"
Enabled: [V]


Program:
"TightVNC Win32 Server"
Publisher:
"(Not verified) TightVNC Group"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
WinVNC
Program path & name:
"c:\program files\tightvnc\winvnc.exe"
Enabled: [V]


Program:
"RealNetworks Scheduler"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
TkBellExe
Program path & name:
"c:\program files\common files\real\update_ob\realsched.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
lphcvtmj0e5a7
Program path & name:
File not found: C:\WINDOWS\system32\lphcvtmj0e5a7.exe"
Enabled: [V]


Program:
"Microsoft SharePoint Portal Server Object Model"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
cdo
Program path & name:
"c:\program files\common files\microsoft shared\web folders\pkmcdo.dll"
Enabled: [V]


Program:
"Skype for COM API"
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
skype4com
Program path & name:
"c:\program files\common files\skype\skype4com.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
n/a
Program path & name:
File not found: C:\WINDOWS\system32\cdrxoqm.exe"
Enabled: [V]


Program:
"IE Per User Active Setup Uninstall Utility"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
IE7 Uninstall Stub
Program path & name:
"c:\windows\system32\ieudinit.exe"
Enabled: [V]


Program:
"Adobe Gamma Loader"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Adobe Gamma Loader.lnk
Program path & name:
"c:\program files\common files\adobe\calibration\adobe gamma loader.exe"
Enabled: [V]


Program:
"Adobe Acrobat SpeedLauncher"
Publisher:
"(Not verified) Adobe Systems Incorporated"
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Adobe Reader Speed Launch.lnk
Program path & name:
"c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe"
Enabled: [V]


Program:
"Bluetooth Tray Application"
Publisher:
"(Not verified) Broadcom Corporation."
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Bluetooth.lnk
Program path & name:
"c:\program files\widcomm\bluetooth software\bttray.exe"
Enabled: [V]


Program:
"HP Digital Imaging Monitor"
Publisher:
"(Verified) Hewlett-Packard Company"
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
HP Digital Imaging Monitor.lnk
Program path & name:
"c:\program files\hp\digital imaging\bin\hpqtra08.exe"
Enabled: [V]


Program:
"Adobe Gamma Loader"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
C:\Documents and Settings\Adrian Estrada\Start Menu\Programs\Startup
Entry name:
Adobe Gamma.lnk
Program path & name:
"c:\program files\common files\adobe\calibration\adobe gamma loader.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
C:\Documents and Settings\Adrian Estrada\Start Menu\Programs\Startup
Entry name:
RocketDock.lnk
Program path & name:
c:\windows\bricopacks\vista inspirat 2\rocketdock\rocketdock.exe"
Enabled: [V]


Program:
"TransBar"
Publisher:
"(Not verified) AKSoftware"
Entry path:
C:\Documents and Settings\Adrian Estrada\Start Menu\Programs\Startup
Entry name:
TransBar.lnk
Program path & name:
"c:\windows\bricopacks\vista inspirat 2\transbar\transbar.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
C:\Documents and Settings\Adrian Estrada\Start Menu\Programs\Startup
Entry name:
UberIcon.lnk
Program path & name:
c:\windows\bricopacks\vista inspirat 2\ubericon\ubericon manager.exe"
Enabled: [V]


Program:
"Attach drop shadow to windows."
Publisher:
"(Not verified) Y'z@Home"
Entry path:
C:\Documents and Settings\Adrian Estrada\Start Menu\Programs\Startup
Entry name:
Y'z Shadow.lnk
Program path & name:
"c:\windows\bricopacks\vista inspirat 2\yzshadow\yzshadow.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler
Entry name:
draughtsmanship
Program path & name:
File not found: C:\WINDOWS\system32\rnxwph.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
WebCheck
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Systray shell service object"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
SysTray
Program path & name:
"c:\windows\system32\stobject.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
Entry name:
petames.exe
Program path & name:
File not found: C:\WINDOWS\system\petames.exe"
Enabled: [V]


Program:
"AIM"
Publisher:
"(Verified) AOL LLC"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Aim6
Program path & name:
"c:\program files\aim6\aim6.exe"
Enabled: [V]


Program:
"Veoh Client"
Publisher:
"(Not verified) Veoh Networks"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Veoh
Program path & name:
"c:\program files\veoh networks\veoh\veohclient.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
VoipCheapCom
Program path & name:
File not found: C:\Program Files\VoipCheapCom\VoipCheapCom.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
MyPasswordGenerator
Program path & name:
File not found: C:\Program Files\MyPasswordGenerator\password.exe"
Enabled: [V]


Program:
"Skype. Take a deep breath "
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Skype
Program path & name:
"c:\program files\skype\phone\skype.exe"
Enabled: [V]


Program:
"System settings protector"
Publisher:
"(Verified) Safer Networking Ltd."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
SpybotSD TeaTimer
Program path & name:
"c:\program files\spybot - search & destroy\teatimer.exe"
Enabled: [V]


Program:
"Apple Software Update"
Publisher:
"(Verified) Apple Inc."
Entry path:
Task Scheduler
Entry name:
AppleSoftwareUpdate.job
Program path & name:
"c:\program files\apple software update\softwareupdate.exe"
Enabled: [V]


Program:
"Adobe Acrobat IE Helper Version 7.0 for ActiveX"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Reader Link Helper
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll"
Enabled: [V]


Program:
"Skype add-on for IE"
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Skype add-on (mastermind)
Program path & name:
"c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
Enabled: [V]


Program:
"RealPlayer Download and Record Plugin for Internet Explorer"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
RealPlayer Download and Record Plugin for Internet Explorer
Program path & name:
"c:\program files\real\realplayer\rpbrowserrecordplugin.dll"
Enabled: [V]


Program:
"SBSD IE Protection"
Publisher:
"(Verified) Safer Networking Ltd."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Spybot-S&D IE Protection
Program path & name:
"c:\program files\spybot - search & destroy\sdhelper.dll"
Enabled: [V]


Program:
"Java(TM) 2 Platform Standard Edition binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.5.0_10\bin\ssv.dll"
Enabled: [V]


Program:
"Control Panel Drivers Applet"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Multimedia File Property Sheet
Program path & name:
"c:\windows\system32\mmsys.cpl"
Enabled: [V]


Program:
"Shell extensions for sharing"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell extensions for sharing
Program path & name:
"c:\windows\system32\ntshrui.dll"
Enabled: [V]


Program:
"Windows Theme API"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
PlusPack CPL Extension
Program path & name:
"c:\windows\system32\themeui.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]


Program:
"Print UI DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Web Printer Shell Extension
Program path & name:
"c:\windows\system32\printui.dll"
Enabled: [V]


Program:
"Windows Font Folder"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Fonts
Program path & name:
"c:\windows\system32\fontext.dll"
Enabled: [V]


Program:
"Shell extensions for sharing"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell extensions for sharing
Program path & name:
"c:\windows\system32\ntshrui.dll"
Enabled: [V]


Program:
"Network Connections Shell"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Network Connections
Program path & name:
"c:\windows\system32\netshell.dll"
Enabled: [V]


Program:
"Network Connections Shell"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Network Connections
Program path & name:
"c:\windows\system32\netshell.dll"
Enabled: [V]


Program:
"Imaging Devices Shell Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Scanners & Cameras
Program path & name:
"c:\windows\system32\wiashext.dll"
Enabled: [V]


Program:
"Imaging Devices Shell Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Scanners & Cameras
Program path & name:
"c:\windows\system32\wiashext.dll"
Enabled: [V]


Program:
"Imaging Devices Shell Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Scanners & Cameras
Program path & name:
"c:\windows\system32\wiashext.dll"
Enabled: [V]


Program:
"Imaging Devices Shell Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Scanners & Cameras
Program path & name:
"c:\windows\system32\wiashext.dll"
Enabled: [V]


Program:
"Imaging Devices Shell Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Scanners & Cameras
Program path & name:
"c:\windows\system32\wiashext.dll"
Enabled: [V]


Program:
"Task Scheduler interface DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Tasks Folder Icon Handler
Program path & name:
"c:\windows\system32\mstask.dll"
Enabled: [V]


Program:
"Task Scheduler interface DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Tasks Folder Shell Extension
Program path & name:
"c:\windows\system32\mstask.dll"
Enabled: [V]


Program:
"Task Scheduler interface DLL"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Scheduled Tasks
Program path & name:
"c:\windows\system32\mstask.dll"
Enabled: [V]


Program:
"Object Control Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ActiveX Cache Folder
Program path & name:
"c:\windows\system32\occache.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WebCheck
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Subscription Mgr
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Subscription Folder
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WebCheckWebCrawler
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WebCheckChannelAgent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
TrayAgent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Code Download Agent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ConnectionAgent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
PostAgent
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Web Site Monitor"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WebCheck SyncMgr Handler
Program path & name:
"c:\windows\system32\webcheck.dll"
Enabled: [V]


Program:
"Shell Application Manager"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Application Manager
Program path & name:
"c:\windows\system32\appwiz.cpl"
Enabled: [V]


Program:
"Shell Application Manager"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Installed Apps Enumerator
Program path & name:
"c:\windows\system32\appwiz.cpl"
Enabled: [V]


Program:
"Shell Application Manager"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Darwin App Publisher
Program path & name:
"c:\windows\system32\appwiz.cpl"
Enabled: [V]


Program:
"Windows Picture and Fax Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Image Verbs
Program path & name:
"c:\windows\system32\shimgvw.dll"
Enabled: [V]


Program:
"Windows Picture and Fax Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Image Data Factory
Program path & name:
"c:\windows\system32\shimgvw.dll"
Enabled: [V]


Program:
"Windows Picture and Fax Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
GDI+ file thumbnail extractor
Program path & name:
"c:\windows\system32\shimgvw.dll"
Enabled: [V]


Program:
"Windows Picture and Fax Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Summary Info Thumbnail handler (DOCFILES)
Program path & name:
"c:\windows\system32\shimgvw.dll"
Enabled: [V]


Program:
"Windows Picture and Fax Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
HTML Thumbnail Extractor
Program path & name:
"c:\windows\system32\shimgvw.dll"
Enabled: [V]


Program:
"Windows Picture and Fax Viewer"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Image Property Handler
Program path & name:
"c:\windows\system32\shimgvw.dll"
Enabled: [V]


Program:
"Compressed (zipped) Folders"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Compressed (zipped) Folder
Program path & name:
"c:\windows\system32\zipfldr.dll"
Enabled: [V]


Program:
"Compressed (zipped) Folders"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Compressed (zipped) Folder Right Drag Handler
Program path & name:
"c:\windows\system32\zipfldr.dll"
Enabled: [V]


Program:
"Compressed (zipped) Folders"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Compressed (zipped) Folder SendTo Target
Program path & name:
"c:\windows\system32\zipfldr.dll"
Enabled: [V]


Program:
"My Documents Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
MyDocs Copy Hook
Program path & name:
"c:\windows\system32\mydocs.dll"
Enabled: [V]


Program:
"My Documents Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
MyDocs Drop Target
Program path & name:
"c:\windows\system32\mydocs.dll"
Enabled: [V]


Program:
"My Documents Folder UI"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
MyDocs Properties
Program path & name:
"c:\windows\system32\mydocs.dll"
Enabled: [V]


Program:
"Cabinet File Viewer Shell Extension"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
.CAB file viewer
Program path & name:
"c:\windows\system32\cabview.dll"
Enabled: [V]


Program:
"Shell Extensions"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
RecordNow! SendToExt
Program path & name:
c:\program files\sonic\recordnow!\shlext.dll"
Enabled: [V]


Program:
"Drive Letter Access Component"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
DriveLetterAccess
Program path & name:
"c:\windows\system32\dla\tfswshx.dll"
Enabled: [V]


Program:
"RealPlayer Shell Extensions"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Extensions for RealOne Player
Program path & name:
"c:\program files\real\realplayer\rpshell.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
DLKQUOUI.DLL
Program path & name:
File not found: C:\WINDOWS\system32\DLKQUOUI.DLL"
Enabled: [V]


Program:
"WinZip Shell Extension DLL"
Publisher:
"(Not verified) WinZip Computing Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinZip
Program path & name:
"c:\program files\winzip\wzshlstb.dll"
Enabled: [V]


Program:
"WinZip Shell Extension DLL"
Publisher:
"(Not verified) WinZip Computing Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinZip
Program path & name:
"c:\program files\winzip\wzshlstb.dll"
Enabled: [V]


Program:
"WinZip Shell Extension DLL"
Publisher:
"(Not verified) WinZip Computing Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinZip
Program path & name:
"c:\program files\winzip\wzshlstb.dll"
Enabled: [V]


Program:
"WinZip Shell Extension DLL"
Publisher:
"(Not verified) WinZip Computing Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinZip
Program path & name:
"c:\program files\winzip\wzshlstb.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
"Windows XP PowerToys"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
PhotoToys
Program path & name:
"c:\windows\system32\phototoys.dll"
Enabled: [V]


Program:
"Microsoft Web Folders"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Web Folders
Program path & name:
"c:\program files\common files\microsoft shared\web folders\msonsext.dll"
Enabled: [V]


Program:
"AcThumbnail Module"
Publisher:
"(Verified) Autodesk Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Autodesk DWF Preview
Program path & name:
"c:\program files\common files\autodesk shared\acdwfthmbprxy16.dll"
Enabled: [V]


Program:
"zlavscan shell extension"
Publisher:
"(Verified) Check Point Software Technologies Ltd."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Multiscan
Program path & name:
"c:\program files\zone labs\zonealarm\zlavscan.dll"
Enabled: [V]


Program:
"AVG Shell Extension"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
AVG7 Shell Extension
Program path & name:
"c:\program files\grisoft\avg free\avgse.dll"
Enabled: [V]


Program:
"AVG Shell Extension"
Publisher:
"(Not verified) GRISOFT s.r.o."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
AVG7 Find Extension
Program path & name:
"c:\program files\grisoft\avg free\avgse.dll"
Enabled: [V]


Program:
"CMenuExtender"
Publisher:
"(Not verified) Revenger inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
CMenuExtender
Program path & name:
"c:\windows\bricopacks\vista inspirat 2\icolorfolder\cmext.dll"
Enabled: [V]


Program:
"BTNeighborhood DLL"
Publisher:
"(Not verified) Broadcom Corporation."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
My Bluetooth Places
Program path & name:
"c:\windows\system32\btneighborhood.dll"
Enabled: [V]


Program:
"iTunes Mini Player DLL"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iTunes
Program path & name:
"c:\program files\itunes\itunesminiplayer.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll"
Enabled: [V]


Program:
"Toolbar Module"
Publisher:
"(Verified) NetZero Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
toolbar.dll
Program path & name:
"c:\program files\netzero\toolbar.dll"
Enabled: [V]


Program:
enabled
Publisher:
""
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
@btrez.dll
Program path & name:
"c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
MUSICMATCH MX Web Player
Program path & name:
File not found: http://wwws.musicmatch.com/mmz/openWebRadio.html"
Enabled: [V]


Program:
"Windows Messenger"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
Windows Messenger
Program path & name:
"c:\program files\messenger\msmsgs.exe"
Enabled: [V]

EscondeR
02-09-08, 16:47
Download and run Autoruns (http://technet.microsoft.com/ru-ru/sysinternals/bb963902(en-us).aspx) and kill the following entries:


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
Entry name:
stera
Program path & name:
File not found: stera"
Enabled: [V]


Program:
"mental ray 3.4 Satellite"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
mi-raysat_3dsmax8
Program path & name:
c:\program files\autodesk\3dsmax8\mentalray\satellite\raysat_ 3dsmax8server.exe"
Enabled: [V]


Program:
"Enables network access to local burners via iSCSI protocol."
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
StarWindServiceAE
Program path & name:
File not found: H:\Alcohol 120\StarWind\StarWindServiceAE.exe"
Enabled: [V]


Program:
"TightVNC Win32 Server"
Publisher:
"(Not verified) TightVNC Group"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
winvnc
Program path & name:
"c:\program files\tightvnc\winvnc.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BT
Program path & name:
File not found: system32\DRIVERS\btnetdrv.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTHidEnum
Program path & name:
File not found: System32\Drivers\vbtenum.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTHidMgr
Program path & name:
File not found: System32\Drivers\BTHidMgr.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SABProcEnum
Program path & name:
File not found: C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
slabbus
Program path & name:
File not found: system32\DRIVERS\slabbus.sys"
Enabled: [V]


Program:
"USB Data Cable Drivers"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
slabser
Program path & name:
File not found: system32\DRIVERS\slabser.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VComm
Program path & name:
File not found: system32\DRIVERS\VComm.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VcommMgr
Program path & name:
File not found: System32\Drivers\VcommMgr.sys"
Enabled: [V]


Program:
"Ultravnc Mirror Driver"
Publisher:
"(Not verified) RDV Soft"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
vncdrv
Program path & name:
"c:\windows\system32\drivers\vncdrv.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
wanatw
Program path & name:
File not found: system32\DRIVERS\wanatw4.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
XTrapD12
Program path & name:
File not found: C:\WINDOWS\system32\XTrapD12.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Control Panel\Desktop\Scrnsave.exe
Entry name:
C:\WINDOWS\system32\blphcvtmj0e5a7.scr
Program path & name:
File not found: C:\WINDOWS\system32\blphcvtmj0e5a7.scr"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
PrimoMon
Program path & name:
c:\windows\system32\primomonnt.dll"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
"TightVNC Win32 Server"
Publisher:
"(Not verified) TightVNC Group"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
WinVNC
Program path & name:
"c:\program files\tightvnc\winvnc.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
lphcvtmj0e5a7
Program path & name:
File not found: C:\WINDOWS\system32\lphcvtmj0e5a7.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
n/a
Program path & name:
File not found: C:\WINDOWS\system32\cdrxoqm.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler
Entry name:
draughtsmanship
Program path & name:
File not found: C:\WINDOWS\system32\rnxwph.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
Entry name:
petames.exe
Program path & name:
File not found: C:\WINDOWS\system\petames.exe"
Enabled: [V]


Program:
"Veoh Client"
Publisher:
"(Not verified) Veoh Networks"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Veoh
Program path & name:
"c:\program files\veoh networks\veoh\veohclient.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
VoipCheapCom
Program path & name:
File not found: C:\Program Files\VoipCheapCom\VoipCheapCom.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
MyPasswordGenerator
Program path & name:
File not found: C:\Program Files\MyPasswordGenerator\password.exe"
Enabled: [V]


Program:
"Apple Software Update"
Publisher:
"(Verified) Apple Inc."
Entry path:
Task Scheduler
Entry name:
AppleSoftwareUpdate.job
Program path & name:
"c:\program files\apple software update\softwareupdate.exe"
Enabled: [V]


Program:
"Shell Extensions"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
RecordNow! SendToExt
Program path & name:
c:\program files\sonic\recordnow!\shlext.dll"
Enabled: [V]


Program:
"Drive Letter Access Component"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
DriveLetterAccess
Program path & name:
"c:\windows\system32\dla\tfswshx.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
DLKQUOUI.DLL
Program path & name:
File not found: C:\WINDOWS\system32\DLKQUOUI.DLL"
Enabled: [V]


Program:
"Toolbar Module"
Publisher:
"(Verified) NetZero Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
toolbar.dll
Program path & name:
"c:\program files\netzero\toolbar.dll"
Enabled: [V]


Program:
enabled
Publisher:
""
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
@btrez.dll
Program path & name:
"c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
Enabled: [ ]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
MUSICMATCH MX Web Player
Program path & name:
File not found: http://wwws.musicmatch.com/mmz/openWebRadio.html"
Enabled: [V]

Reboot.
And change your walpaper to something more suitable :)

laralives
03-09-08, 00:59
Awesome! Thank You ALL very much!

:gki:

:wve: