Page 3 of 16 FirstFirst 123456713 ... LastLast
Results 21 to 30 of 156

Thread: Please help get rid of smitfraud remnants

  1. #21
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Ok...

    To what is the wallpaper locked ? Is it a picture ?
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  2. #22
    Member
    Join Date
    Dec 2006
    Posts
    81

    Default

    No, it's a blue background. It's blank.

  3. #23
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi ok...

    And to what have you tried to change your wallpaper ? Try some of the default ones.

    Please download WinPFind2.
    • Extract the files to a folder(eg: C:\WinPFind2).
    • Double click WinPFind2.exe to start the program.
    • Click the Select All button in the File Options box of the Configuration tab(this is the tab the program opens up to by default).
    • Click the Run all Scans button.
    • When its finished scanning you will see Scans Complete! at the bottom left of the program.
    • Click the Export to Text button.
    • Notepad will open with the results of the scan and the log will be saved to the folder that you extracted the program to(C:\WinPFind2\WinPFind2.txt)
    • Post the log in your next reply please. You may need to split the log over a couple posts so that it doesn't get cut off. If so please use the [Start Post #1] and [Start Post #2] deliminators in the log to split the log up.
    Last edited by Mr_JAk3; 2006-12-22 at 21:26. Reason: Changed the instructions, sorry :)
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  4. #24
    Member
    Join Date
    Dec 2006
    Posts
    81

    Default

    Hi,

    I can't. The moment I move the cursor over a pic and click to choose it the whole thing disappears.

  5. #25
    Member
    Join Date
    Dec 2006
    Posts
    81

    Default

    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Logfile created on: 22/12/2006 9:27:02 μμ
    WinPFind v1.5.0 Folder = C:\DOCUME~1\adminX2\LOCALS~1\Temp\Rar$EX17.281\WinPFind\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...
    UPX! 18/12/2006 8:30:16 πμ 731028 C:\SmitfraudFix.exe ()

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...

    Checking %System% folder...
    WSUD 22/9/2005 6:30:48 μμ 18776064 C:\WINDOWS\SYSTEM32\alsndmgr.cpl (Realtek Semiconductor Corp.)
    aspack 18/3/2005 5:19:58 μμ 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
    aspack 26/5/2005 3:34:52 μμ 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
    aspack 22/7/2005 7:59:04 μμ 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
    aspack 5/12/2005 6:09:18 μμ 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
    aspack 3/2/2006 8:43:16 πμ 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
    aspack 31/3/2006 12:40:58 μμ 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
    aspack 28/9/2006 4:05:20 μμ 2414360 C:\WINDOWS\SYSTEM32\d3dx9_31.dll (Microsoft Corporation)
    PEC2 17/4/2003 2:00:00 μμ 41164 C:\WINDOWS\SYSTEM32\dfrg.msc ()
    aspack 3/5/2006 3:30:06 μμ 1212928 C:\WINDOWS\SYSTEM32\Incinerator.dll ()
    PEC2 26/4/2006 5:58:48 μμ 60156 C:\WINDOWS\SYSTEM32\jspWinNm.DLL ()
    PEC2 26/4/2006 5:58:48 μμ 35992 C:\WINDOWS\SYSTEM32\jspWinRnia.DLL ()
    PTech 17/5/2006 10:23:38 πμ 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation)
    PECompact2 7/12/2006 3:13:46 μμ 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    aspack 7/12/2006 3:13:46 μμ 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
    WSUD 4/9/2004 5:45:24 πμ 1250816 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
    aspack 4/9/2004 5:44:54 πμ 744448 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
    WSUD 4/9/2004 5:45:26 πμ 263168 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    UPX! 30/4/2004 7:46:24 μμ 28672 C:\WINDOWS\SYSTEM32\qtalt.ax (Cyberlink)
    Umonitor 4/9/2004 5:45:12 πμ 687104 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
    UPX! 26/3/2004 2:32:36 μμ 116224 C:\WINDOWS\SYSTEM32\rmalt.ax (Gabest)
    winsync 17/4/2003 2:00:00 μμ 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
    PEC2 18/10/2006 9:47:20 μμ 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)
    WSUD 18/10/2006 9:47:20 μμ 8231936 C:\WINDOWS\SYSTEM32\wmploc.dll (Microsoft Corporation)

    Checking %System%\Drivers folder and sub-folders...
    PTech 3/8/2004 9:41:38 μμ 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    22/12/2006 7:48:08 μμ S 2048 C:\WINDOWS\bootstat.dat ()
    23/11/2006 1:55:18 μμ H 54156 C:\WINDOWS\QTFont.qfn ()
    21/12/2006 2:38:04 μμ HS 5120 C:\WINDOWS\$NtServicePackUninstall$\Thumbs.db ()
    25/10/2006 1:32:46 μμ RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme ()
    25/10/2006 1:32:46 μμ RH 0 C:\WINDOWS\assembly\pubpol1.dat ()
    25/10/2006 9:56:14 μμ RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index22.dat ()
    25/10/2006 9:56:18 μμ RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index23.dat ()
    22/12/2006 7:48:12 μμ S 64 C:\WINDOWS\CSC\00000001 ()
    21/12/2006 12:31:52 μμ S 64 C:\WINDOWS\CSC\00000002 ()
    13/12/2006 10:48:32 πμ S 64 C:\WINDOWS\CSC\csc1.tmp ()
    13/12/2006 6:51:36 μμ H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ef348e0b99ce18685938c0f5f94eccd6\BIT7.tmp ()
    22/12/2006 7:50:56 μμ H 51730 C:\WINDOWS\system32\vsconfig.xml ()
    8/11/2006 7:23:54 πμ S 11671 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923694.cat ()
    28/11/2006 8:45:34 μμ S 7868 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem32.CAT ()
    28/11/2006 8:46:04 μμ S 17082 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem33.CAT ()
    28/11/2006 8:46:04 μμ S 22966 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem34.CAT ()
    28/11/2006 8:46:04 μμ S 22966 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem35.CAT ()
    28/11/2006 8:46:04 μμ S 22966 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem36.CAT ()
    2/11/2006 11:54:58 πμ S 34696 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFDist11.cat ()
    2/11/2006 12:13:58 μμ S 27554 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wmp11.cat ()
    22/12/2006 9:30:38 μμ H 1024 C:\WINDOWS\system32\config\default.LOG ()
    22/12/2006 7:48:26 μμ H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
    22/12/2006 7:50:48 μμ H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
    22/12/2006 9:30:48 μμ H 1024 C:\WINDOWS\system32\config\software.LOG ()
    22/12/2006 9:23:34 μμ H 1024 C:\WINDOWS\system32\config\system.LOG ()
    18/12/2006 5:57:20 μμ H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
    19/11/2006 10:14:20 μμ S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 ()
    21/12/2006 1:25:40 μμ S 44083 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 ()
    21/12/2006 2:29:48 μμ S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 ()
    19/11/2006 10:14:20 μμ S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 ()
    21/12/2006 1:25:40 μμ S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 ()
    21/12/2006 2:29:48 μμ S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 ()
    13/12/2006 9:25:54 μμ H 0 C:\WINDOWS\system32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ()
    13/12/2006 9:25:02 μμ HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\233da1f6-dde6-413e-8c97-e0b9def364eb ()
    13/12/2006 9:25:02 μμ HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
    3/12/2006 9:37:48 μμ HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\ebab982d-cb20-4bab-b766-60d39acb8a75 ()
    3/12/2006 9:37:48 μμ HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
    22/12/2006 7:48:14 μμ H 6 C:\WINDOWS\Tasks\SA.DAT ()
    22/12/2006 1:45:16 μμ H 396 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EB7B6756-B3E1-45F1-9B8C-BB1B7BED1CB0}.job ()

    Checking for CPL files...
    4/9/2004 5:45:26 πμ 71168 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
    22/9/2005 6:30:48 μμ 18776064 C:\WINDOWS\SYSTEM32\alsndmgr.cpl (Realtek Semiconductor Corp.)
    4/9/2004 5:45:26 πμ 556544 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
    28/10/2004 5:37:16 μμ 266299 C:\WINDOWS\SYSTEM32\btcpl.cpl (Broadcom Corporation)
    4/9/2004 5:45:26 πμ 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
    4/9/2004 5:45:26 πμ 138752 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
    4/9/2004 5:45:26 πμ 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
    4/9/2004 5:45:26 πμ 157696 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
    17/10/2006 12:05:48 μμ 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
    4/9/2004 5:45:26 πμ 134144 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
    4/9/2004 5:45:26 πμ 380928 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
    20/12/2006 12:40:26 μμ 69632 C:\WINDOWS\SYSTEM32\javacpl.cpl (Sun Microsystems, Inc.)
    4/9/2004 5:45:26 πμ 70144 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
    17/4/2003 2:00:00 μμ 189440 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
    4/9/2004 5:45:26 πμ 628224 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
    17/4/2003 2:00:00 μμ 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
    4/9/2004 5:45:26 πμ 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
    4/9/2004 5:45:26 πμ 263168 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
    8/8/2006 2:54:00 μμ 69632 C:\WINDOWS\SYSTEM32\nvcpl.cpl (NVIDIA Corporation)
    8/8/2006 2:54:00 μμ 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl ()
    17/4/2003 2:00:00 μμ 38912 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
    4/9/2004 5:45:26 πμ 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
    4/9/2004 5:45:26 πμ 119296 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
    4/9/2004 5:45:26 πμ 304640 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
    17/4/2003 2:00:00 μμ 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
    4/9/2004 5:45:26 πμ 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
    4/9/2004 5:45:26 πμ 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
    26/5/2005 3:16:22 πμ 175384 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
    17/10/2006 12:05:48 μμ 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
    17/4/2003 2:00:00 μμ 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
    17/4/2003 2:00:00 μμ 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
    17/4/2003 2:00:00 μμ 38912 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
    17/4/2003 2:00:00 μμ 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
    26/5/2005 3:16:22 πμ 175384 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
    1/12/2004 3:53:44 μμ 16166912 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\ALSNDMGR.CPL (Realtek Semiconductor Corp.)

    Checking for Downloaded Program Files...
    {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english...an_unicode.cab
    {17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/downlo...eckControl.cab
    {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeup...tent/opuc3.cab
    {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/s...sh/swflash.cab

  6. #26
    Member
    Join Date
    Dec 2006
    Posts
    81

    Default

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    28/8/2006 6:13:38 μμ 681 C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\BTTray.lnk ()
    27/3/2005 3:54:58 μμ HS 84 C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\desktop.ini ()
    28/8/2006 6:14:32 μμ 1687 C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Logitech SetPoint.lnk ()
    6/9/2006 6:43:34 μμ 1759 C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\NETGEAR WG311v2 Smart Configuration.lnk ()
    14/11/2006 4:19:56 μμ 678 C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Privoxy.lnk ()

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    27/3/2005 4:44:30 μμ HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

    Checking files in %USERPROFILE%\Startup folder...
    27/3/2005 3:54:58 μμ HS 84 C:\Documents and Settings\adminX2\Start Menu\Προγράμματα\Εκκίνηση\desktop.ini ()

    Checking files in %USERPROFILE%\Application Data folder...
    27/3/2005 4:44:30 μμ HS 62 C:\Documents and Settings\adminX2\Application Data\desktop.ini ()
    12/4/2006 11:25:00 πμ 1403 C:\Documents and Settings\adminX2\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log ()

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    >>> Internet Explorer Settings <<<


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    \\Search Page - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    \\Default_Page_URL - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    \\Local Page - C:\windows\system32\blank.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    \\Start Page - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
    \\Search Bar - http://search.msn.com/spbasic.htm
    \\Search Page - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    \\Default_Search_URL - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    \\Local Page - C:\windows\system32\blank.htm

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

    >>> BHO's <<<
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    \{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    \{0CF0B8EE-6596-11D5-A98E-0003470BB48E} - CCHelper Class = C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll ()
    \{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
    \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
    \{AE7CD045-E861-484f-8273-0445EE161910} - Adobe PDF Conversion Toolbar Helper = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

    >>> Internet Explorer Bars, Toolbars and Extensions <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Ζώνη του Explorer = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    \\{8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - Pop-Up Stopper &Companion = C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll ()
    \\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    \ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - Διεύ&θυνση = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
    \ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    \ShellBrowser\\{F3DF2532-A2CC-48D8-8643-A033AE4FC313} - = ()
    \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - Διεύ&θυνση = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Συνδέσεις = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \WebBrowser\\{F3DF2532-A2CC-48D8-8643-A033AE4FC313} - = ()
    \WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
    \WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    \WebBrowser\\{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF} - = ()
    \WebBrowser\\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} - = ()

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
    \\NEXTID - 8203
    \\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =
    \\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8195 = Windows Messenger
    \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8197 = Sun Java Console
    \\{CCA281CA-C863-46ef-9331-5C8D4460577F} - 8201 = @btrez.dll,-4017
    \\{e2e2dd38-d088-4134-82b7-f2ba38496583} - 8202 = @xpsp3res.dll,-20001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    \{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
    \{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
    \{CCA281CA-C863-46ef-9331-5C8D4460577F} - ButtonText: @btrez.dll,-4015 = C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    \{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
    \{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

    >>> Approved Shell Extensions (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Προβολή επέκτασης κίνησης CPL = ()
    \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Επεκτάσεις κελύφους για συμπίεση αρχείων = ()
    \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Μενού κρυπτογραφημένου περιεχομένου = ()
    \\{88895560-9AA2-1069-930E-00AA0030EBC8} - Προέκταση εικονιδίου HyperTerminal = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
    \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Γραμμή εργασιών και μενού Έναρξη = ()
    \\{32683183-48a0-441b-a342-7c2a440a9478} - Ζώνη μέσων = ()
    \\{7A9D77BD-5403-11d2-8785-2E0420524153} - Λογαριασμοί χρηστών = ()
    \\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
    \\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll ()
    \\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll ()
    \\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll ()
    \\{8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - Pop-Up Stopper &Companion = C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll ()
    \\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
    \\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
    \\{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} - CorelDRAW Shell Extension Component = C:\Program Files\Corel\Graphics10\Draw\CdrViewer\CrlShell100.dll (Corel Corporation)
    \\{59403EC0-EA55-11d5-954A-9A53884D6E09} - SecureDoc = C:\PROGRA~1\MSI\SECURE~1\SecDoc.dll (msi)
    \\{AC0B5D2E-B691-4E12-A4F9-CA88492579A2} - Zinio Shell Extension = C:\Program Files\Common Files\Zinio\ZShext.dll (Zinio Systems, Inc.)
    \\{A9AACA72-1C51-4F84-804D-90EDBA0D58F4} - Zinio Magazine Column Provider = C:\Program Files\Common Files\Zinio\ZShext.dll (Zinio Systems, Inc.)
    \\{32020A01-506E-484D-A2A8-BE3CF17601C3} - AlcoholShellEx = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll (Alcohol Soft Development Team)
    \\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
    \\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
    \\InCDShellExt extension - {CAE3251E-9B15-4810-B268-852AD9792A59} = ()
    \\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} - PowerISO = C:\Program Files\PowerISO\PowerISOShell.dll (PowerISO Computing, Inc.)
    \\{A5110426-177D-4e08-AB3F-785F10B4439C} - Sony Ericsson File Manager = C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll (Sony Ericsson Mobile Communications AB)
    \\{79BC0345-1015-11D2-A299-006008312725} - blue.shell = C:\Program Files\Pinnacle\Studio 10\programs\BlueShellExt.dll ()
    \\ - = ()
    \\{6af09ec9-b429-11d4-a1fb-0090960218cb} - My Bluetooth Places = C:\WINDOWS\system32\btneighborhood.dll (Broadcom Corporation)
    \\{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} - Adobe.Acrobat.ContextMenu = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc.)
    \\{e57ce731-33e8-4c51-8354-bb4de9d215d1} - Συσκευές Τοποθέτησης και Άμεσης Λειτουργίας γενικής χρήσης = ()
    \\{D9872D13-7651-4471-9EEE-F0A00218BEBB} - Multiscan = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC)
    \\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
    \\{A965C8E0-54A7-11D6-BF08-00079500BB23} - ZipZag Shell extension = C:\PROGRA~1\ZipZag\zipzagcm.dll ()

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    >>> Context Menu Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
    \Adobe.Acrobat.ContextMenu - {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc.)
    \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
    \HexWorkshopContextMenu - {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} = C:\Program Files\BreakPoint Software\Hex Workshop 4.2\hwext.dll (BreakPoint Software, Inc.)
    \PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PowerISOShell.dll (PowerISO Computing, Inc.)
    \SecureDocMenu - {59403EC0-EA55-11d5-954A-9A53884D6E09} = C:\PROGRA~1\MSI\SECURE~1\SecDoc.dll (msi)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \ZipZag - {A965C8E0-54A7-11D6-BF08-00079500BB23} = C:\PROGRA~1\ZipZag\zipzagcm.dll ()
    \ZLAVShExt - {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC)
    \{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

    [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
    \AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
    \PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PowerISOShell.dll (PowerISO Computing, Inc.)
    \SecureDocMenu - {59403EC0-EA55-11d5-954A-9A53884D6E09} = C:\PROGRA~1\MSI\SECURE~1\SecDoc.dll (msi)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \ZipZag - {A965C8E0-54A7-11D6-BF08-00079500BB23} = C:\PROGRA~1\ZipZag\zipzagcm.dll ()

    [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
    \00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll ()
    \NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

    [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
    \FineReader - {AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F} = c:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll (ABBYY (BIT Software))
    \PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PowerISOShell.dll (PowerISO Computing, Inc.)
    \WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
    \ZLAVShExt - {D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll (Zone Labs, LLC)
    \{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

    >>> Column Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    \{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
    \{A9AACA72-1C51-4F84-804D-90EDBA0D58F4} - Zinio Magazine Column Provider = C:\Program Files\Common Files\Zinio\ZShext.dll (Zinio Systems, Inc.)
    \{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

    >>> Registry Run Keys <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
    HP Component Manager - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
    HPDJ Taskbar Utility - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
    SoundMan - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    NWEReboot - Reg Data missing or invalid ()
    Logitech Hardware Abstraction Layer - C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
    - Reg Data missing or invalid ()
    Zone Labs Client - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
    nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe ()
    NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
    SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    Winpower - C:\Program Files\UpsPilot\Winpower.exe (ZeroG Software)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    Vidalia - C:\Program Files\Vidalia\vidalia.exe ()
    updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

  7. #27
    Member
    Join Date
    Dec 2006
    Posts
    81

    Default

    >>> Startup Links <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
    C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation)
    C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\desktop.ini ()
    C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
    C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe ()
    C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Privoxy.lnk - C:\Program Files\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
    C:\Documents and Settings\adminX2\Start Menu\Προγράμματα\Εκκίνηση\desktop.ini ()

    >>> MSConfig Disabled Items <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^adminX2^Start Menu^Προγράμματα^Εκκίνηση^Adobe Gamma.lnk
    path C:\Documents and Settings\adminX2\Start Menu\Προγράμματα\Εκκίνηση\Adobe Gamma.lnk
    backup C:\WINDOWS\pss\Adobe Gamma.lnkStartup
    location Startup
    command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    item Adobe Gamma

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Acrobat Assistant.lnk
    path C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Acrobat Assistant.lnk
    location Common Startup
    command C:\PROGRA~1\Adobe\ACROBA~2.0\Distillr\acrotray.exe
    item Acrobat Assistant

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Adobe Acrobat Speed Launcher.lnk
    path C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Adobe Acrobat Speed Launcher.lnk
    backup C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
    location Common Startup
    command C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
    item Adobe Acrobat Speed Launcher

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^CoreCenter.lnk
    path C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\CoreCenter.lnk
    backup C:\WINDOWS\pss\CoreCenter.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\MSI\CORECE~1\CORECE~1.EXE
    item CoreCenter

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Device Detector 2.lnk
    path C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Device Detector 2.lnk
    backup C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\Olympus\DEVICE~1\DevDtct2.exe
    item Device Detector 2

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^Microsoft Office OneNote 2003 Quick Launch.lnk
    path C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\Microsoft Office OneNote 2003 Quick Launch.lnk
    backup C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
    location Common Startup
    item Microsoft Office OneNote 2003 Quick Launch

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Προγράμματα^Εκκίνηση^SecureDoc.lnk
    path C:\Documents and Settings\All Users\Start Menu\Προγράμματα\Εκκίνηση\SecureDoc.lnk
    backup C:\WINDOWS\pss\SecureDoc.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\MSI\SECURE~1\Logon.exe
    item SecureDoc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item
    hkey HKLM
    command
    inimapping 0


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 7.0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item Acrotray
    hkey HKLM
    command "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ActiveSpeed
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item AS
    hkey HKLM
    command C:\Program Files\Ascentive\ActiveSpeed\AS.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CallBridgeReg.exe
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item qttask
    hkey HKLM
    command "C:\Program Files\QuickTime\qttask.exe" -atboottime
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easy Messaging
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item LogitechEasyMsg
    hkey HKCU
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Easy Synchronization
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item LogitechEasySync
    hkey HKLM
    command C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eBayToolbar
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item eBayTBDaemon
    hkey HKLM
    command C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FineReader7NewsReaderPro
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item AbbyyNewsReader
    hkey HKLM
    command C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InCD
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item InCD
    hkey HKLM
    command C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LiveMonitor
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item LMonitor
    hkey HKLM
    command C:\Program Files\MSI\Live Update 3\LMonitor.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MediaGateway
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item MediaGateway
    hkey HKLM
    command C:\Program Files\MediaGateway\MediaGateway.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item msmsgs
    hkey HKCU
    command "C:\Program Files\Messenger\msmsgs.exe" /background
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item NeroCheck
    hkey HKLM
    command C:\WINDOWS\system32\NeroCheck.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item NvCpl
    hkey HKLM
    command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item NvMcTray
    hkey HKLM
    command RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item nwiz
    hkey HKLM
    command nwiz.exe /install
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDF Converter Registry Controller
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item RegistryController
    hkey HKLM
    command "C:\Program Files\SYSTRAN\5.0\Premium\RegistryController.exe"
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item qttask
    hkey HKLM
    command "C:\Program Files\QuickTime\qttask.exe" -atboottime
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item PDVDServ
    hkey HKLM
    command "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item Skype
    hkey HKCU
    command "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMSystemAnalyzer
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item SMSystemAnalyzer
    hkey HKCU
    command "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item jusched
    hkey HKLM
    command C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TXP
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item txp
    hkey HKLM
    command c:\program files\topthemesxp\txp.exe
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updateMgr
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item AdobeUpdateManager
    hkey HKCU
    command "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zinio DLM
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item ZinioDeliveryManager
    hkey HKCU
    command C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 0
    services 0
    startup 2


    [All Users Startup Folder Disabled Items]

    [Current User Startup Folder Disabled Items]

    >>> User Agent Post Platform <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    >>> AppInit Dll's <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

    >>> Image File Execution Options <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    \Your Image File Name Here without a path - Debugger = ntsd -d

    >>> Shell Service Object Delay Load <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
    \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
    \\WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

    >>> Shell Execute Hooks <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
    \\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

    >>> Shared Task Scheduler <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Προφορτωτής Browseui = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
    \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Δαίμονας cache κατηγοριών στοιχείων = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

    >>> Winlogon <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    \\UserInit = C:\WINDOWS\system32\userinit.exe,
    \\Shell = explorer.exe
    \\System =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    \crypt32chain - crypt32.dll = (Microsoft Corporation)
    \cryptnet - cryptnet.dll = (Microsoft Corporation)
    \cscdll - cscdll.dll = (Microsoft Corporation)
    \LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll = (Logitech Inc.)
    \ScCertProp - wlnotify.dll = (Microsoft Corporation)
    \Schedule - wlnotify.dll = (Microsoft Corporation)
    \sclgntfy - sclgntfy.dll = (Microsoft Corporation)
    \SensLogn - WlNotify.dll = (Microsoft Corporation)
    \termsrv - wlnotify.dll = (Microsoft Corporation)
    \wlballoon - wlnotify.dll = (Microsoft Corporation)

    >>> DNS Name Servers <<<
    {2B189D7A-0484-4018-9933-946A5666B41E} - ()
    {9A5143B9-6588-4A68-ACA0-670AB776DD39} - (Προσαρμογέας δικτύου 1394)
    {9AF8CE68-A451-4C51-A003-5CAF8F86E1AB} - (NETGEAR WG311v2 802.11g Wireless PCI Adapter)
    {F7E641DF-DE51-4D8A-8D1F-0868E66B518F} - ()

    >>> All Winsock2 Catalogs <<<
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
    \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
    \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
    \000000000001\\PackedCatalogItem - CC:\WINDOWS\system32\ZoneLabs\vetredir.dll ()
    \000000000002\\PackedCatalogItem - CC:\WINDOWS\system32\ZoneLabs\vetredir.dll ()
    \000000000003\\PackedCatalogItem - CC:\WINDOWS\system32\ZoneLabs\vetredir.dll ()
    \000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000005\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000007\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000008\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
    \000000000009\\PackedCatalogItem - CC:\WINDOWS\system32\ZoneLabs\vetredir.dll ()
    \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
    \000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

    >>> Protocol Handlers (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
    \cetihpz - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    \ipp - ()
    \msdaipp - ()
    \widimg - C:\WINDOWS\system32\btxppanel.dll (Broadcom Corporation)

    >>> Protocol Filters (Non-Microsoft Only) <<<
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

    >>> Selected AddOn's <<<


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

  8. #28
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi

    I'll do a little more research on your problem and ask some help too.

    I'll get back to you as soon as possible
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  9. #29
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Ok I got some help from an expert

    Please copy the contents of the following quote box into Notepad: Don't forget to add the REGEDIT4

    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "WallpaperStyle"=-
    "Wallpaper"=-
    "NoDispBackgroundPage"=-
    "NoDispAppearancePage"=-

    [HKEY_CURRENT_USER\Control Panel\Desktop]
    "Wallpaper"=-
    "WallpaperStyle"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoActiveDesktopChanges"=-
    "NoActiveDesktop"=-
    "NoSaveSettings"=-
    "ClassicShell"=-
    "NoThemesTab"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
    "NoChangingWallPaper"=-
    Save it to your desktop as fixme.reg

    Then, locate fixme.reg on your desktop and <double-click> it.

    You will receive a prompt similar to: "Do you wish to merge the information into the registry?".

    Answer 'Yes' and wait for a message to appear similar to "Merged Successfully"

    Reboot.

    Can you access/change the desktop now?
    =====================================

    If that didn't work:
    =====================================

    Download next tool to a place where you'll find it easily:

    http://djlizard.net/Dial-a-fix-2006-09-19.exe

    Doubleclick Dial-a-fix-2006-09-19.exe to start the program.
    Immediately a window will open with on top: "Dial-A-fix : Restrictive policies"
    You'll see registry keys.
    Check them all and click the remove button below.
    Then click close. This should close the policies window.
    Then click exit in the main window under it, because we don't need anything from there.

    REBOOT your computer afterwards, important.

    now see if HJT will work
    Let me know if that helps

    Also, what theme are you using ?
    Last edited by Mr_JAk3; 2006-12-25 at 09:26. Reason: added a question
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  10. #30
    Member
    Join Date
    Dec 2006
    Posts
    81

    Default

    Hi Mr_JAk3,

    and thanks for your help.

    1) The fixme.reg copied into notepad and saved as you suggested does not work. I double-click it and what happens is that a window with the content of this notepad file pops up with no message such as the ones you suggested.

    2) The other program did not help either.

    Kind regards,

    Mills

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •