system
19
[Registry - Non-Microsoft Only]
< Run [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run →
!AVG Anti-Spyware → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe → GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
ATIPTA → %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe → ATI Technologies, Inc. [Ver = 6.14.10.5142 | Size = 339968 bytes | Modified Date = 3/8/2005 9:05:00 PM | Attr = ]
avast! → %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe → ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 9/6/2007 5:06:10 AM | Attr = ]
HPHmon05 → %System32%\hphmon05.exe → Hewlett-Packard [Ver = 5,0,84 | Size = 483328 bytes | Modified Date = 5/22/2003 9:55:38 PM | Attr = ]
SearchIndexer → %System32%\xytoqfrl.dll [rundll32.exe “C:\WINDOWS\system32\xytoqfrl.dll”,sitypnow] → [Ver = | Size = 83008 bytes | Modified Date = 10/21/2007 9:57:50 AM | Attr = ]
SynTPEnh → %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe → Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 618496 bytes | Modified Date = 7/15/2003 2:08:10 PM | Attr = ]
SynTPLpr → %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe → Synaptics, Inc. [Ver = 7.5.18.1 15Jul03 | Size = 110592 bytes | Modified Date = 7/15/2003 2:09:18 PM | Attr = ]
< OptionalComponents [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ →
IMAIL → Installed = 1 →
MAPI → Installed = 1 →
MSFS → Installed = 1 →
< Common Startup > → C:\Documents and Settings\All Users\Start Menu\Programs\Startup →
%AllUsersStartup%\WNSO.lnk → %CommonProgramFiles%\RGGZS\WNSO.exe → File not found
< ShellExecuteHooks [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks →
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] → %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] → GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ]
{733E9132-53CA-4C97-9AC9-145C4502FA20} [HKLM] → %System32%\rqrqomm.dll → File not found
< SecurityProviders [HKLM] > → HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders →
< Winlogon settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon →
< Winlogon\Notify settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ →
AtiExtEvent → %System32%\ati2evxx.dll → ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 61440 bytes | Modified Date = 3/8/2005 4:34:34 PM | Attr = ]
WgaLogon → Reg Data - Value does not exist → File not found
< CurrentVersion Policy Settings [HKLM] > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} → 1073741857 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1} → 32 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\dontdisplaylastusername → 0 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticecaption → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\legalnoticetext → →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\shutdownwithoutlogon → 1 →
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\undockwithoutlogon → 1 →
< CurrentVersion Policy Settings [HKCU] > → HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun → 145 →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ → →
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools → 0 →
< HOSTS File > (764 bytes) → C:\WINDOWS\System32\drivers\etc\Hosts →
127.0.0.1 localhost → →
192.168.1.109 HP000D9D182CA5 → →
< Internet Explorer Settings > → →
HKLM: Default_Page_URL → http://us8l.hpwis.com →
HKLM: Main\Default_Search_URL → http://www.google.com/ie →
HKLM: Local Page → %SystemRoot%\system32\blank.htm →
HKLM: Search Page → http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch →
HKLM: Start Page → http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home →
HKLM: CustomizeSearch → http://seek.3721.com/srchcust.htm →
HKLM: Search\Default_Search_URL → http://www.google.com/ie →
HKLM: SearchAssistant → http://www.google.com/ie →
HKCU: Local Page → C:\WINDOWS\system32\blank.htm →
HKCU: Search Bar → http://www.google.com/ie →
HKCU: Search Page → http://www.google.com →
HKCU: Start Page → http://us8l.hpwis.com/ →
HKCU: SearchAssistant → http://www.google.com/ie →
HKCU: ProxyEnable → 0 →
HKCU: ProxyOverride → 127.0.0.1 →
< Trusted Sites > → HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ →
msn.com [ - ] → →
< BHO’s > → HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ →
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] → %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] → Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr = ]
{387EDF53-1CF2-4523-BC2F-13462651BE8C} [HKLM] → %System32%\BhoCitUS.dll [CitiUSBrowserHelper Class] → Orbiscom Ltd. All rights reserved. [Ver = 3, 7, 0, 0, 134 | Size = 139264 bytes | Modified Date =
