Gnutella Forums - View Single Post

heyheyheyhello · #19 (**permalink**) March 24th, 2007

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = NOTEPAD.EXE %1

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD}
(no name) - C:\Program Files\Windows Desktop Search\dsWebAllow.dll - {2F85D76C-0569-466F-A488-493E6BD0E955}
My Global Search Bar BHO - C:\Program Files\MyGlobalSearch\bar\4.bin\MGSBAR.DLL - {37B85A21-692B-4205-9CAD-2626E4993404}
(no name) - C:\Program Files\NewDotNet\newdotnet7_48.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - (no file) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
XBTP02634 - (no file) - {F97DA966-F09D-4cab-BF29-75A0026986EA}

--------------------------------------------------

Enumerating Task Scheduler jobs:

MP Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[StagingUI Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\STAGINGUI.OCX
CODEBASE = http://zone.msn.com/binFrameWork/v10...I.cab34120.cab

[Controller Class]
CODEBASE = https://www.windowsonecare.com/insta...SSWebAgent.CAB

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[{1F2F4C9E-6F09-47BC-970D-3C54734667FE}]
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

[Yahoo! Audio Conferencing]
InProcServer32 = C:\PROGRA~1\Yahoo!\MESSEN~1\yacscom.dll
CODEBASE = http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab

[Microsoft Data Collection Control]
InProcServer32 = C:\WINDOWS\system32\odc.dll
CODEBASE = https://support.microsoft.com/OAS/ActiveX/odc.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://us.dl1.yimg.com/download.yaho...st_current.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...22/wmv9VCM.CAB

[{3451DEDE-631F-421C-8127-FD793AFC6CC8}]
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

[ZoneBuddy Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ZBUDDY.OCX
CODEBASE = http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab

[{44990200-3C9D-426D-81DF-AAB636FA4345}]
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

[{44990301-3C9D-426D-81DF-AAB636FA4345}]
CODEBASE = http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

[ZonePAChat Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ZPACHAT.OCX
CODEBASE = http://zone.msn.com/binframework/v10...t.cab32846.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsu...?1152911741953

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsof...?1153203545156

[{9C024426-7859-4B2D-AB4C-B1E370AE7549}]
CODEBASE = http://ca.mcafee.com/Apps/WSC/en-ca/...cannerCtrl.cab

[Update Class]
InProcServer32 = C:\WINDOWS\system32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.co...987.9850231481

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNMESSENGERSETUPDOWNLOADER.OCX
CODEBASE = http://messenger.msn.com/download/Ms...Downloader.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ZINTRO.OCX
CODEBASE = http://zone.msn.com/binFramework/v10...o.cab34246.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://fpdownload2.macromedia.com/ge...sh/swflash.cab

[StadiumProxy Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\STPROXY.DLL
CODEBASE = http://zone.msn.com/binframework/v10...y.cab35645.cab

[{E5D419D6-A846-4514-9FAD-97E826C84822}]
CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNCHAT45.OCX
CODEBASE = http://chat.msn.com/controls/msnchat45.cab

[CheckersZPA Object]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CHECKERSZPA.OCX
CODEBASE = http://zone.msn.com/bingame/zpagames...A.cab38514.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\Program Files\Spyware Doctor\FilterLSP.dll
Protocol #2: C:\Program Files\Spyware Doctor\FilterLSP.dll
Protocol #3: C:\Program Files\Spyware Doctor\FilterLSP.dll
Protocol #4: C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll
Protocol #5: C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll
Protocol #6: C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll
Protocol #12: C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (file MISSING)
Protocol #13: C:\Program Files\iolo\Common\Firewall\iFW_Xfilter.dll (file MISSING)
Protocol #32: C:\Program Files\Common Files\PC Tools\LSP\PCTLsp.dll
Protocol #33: C:\Program Files\Spyware Doctor\FilterLSP.dll

--------------------------------------------------