Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

icons disappearing and updating problems

Started by davoo26 , Aug 30 2006 05:09 PM

  • Please log in to reply

#1
davoo26
Posted 30 August 2006 - 05:09 PM

davoo26

    New Member

  • Member
  • Pip
  • 6 posts
i did this big scan that i used from the internet and i left it on over night it then finished later on in the afternoon the next day! i restarted my computer and all my icons had disapeared from the taskbar except zonelarm and ac power and volume control. then i couldnt get onto msn messenger so i blocked access for generic win32 then i couldnt get onto internet so i unistalled msn and i could get onto internet , reinstalled msn and then again i couldnt get onto internet. so i decided to unistall msn messenger because i couldnt get onto that because something was wrong with host files and key ports!! next day my volume control dispaeared and so did windows media player! since then only got zone alarm and ac power on my taskbar and my mate who knows alot about computer says i have some sort of virus! so he told me to go on safe mode networking and to scan on avg antivirus but i couldnt update it for some reason so i reinstalled it n now tht wouldnt open so i dont know what to do!!


Logfile of HijackThis v1.99.1
Scan saved at 23:34:26, on 30/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LogMeIn Backup\LogMeInBackupService.exe
C:\Program Files\LogMeIn Backup\BackupMaint.exe
C:\Program Files\LogMeIn Backup\LMIBackupVSSService.exe
C:\Program Files\LogMeIn Backup\BackupSystray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Warr\Local Settings\Temporary Internet Files\Content.IE5\LXVG6H0H\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/sport
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogMeIn Backup GUI] "C:\Program Files\LogMeIn Backup\BackupSystray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37960.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LogMeIn Backup Maintenance Service (BackupMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn Backup\BackupMaint.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Backup VSS Service (LMIBackupVSSService.exe) - LogMeIn, Inc. - C:\Program Files\LogMeIn Backup\LMIBackupVSSService.exe
O23 - Service: LogMeIn Backup Storage PC Service (LogMeInBackupService.exe) - LogMeIn, Inc. - C:\Program Files\LogMeIn Backup\LogMeInBackupService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements

#2
skate_punk_21
Posted 31 August 2006 - 12:22 PM

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Dowload the zip file below and extract to your desktop. double click the file called MSIFIX.bat with the Gear icon. You will be given a few prompts to follow that will cleanup the remnants of norton please follow along closely. Post a new HijackThis log when complete.

Attached Files


  • 0

#3
davoo26
Posted 31 August 2006 - 01:38 PM

davoo26

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Dowload the zip file below and extract to your desktop. double click the file called MSIFIX.bat with the Gear icon. You will be given a few prompts to follow that will cleanup the remnants of norton please follow along closely. Post a new HijackThis log when complete.




Logfile of HijackThis v1.99.1
Scan saved at 20:34:22, on 31/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Warr\Local Settings\Temporary Internet Files\Content.IE5\LXVG6H0H\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/sport
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37960.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#4
davoo26
Posted 01 September 2006 - 05:52 PM

davoo26

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
here you go boss!


Logfile of HijackThis v1.99.1
Scan saved at 00:51:43, on 02/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\John Warr\Local Settings\Temporary Internet Files\Content.IE5\AB7OU8WS\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/sport
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37960.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#5
skate_punk_21
Posted 01 September 2006 - 06:53 PM

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

  • 0

#6
davoo26
Posted 02 September 2006 - 08:26 AM

davoo26

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:09:38 02/09/2006

+ Scan result:



C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\John Warr\Cookies\john [email protected][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\John Warr\Cookies\john warr@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\John Warr\Cookies\john warr@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\John Warr\Cookies\john warr@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\John Warr\Cookies\john [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).


::Report end
  • 0

#7
skate_punk_21
Posted 02 September 2006 - 08:51 AM

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Dont do anything with it yet!
Download Track qoo
  • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode and post the WinPFind log here.

Edited by skate_punk_21, 02 September 2006 - 08:56 AM.

  • 0

#8
davoo26
Posted 02 September 2006 - 11:12 AM

davoo26

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 18/08/2001 13:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 19/06/2006 16:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 09/08/2006 12:03:06 8325544 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 09/08/2006 12:03:06 8325544 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04/08/2004 08:56:36 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04/08/2004 08:56:44 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 18/08/2001 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 19/06/2006 16:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
UPX! 01/09/2006 00:19:36 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 01/09/2006 00:19:36 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 01/09/2006 00:19:36 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 01/09/2006 00:19:36 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 04/08/2004 06:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Items found in C:\WINDOWS\SYSTEM32\drivers\etc\lmhosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
02/09/2006 16:13:22 S 2048 C:\WINDOWS\bootstat.dat
22/08/2006 23:54:30 H 54156 C:\WINDOWS\QTFont.qfn
02/09/2006 13:55:18 HS 27136 C:\WINDOWS\Thumbs.db
24/07/2006 10:23:58 HS 5120 C:\WINDOWS\$NtServicePackUninstall$\Thumbs.db
13/07/2006 17:27:00 H 0 C:\WINDOWS\inf\oem10.inf
29/08/2006 15:40:56 HS 23040 C:\WINDOWS\ServicePackFiles\i386\Thumbs.db
24/07/2006 10:24:02 HS 5632 C:\WINDOWS\SHELLNEW\Thumbs.db
10/08/2006 01:36:58 H 1401768 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fa6a8b6ef758224c8bfe859aa426f0c7\BIT19.tmp
02/09/2006 01:29:10 HS 7168 C:\WINDOWS\system32\Thumbs.db
02/09/2006 15:19:18 H 48882 C:\WINDOWS\system32\vsconfig.xml
29/08/2006 16:37:04 H 4212 C:\WINDOWS\system32\zllictbl.dat
07/07/2006 08:03:30 S 10690 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914440.cat
05/07/2006 13:21:58 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917422.cat
28/07/2006 13:16:08 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat
27/07/2006 15:00:28 S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat
21/07/2006 10:03:14 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat
13/07/2006 15:24:46 S 13050 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921398.cat
14/07/2006 17:13:00 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat
14/07/2006 16:53:20 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922616.cat
13/07/2006 17:26:10 S 8267 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem1.CAT
05/07/2006 16:03:52 S 7645 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT
02/09/2006 16:13:16 H 8192 C:\WINDOWS\system32\config\default.LOG
02/09/2006 16:13:42 H 1024 C:\WINDOWS\system32\config\SAM.LOG
02/09/2006 16:13:24 H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
02/09/2006 16:13:46 H 86016 C:\WINDOWS\system32\config\software.LOG
02/09/2006 16:13:30 H 1126400 C:\WINDOWS\system32\config\system.LOG
02/09/2006 00:37:44 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
27/08/2006 20:21:36 S 341 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8
27/08/2006 20:21:36 S 413 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165
13/07/2006 18:24:36 S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5
27/08/2006 20:21:36 S 126 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8
27/08/2006 20:21:36 S 98 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165
13/07/2006 18:24:36 S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5
25/07/2006 20:43:48 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\30a2b35f-aef0-4d8e-88ed-a8512b21bcb1
08/04/2008 20:02:46 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\4a61bb26-b161-4763-8316-8832a64200b0
25/07/2006 20:43:48 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
07/07/2006 00:14:56 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\9334920d-849f-4487-98f6-333237a186ca
07/07/2006 00:14:56 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
02/09/2006 16:11:32 H 6 C:\WINDOWS\Tasks\SA.DAT
24/07/2006 10:24:02 HS 7168 C:\WINDOWS\Web\Thumbs.db

Checking for CPL files...
Microsoft Corporation 04/08/2004 08:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04/08/2004 08:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04/08/2004 08:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04/08/2004 08:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04/08/2004 08:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 04/08/2004 08:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04/08/2004 08:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04/08/2004 08:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10/11/2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
TOSHIBA CORPORATION 07/12/2004 20:19:56 57344 C:\WINDOWS\SYSTEM32\LocalCOM.cpl
Microsoft Corporation 18/08/2001 13:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04/08/2004 08:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 18/08/2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04/08/2004 08:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04/08/2004 08:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 04/08/2004 08:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04/08/2004 08:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intersil Americas Inc. 17/01/2003 15:05:58 296019 C:\WINDOWS\SYSTEM32\PRISMCFG.cpl
Apple Computer, Inc. 10/10/2002 19:17:02 295936 C:\WINDOWS\SYSTEM32\QuickTime.cpl
17/01/2003 00:55:36 397312 C:\WINDOWS\SYSTEM32\slcpappl.cpl
Microsoft Corporation 04/08/2004 08:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 18/08/2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04/08/2004 08:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04/08/2004 08:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 18/08/2001 13:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 18/08/2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 18/08/2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
NVIDIA Corporation 03/05/2002 03:06:00 R 106496 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\nvtuicpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
25/09/2002 23:24:50 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
05/05/2002 19:44:38 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
22/08/2006 23:45:38 9 C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt

Checking files in %USERPROFILE%\Startup folder...
25/09/2002 23:24:50 HS 84 C:\Documents and Settings\John Warr\Start Menu\Programs\Startup\desktop.ini
01/09/2006 12:00:58 650 C:\Documents and Settings\John Warr\Start Menu\Programs\Startup\SpywareGuard.lnk

Checking files in %USERPROFILE%\Application Data folder...
02/10/2003 19:12:44 7358 C:\Documents and Settings\John Warr\Application Data\cards.ico
05/05/2002 19:44:38 HS 62 C:\Documents and Settings\John Warr\Application Data\desktop.ini
12/05/2004 19:28:22 H 5899 C:\Documents and Settings\John Warr\Application Data\fiz0
04/05/2004 16:38:32 H 30140 C:\Documents and Settings\John Warr\Application Data\fiz10
03/05/2004 13:32:28 H 30035 C:\Documents and Settings\John Warr\Application Data\fiz11
02/05/2004 13:58:50 H 30087 C:\Documents and Settings\John Warr\Application Data\fiz12
01/05/2004 18:42:46 H 30035 C:\Documents and Settings\John Warr\Application Data\fiz13
29/04/2004 21:04:58 H 30174 C:\Documents and Settings\John Warr\Application Data\fiz14
27/04/2004 18:08:22 H 30018 C:\Documents and Settings\John Warr\Application Data\fiz15
26/04/2004 09:00:48 H 30033 C:\Documents and Settings\John Warr\Application Data\fiz16
24/04/2004 22:57:52 H 30047 C:\Documents and Settings\John Warr\Application Data\fiz17
24/04/2004 19:08:20 H 30060 C:\Documents and Settings\John Warr\Application Data\fiz18
24/04/2004 14:46:40 H 30110 C:\Documents and Settings\John Warr\Application Data\fiz19
30/11/2003 08:46:32 H 30061 C:\Documents and Settings\John Warr\Application Data\fiz20
12/05/2004 20:20:20 H 250789 C:\Documents and Settings\John Warr\Application Data\log.bak.txt
12/05/2004 20:20:20 H 710 C:\Documents and Settings\John Warr\Application Data\log0.txt
12/05/2004 20:16:10 H 30860 C:\Documents and Settings\John Warr\Application Data\log1.txt
11/05/2004 18:35:10 H 30762 C:\Documents and Settings\John Warr\Application Data\log10.txt
11/05/2004 17:18:24 H 30793 C:\Documents and Settings\John Warr\Application Data\log11.txt
11/05/2004 13:50:50 H 30725 C:\Documents and Settings\John Warr\Application Data\log12.txt
11/05/2004 13:34:04 H 30735 C:\Documents and Settings\John Warr\Application Data\log13.txt
11/05/2004 10:26:50 H 30793 C:\Documents and Settings\John Warr\Application Data\log14.txt
10/05/2004 22:33:46 H 30836 C:\Documents and Settings\John Warr\Application Data\log15.txt
10/05/2004 22:31:12 H 30846 C:\Documents and Settings\John Warr\Application Data\log16.txt
10/05/2004 22:29:58 H 30793 C:\Documents and Settings\John Warr\Application Data\log17.txt
10/05/2004 22:05:32 H 30838 C:\Documents and Settings\John Warr\Application Data\log18.txt
10/05/2004 20:08:12 H 30802 C:\Documents and Settings\John Warr\Application Data\log19.txt
12/05/2004 18:42:42 H 30862 C:\Documents and Settings\John Warr\Application Data\log2.txt
12/05/2004 16:55:44 H 30875 C:\Documents and Settings\John Warr\Application Data\log3.txt
12/05/2004 13:46:54 H 30809 C:\Documents and Settings\John Warr\Application Data\log4.txt
12/05/2004 11:20:16 H 30903 C:\Documents and Settings\John Warr\Application Data\log5.txt
12/05/2004 10:51:14 H 30856 C:\Documents and Settings\John Warr\Application Data\log6.txt
11/05/2004 21:22:24 H 30911 C:\Documents and Settings\John Warr\Application Data\log7.txt
11/05/2004 20:12:28 H 30767 C:\Documents and Settings\John Warr\Application Data\log8.txt
11/05/2004 20:04:28 H 30804 C:\Documents and Settings\John Warr\Application Data\log9.txt
28/01/2004 18:49:02 3262 C:\Documents and Settings\John Warr\Application Data\players_only.ico
27/10/2003 09:45:02 3262 C:\Documents and Settings\John Warr\Application Data\sbusa32x32.ico
18/10/2003 11:54:36 894 C:\Documents and Settings\John Warr\Application Data\SportsInteractions.ico
02/09/2006 00:48:56 HS 13824 C:\Documents and Settings\John Warr\Application Data\Thumbs.db
25/11/2003 09:14:18 1406 C:\Documents and Settings\John Warr\Application Data\twinaces_16x16.ico
25/11/2003 09:14:18 2238 C:\Documents and Settings\John Warr\Application Data\twinaces_32x32.ico
08/10/2003 19:54:32 3774 C:\Documents and Settings\John Warr\Application Data\WSM5Roses.ico

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{81559C35-8464-49F7-BB0E-07A383BEF910} = C:\Program Files\SpywareGuard\spywareguard.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{51085E3D-A958-42A2-A6BE-A6A9B0BAF276}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{95DBE7C4-4494-2099-E9A2-AC9F85C6971A} = :
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} = EPSON Web-To-Page : C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{0FB7BB1B-E3FB-43E5-8857-D31957A76EB3} = :
{96D800AA-8A57-4C0A-8A54-49ACE6253BBF} = :
{C44E2AE4-921F-43BB-B624-6BEF586DF4C5} = :
{893507DD-561E-474E-AC0C-842090EC3D78} = :
{E7E5C31A-26A2-43C9-99A3-E003FA254F05} = :
{5EE31F59-F8DA-4F99-802A-36EC42CF3733} = :
{9AB2D455-7B98-4618-B209-060E000B4D38} = :
{3B546C7B-DB2B-4ADE-B06C-E07A75FA7CEC} = :
{59FA47CB-2EC6-4923-9CE1-4C3F7474EC97} = :
{7E6B6C7B-C352-4498-82C3-9EF0C03F094B} = :
{A5C092CC-7EA7-4A2B-BABB-48D74B0B2238} = :
{DA71FEC6-4618-4424-9D22-C777CE57D395} = :
{F83C15DE-809D-41A7-98BE-981B9DC56D61} = :
{310D11D5-5996-4DC1-9AF8-008E27F00C5B} = :
{C69DC2E8-449B-4442-9AB9-164E86C1E9D2} = :
{7EC57952-1070-466D-81B2-917DA9DD9E28} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{D944703B-2CF4-4AFB-9B2D-40673CA3C477} = :
{DC49F199-8769-46E2-9056-B8001228149F} = :
{FEAE1A87-2F35-4BDD-8C40-100089DDCD75} = :
{342A8884-D793-49B2-A311-67638B39AE1A} = :
{95DBE7C4-4494-2099-E9A2-AC9F85C6971A} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} = EPSON Web-To-Page : C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Zone Labs Client "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Run
key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
item videocntl
hkey HKCU
inimapping 1
key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
item videocntl
hkey HKCU
inimapping 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Videocntl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item videocntl
hkey HKCU
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item videocntl
hkey HKCU
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoDrives 0
NoViewOnDrive 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} =
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 02/09/2006 16:22:14
  • 0

#9
skate_punk_21
Posted 04 September 2006 - 09:53 AM

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Sorry for the delay - Computer Clean!!! Good work dude! :whistling:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP