Step 3, went off without a hitch.
"Kyle Wilkinson" - 07-01-27 11:58:31 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Kyle Wilkinson\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\INSTALL.LOG
((((((((((((((((((((((((((((((( Files Created from 2006-12-27 to 2007-01-27 ))))))))))))))))))))))))))))))))))
2007-01-27 11:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-27 11:08 <DIR> d-------- C:\Program Files\Grisoft
2007-01-26 11:51 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2007-01-26 11:49 <DIR> d-------- C:\HJT
2007-01-25 17:44 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-01-23 22:54 <DIR> d-------- C:\DOCUME~1\KYLEWI~2\Application Data\MailFrontier
2007-01-23 22:39 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-01-23 22:37 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-01-23 22:37 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-01-23 16:07 <DIR> d-------- C:\WINDOWS\Performance
2007-01-23 16:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation
2007-01-22 17:07 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2007-01-22 16:36 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-01-22 15:59 <DIR> d-------- C:\Program Files\Windows Defender
2007-01-10 08:35 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-08 16:49 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-08 16:49 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-08 16:48 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-08 16:46 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-08 16:45 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-31 22:45 <DIR> d-------- C:\Program Files\Common Files\Moonlight
2006-12-31 22:36 <DIR> d-------- C:\DOCUME~1\KYLEWI~2\Application Data\DivX
2006-12-31 22:33 97,280 --a------ C:\WINDOWS\system32\ff_realaac.dll
2006-12-31 22:33 79,872 --a------ C:\WINDOWS\system32\ff_tremor.dll
2006-12-31 22:33 741,376 --a------ C:\WINDOWS\system32\audxlib.dll
2006-12-31 22:33 673,782 --a------ C:\WINDOWS\system32\unins000.exe
2006-12-31 22:33 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-12-31 22:33 40,960 --a------ C:\WINDOWS\system32\ff_liba52.dll
2006-12-31 22:33 38,400 --a------ C:\WINDOWS\system32\ff_unrar.dll
2006-12-31 22:33 245,760 --a------ C:\WINDOWS\system32\ff_libfaad2.dll
2006-12-31 22:33 225,280 --a------ C:\WINDOWS\system32\ff_kernelDeint.dll
2006-12-31 22:33 155,648 --a------ C:\WINDOWS\system32\ff_libdts.dll
2006-12-31 22:33 122,880 --a------ C:\WINDOWS\system32\ff_samplerate.dll
2006-12-31 22:19 <DIR> d-------- C:\WINDOWS\system32\languages
2006-12-31 22:19 <DIR> d-------- C:\WINDOWS\system32\help
2006-12-31 22:19 <DIR> d-------- C:\WINDOWS\system32\custom matrices
2006-12-30 15:41 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-12-30 15:41 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-12-30 15:41 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-27 11:53 -------- d-------- C:\Program Files\mozilla firefox
2007-01-27 11:03 -------- d-------- C:\DOCUME~1\KYLEWI~2\Application Data\utorrent
2007-01-26 21:20 -------- d-------- C:\Program Files\steam
2007-01-25 20:46 -------- d--h----- C:\Program Files\installshield installation information
2007-01-23 17:03 96256 --a------ C:\WINDOWS\system32\drivers\sptd6093.sys
2007-01-23 16:55 -------- d-------- C:\Program Files\world of warcraft
2007-01-23 15:26 -------- d-------- C:\Program Files\spyware doctor
2007-01-23 14:18 -------- d-------- C:\DOCUME~1\KYLEWI~2\Application Data\limewire
2007-01-22 17:07 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-01-22 17:06 -------- d-------- C:\Program Files\tuneup utilities 2006
2007-01-22 16:12 -------- d-------- C:\DOCUME~1\KYLEWI~2\Application Data\my games
2007-01-21 12:15 -------- d-------- C:\DOCUME~1\KYLEWI~2\Application Data\adobeum
2007-01-09 21:50 124469 --a------ C:\DOCUME~1\KYLEWI~2\Application Data\cosmos prefs
2006-12-31 22:47 -------- d-------- C:\Program Files\Common Files\elecard
2006-12-31 22:45 -------- d-------- C:\Program Files\xamp studio
2006-12-31 22:36 -------- d-------- C:\Program Files\divx
2006-12-30 10:49 403968 --a------ C:\WINDOWS\system32\libmplayer.dll
2006-12-30 10:49 3165184 --a------ C:\WINDOWS\system32\libavcodec.dll
2006-12-30 10:49 26624 --a------ C:\WINDOWS\system32\ff_wmv9.dll
2006-12-30 10:49 143360 --a------ C:\WINDOWS\system32\ff_theora.dll
2006-12-30 10:49 118784 --a------ C:\WINDOWS\system32\ff_libmad.dll
2006-12-30 10:49 114688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2006-12-30 10:00 200704 --a------ C:\WINDOWS\system32\tomsmocomp_ff.dll
2006-12-26 23:08 -------- d-------- C:\Program Files\Common Files\real
2006-12-19 16:53 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-12-17 15:29 -------- d-------- C:\DOCUME~1\KYLEWI~2\Application Data\vso
2006-12-15 18:50 -------- d-------- C:\DOCUME~1\KYLEWI~2\Application Data\ventrilo
2006-12-15 18:45 -------- d-------- C:\Program Files\ventrilo
2006-12-12 11:30 520192 --a------ C:\WINDOWS\system32\divxsm.exe
2006-12-12 11:30 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-12-12 11:30 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-12-12 11:30 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-12-12 11:25 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-12-12 11:25 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-12-12 11:25 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-12-12 11:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-12-12 11:25 635486 --a------ C:\WINDOWS\system32\divx.dll
2006-12-12 11:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2006-12-12 11:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-12-12 11:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2006-12-12 11:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-12-12 11:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-12-12 11:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-12-12 11:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-12-12 11:24 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 11:24 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-12-05 20:01 -------- d---s---- C:\Program Files\xfire
2006-12-05 16:23 -------- d-------- C:\DOCUME~1\KYLEWI~2\Application Data\xfire
2006-11-29 11:15 -------- d-------- C:\Program Files\windows media connect 2
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BrStDvPt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Brother\\Brmfl04a\\BrStDvPt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SsAAD"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSBkgdupdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SSScsiSV"=dword:00000003
"SPTISRV"=dword:00000003
"iPodService"=dword:00000003
"Adobe LM Service"=dword:00000003
"ose"=dword:00000003
"Symantec Core LC"=dword:00000002
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoFind"=dword:00000000
"NoFavoritesMenu"=dword:00000000
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoCommonGroups"=dword:00000000
"HideClock"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"NoCDBurning"=dword:00000000
"NoStartMenuPinnedList"=dword:00000000
"NoStartMenuMFUprogramsList"=dword:00000000
"NoStartMenuSubFolders"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoDeletePrinter"=dword:00000000
"NoAddPrinter"=dword:00000000
"NoNetworkConnections"=dword:00000000
"NoChangeStartMenu"=dword:00000000
"NoViewContextMenu"=dword:00000000
"NoFileMenu"=dword:00000000
"NoShellSearchButton"=dword:00000000
"NoRecentDocsNetHood"=dword:00000000
"NoChangeAnimation"=dword:00000000
"NoChangeKeyboardNavigationIndicators"=dword:00000000
"Mn@iboddPubswLfov"=dword:00000000
"Mn@mlrf"=dword:00000000
"MnOndNeg"=dword:00000000
"MnQtm"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\LaunchBFII.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d702fda-d859-11d9-a745-f1500869012c}]
Shell\AutoRun\command E:\Install.exe
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070126-123223-131
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20070126-123223-979
O3 - Toolbar: (no name) - {38cf8762-7461-41ee-b498-12316a2c1c84} - (no file)
backup-20070126-123223-863
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
backup-20070126-123223-476
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://ca.red.client...//www.yahoo.combackup-20070126-123223-460
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
backup-20070126-123223-681
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ca.red.client.../search/ie.htmlContents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
Completion time: 07-01-27 12:09:50
-----------------------------------------------------------------------------------------|
HJT LOG:
Logfile of HijackThis v1.99.1
Scan saved at 12:14:57 PM, on 27/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\Monitor.exe
C:\sUBs\ComboFix.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://securityrespo...er/fix_homepageR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 64.235.252.234 www.hitwgang.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: downloads.emugp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcaf...01/mcinsctl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1142550094578O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
System Status:
I still can't restart normally, and everytime I have to select "Start With Last Known Good Config" to start in regular mode. Norton won't come off, seems that some files may have been deleted or corrupted. And overall it may be a bit sluggish. But besides that, everthing works well.
Edited by kylewilk04, 27 January 2007 - 11:31 AM.