Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows will not start up anymore

Started by kylewilk04 , Jan 25 2007 10:27 AM

This topic is locked

#16
kylewilk04

Posted 28 January 2007 - 03:41 PM

Member

Topic Starter
Member
30 posts

Hello again,

I ended up doing a manual uninstall, as per Symantec's instructions. It seems like it's gone, it's no longer in Add/Remove programs. Yet, I still have the problem where Windows still won't start up. Here is my update HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 4:37:11 PM, on 28/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://securityrespo...er/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

localhost
O1 - Hosts: 64.235.252.234 www.hitwgang.com
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} -

C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} -

C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program

Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

(file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

(file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: downloads.emugp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros.../muweb_site.cab

?1142550094578
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) -

Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -

C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner -

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file

missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd -

C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#17
kylewilk04

Posted 28 January 2007 - 09:39 PM

Member

Topic Starter
Member
30 posts

I was looking over your forum, when a problem like mine was brought up. And one of the staff said something about drivers. So, I went into my eventvwr.msc to see the errors from the bad boots, and I get an error that claims

The following boot-start or system-start driver(s) failed to load:
SRTSPX
SYMTDI

Sounds like a Symantec Anti-virus one.

Perhaps, this is why I can't boot and the root of my problems?

EDIT: These two are not in my System32 folder, but in my temp folder some where. I did a search. Should I just slap them into System32 or somehow tell my computer to not run these at start up?

Edited by kylewilk04, 28 January 2007 - 09:55 PM.

#18
Jrenter2

Posted 28 January 2007 - 11:39 PM

Member

Member
435 posts

Hi Kylewilk04

Yes, those are Symantec services. They're a pain from what I have been researching. We can try and disable them from starting and see what happens. If all goes as planned, this should fix it.

Step 1

The first thing we need to do is make a backup of your registry. Please follow the instructions below.

Go to Start > Run and type regedit in the blank. Then click OK. In the left window highlight My Computer at the top.
Go to File > Export
Type in backup for the file name
Leave Save As Type as Registration Files (*.reg)"
Click in All in the Export range box (it should be already checked).
Place your file somewhere safe so you remember where you put it like maybe C:\My Documents.
Click Save and then go to File > Exit.
Ok, that'll take care of your backup in case we need it later. Now, let's deal with getting rid of the problems from your current registry.

Next, please open Notepad again and copy and paste the following text inside the box (including REGEDIT4) and save as MYFIX.REG. Keep Save as type: All Files Save it also to your Desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSPX]
"Start"=dword:00000004 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMTDI]
"Start"=dword:00000004

Now, locate your MYFIX.REG file and double-click on it and allow it to merge with your registry.

Reboot your machine and post back here and let us know what happens.

#19
kylewilk04

Posted 29 January 2007 - 10:29 AM

Member

Topic Starter
Member
30 posts

I'm afraid that didn't work, same error as before.

#20
Jrenter2

Posted 29 January 2007 - 10:46 AM

Member

Member
435 posts

Ok..I'm going to find out more about those files. That should have stopped the services from even trying to load when the computer fired up. Will come back with another route.

thanks,

Jrenter2

#21
Jrenter2

Posted 29 January 2007 - 08:12 PM

Member

Member
435 posts

Hi Kylewilk04

We're just going to make sure that we delete these from where they are supposed to be. Also please turn off wordwrap in notepad. It makes it harder to read the logs.

Please open Notepad again and copy and paste the following text inside the box (including REGEDIT4) and save as MYFIX2.REG. Keep Save as type: All Files Save it also to your Desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSPX]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMTDI]

Now, locate your MYFIX2.REG file and double-click on it and allow it to merge with your registry.

Reboot your machine and post back here and let us know what happens and a new HJT log.

Thanks,

JR

#22
kylewilk04

Posted 29 January 2007 - 08:35 PM

Member

Topic Starter
Member
30 posts

Still nothing. Same error as before. I feel we are getting closer though :whistling:

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:32:34 PM, on 29/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\Monitor.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 64.235.252.234 www.hitwgang.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: downloads.emugp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142550094578
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#23
Jrenter2

Posted 30 January 2007 - 04:46 AM

Member

Member
435 posts

Hi Kylewilk04

Let's try and get rid of the rest of Norton for you. I think we're getting closer also...this is a real bugger.

Step 1

Please open Notepad again and copy and paste the following text inside the box (including REGEDIT4) and save as MYFIX3.REG. Keep Save as type: All Files Save it also to your Desktop.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccEvtMgr]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccSetMgr]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CLTNetCnService]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Automatic LiveUpdate Scheduler]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdate]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Symantec Core LC]

Now, locate your MYFIX3.REG file and double-click on it and allow it to merge with your registry.

Step 2

Let's get a StartupList and see where else this is embedded.

Please download StartupList to your desktop.
Double click the startuplist.zip to extract the files inside.
When the new window opens, please double click on StartupList.exe
A window will open that will begin listing all of the startups with icons and text. In the lower left hand corner, it will show the status. When it says "ready" in the bottom left corner, it has finished running.
At the top of the window, click File>Save As and save startuplist.txt to your desktop.
Close startuplist.exe window
Post a copy of startuplist.txt in your next reply

Reboot your machine and post back here and let us know what happens along with the startup list and a new HJT log.

Thanks,

JR

#24
kylewilk04

Posted 30 January 2007 - 11:54 AM

Member

Topic Starter
Member
30 posts

Nope, that didn't do the trick either. And for some reason, I can't post my start-up log, everything time I copy/paste it up, my post shows up as empty...How should I post this?

HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 12:51:21 PM, on 30/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\Monitor.exe
C:\HJT\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 64.235.252.234 www.hitwgang.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: downloads.emugp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142550094578
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by kylewilk04, 30 January 2007 - 11:59 AM.

#25
Jrenter2

Posted 30 January 2007 - 10:19 PM

Member

Member
435 posts

Hello Kylewilk04

Wow, I thought for sure that is going to help things out alot. Ok...let's give this a run.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Symantec

Reboot your computer into normal mode.

Post back here with a new HJT log and tell us how things are going.

#26
kylewilk04

Posted 30 January 2007 - 11:37 PM

Member

Topic Starter
Member
30 posts

Still no dice, I had to start in last known good config again. And it looks like these things come back...

Logfile of HijackThis v1.99.1
Scan saved at 12:35:28 AM, on 31/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\HJT\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 64.235.252.234 www.hitwgang.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: downloads.emugp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1142550094578
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#27
Jrenter2

Posted 31 January 2007 - 09:05 AM

Member

Member
435 posts

Hello Kylewilk04,

Ok, let's take a deeper dive into the files and registry entries on your machine.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here.
If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Post back here with the above report and attach your bitdefender scan report instead of trying to copy/paste it. We really need to see that report also.

thanks,

JR.

#28
kylewilk04

Posted 31 January 2007 - 10:58 AM

Member

Topic Starter
Member
30 posts

WinPFind3 logfile created on: 31/01/2007 11:45:59 AM
WinPFind3U by OldTimer - Version 1.0.11 Folder = C:\Documents and Settings\Kyle Wilkinson\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

523808 Kb Total Physical Memory | 78232 Kb Available Physical Memory | 14.94% Memory free
1277588 Kb Paging File | 773244 Kb Available in Paging File | 60.52% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80027764 Kb Total Space | 35348784 Kb Free Space | 44.17% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

[Processes - Non-Microsoft Only]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07/10/2006 7:20:00 AM | Attr = ]
brmfrmps.exe -> %System32%\Brmfrmps.exe -> Brother Industries, Ltd. [Ver = 1.10.10.144 | Size = 65536 bytes | Modified Date = 05/05/2003 7:30:22 PM | Attr = ]
brss01a.exe -> %System32%\brss01a.exe -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 13/12/2001 12:01:00 AM | Attr = ]
brsvc01a.exe -> %System32%\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12/04/2002 | Attr = ]
cthelper.exe -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 0, 2 | Size = 24576 bytes | Modified Date = 02/07/2002 5:56:00 PM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.1: 2006120418 | Size = 7620696 bytes | Modified Date = 21/12/2006 11:39:22 AM | Attr = ]
mantispm.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe -> [Ver = 4, 9, 1, 8203 | Size = 864256 bytes | Modified Date = 04/01/2007 11:06:26 AM | Attr = ]
monitor.exe -> %System32%\ZoneLabs\avsys\Monitor.exe -> [Ver = | Size = 69785 bytes | Modified Date = 19/12/2006 6:13:52 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 26/12/2006 11:07:34 PM | Attr = ]
scanningprocess.exe -> %System32%\ZoneLabs\avsys\ScanningProcess.exe -> [Ver = | Size = 94313 bytes | Modified Date = 19/12/2006 6:13:52 PM | Attr = ]
scanningprocess.exe -> %System32%\ZoneLabs\avsys\ScanningProcess.exe -> [Ver = | Size = 94313 bytes | Modified Date = 19/12/2006 6:13:52 PM | Attr = ]
sdhelp.exe -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 02/11/2006 5:17:14 PM | Attr = ]
swdoctor.exe -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 4.0.0.2621 | Size = 3375104 bytes | Modified Date = 12/12/2006 11:46:16 PM | Attr = ]
updclient.exe -> %System32%\ZoneLabs\UpdClient.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 141104 bytes | Modified Date = 08/01/2007 2:29:38 PM | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 75568 bytes | Modified Date = 08/01/2007 2:29:38 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.11.0 | Size = 306176 bytes | Modified Date = 18/01/2007 6:01:14 PM | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 919280 bytes | Modified Date = 08/01/2007 2:29:40 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4131 | Size = 405504 bytes | Modified Date = 21/03/2006 10:48:56 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Disabled | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 20/12/2006 9:05:00 PM | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found
(brmfrmps) Brother Popup Suspend service for Resource manager [Win32_Own | Auto | Running] -> %System32%\Brmfrmps.exe -> Brother Industries, Ltd. [Ver = 1.10.10.144 | Size = 65536 bytes | Modified Date = 05/05/2003 7:30:22 PM | Attr = ]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %System32%\brsvc01a.exe -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12/04/2002 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found
(ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 2:56:48 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 14/11/2005 12:06:04 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 30/10/2006 9:36:32 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -> File not found
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.2.00.06070 | Size = 53337 bytes | Modified Date = 07/06/2005 12:32:54 AM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.2.00.06070 | Size = 53337 bytes | Modified Date = 07/06/2005 12:28:04 AM | Attr = ]
(SDhelper) PC Tools Spyware Doctor [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\sdhelp.exe -> PC Tools Research Pty Ltd [Ver = 3.6.0.2026 | Size = 895088 bytes | Modified Date = 02/11/2006 5:17:14 PM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.2.00.06070 | Size = 69718 bytes | Modified Date = 07/06/2005 12:22:34 AM | Attr = ]
(SSScsiSV) SonicStage SCSI Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.2.00.06030 | Size = 69632 bytes | Modified Date = 03/06/2005 4:21:00 AM | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 75568 bytes | Modified Date = 08/01/2007 2:29:38 PM | Attr = ]
(x10nets) X10 Device Network Service [Win32_Own | Disabled | Stopped] -> %SystemDrive%\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07/10/2006 7:20:00 AM | Attr = ]
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLIStart.exe -> [Ver = | Size = 90112 bytes | Modified Date = 25/09/2006 9:12:20 AM | Attr = ]
KernelFaultCheck -> -> File not found
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 26/12/2006 11:07:34 PM | Attr = ]
WINDVDPatch -> %System32%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 0, 2 | Size = 24576 bytes | Modified Date = 02/07/2002 5:56:00 PM | Attr = ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 919280 bytes | Modified Date = 08/01/2007 2:29:40 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Spyware Doctor -> %ProgramFiles%\Spyware Doctor\swdoctor.exe -> PC Tools Research Pty Ltd [Ver = 4.0.0.2621 | Size = 3375104 bytes | Modified Date = 12/12/2006 11:46:16 PM | Attr = ]
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Adobe LM Service -> ->
Automatic LiveUpdate Scheduler -> ->
iPodService -> ->
ose -> ->
SPTISRV -> ->
SSScsiSV -> ->
Symantec Core LC -> ->
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 30/10/2006 9:36:36 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 25/10/2006 6:58:18 PM | Attr = ]
SetDefPrt -> %ProgramFiles%\Brother\Brmfl04a\BrStDvPt.exe -> Brother Industories, Ltd. [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Modified Date = 25/05/2004 9:16:56 AM | Attr = ]
SsAAD.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 3.2.00.06030 | Size = 81920 bytes | Modified Date = 03/06/2005 6:16:00 AM | Attr = ]
SSBkgdUpdate -> %CommonProgramFiles%\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -> Scansoft, Inc. [Ver = 1, 0, 0, 6 | Size = 155648 bytes | Modified Date = 14/10/2003 10:22:30 AM | Attr = R ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 26/12/2006 11:07:34 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> _
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFavoritesMenu -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{450D8FBA-AD25-11D0-98A8-0800361B1103} -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoBackButton -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoFileMru -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCommonGroups -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideClock -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuPinnedList -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMFUprogramsList -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuSubFolders -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDeletePrinter -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAddPrinter -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetworkConnections -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeStartMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewContextMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoShellSearchButton -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeAnimation -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeKeyboardNavigationIndicators -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Mn@iboddPubswLfov -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Mn@mlrf -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\MnOndNeg -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\MnQtm -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\Ghp`amfUbrhLds -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
64.235.252.234 www.hitwgang.com -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> about:blank ->
HKCU: SearchAssistant -> ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> localhost ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
downloads_emugp.com [*] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 4:16:42 AM | Attr = ]
{502C3BA4-2C3E-4317-BC29-C0445E82B1F9} [HKLM] -> %CommonProgramFiles%\Paltalk\PaltalkWebLogin.dll [PaltalkWebLogin] -> AVM Software Inc. [Ver = 1.0.0.1 | Size = 102400 bytes | Modified Date = 26/01/2006 11:15:10 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 1, 5, 1 | Size = 181752 bytes | Modified Date = 06/01/2006 11:52:14 AM | Attr = ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> PC Tools [Ver = 3.6.0.2071 | Size = 825528 bytes | Modified Date = 01/08/2006 3:27:06 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 12:22:12 PM | Attr = ]
{B56A7D7D-6927-48C8-A975-17DF180C71AC} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [PCTools Browser Monitor] -> PC Tools [Ver = 3.6.0.2283 | Size = 850104 bytes | Modified Date = 01/08/2006 3:23:12 PM | Attr = ]
{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKLM] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 03/02/2005 4:07:08 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 12, 13, 1 | Size = 325184 bytes | Modified Date = 14/12/2005 3:29:40 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 12, 13, 1 | Size = 325184 bytes | Modified Date = 14/12/2005 3:29:40 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8197 - Reg Data - Value does not exist ->
{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} -> 8196 - Reg Data - Key not found ->
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> 8193 - Reg Data - Value does not exist ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8195 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8198 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10/11/2005 12:22:12 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 12:22:12 PM | Attr = ]
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> Reg Data - Value does not exist [ButtonText: Spyware Doctor] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> %ProgramFiles%\Messenger\msmsgs.exe [ButtonText: Messenger] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Yahoo! Search -> %ProgramFiles%\Yahoo!\common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 03/06/2005 6:07:38 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 03/06/2005 6:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 03/06/2005 6:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 01/08/2005 5:43:00 PM | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} [HKLM] -> Reg Data - Key not found [dBpowerAMP Music Converter] -> File not found
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> Reg Data - Key not found [AlcoholShellEx] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{44440D00-FF19-4AFC-B765-9A0970567D97} [HKLM] -> %System32%\uxtuneup.dll [TuneUp Theme Extension] -> TuneUp Software GmbH [Ver = 1.0.0.2 | Size = 24072 bytes | Modified Date = 19/12/2006 4:53:46 PM | Attr = ]
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} [HKLM] -> %ProgramFiles%\TuneUp Utilities 2007\SDShelEx-win32.dll [TuneUp Shredder Shell Extension] -> TuneUp Software GmbH [Ver = 2.0.0.2 | Size = 25608 bytes | Modified Date = 19/12/2006 4:53:48 PM | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 11, 23, 1 | Size = 175616 bytes | Modified Date = 23/11/2004 9:56:26 AM | Attr = ]
{5E2121EE-0300-11D4-8D3B-444553540000} [HKLM] -> %ProgramFiles%\ATI Technologies\ATI.ACE\atiacmxx.dll [Catalyst Context Menu extension] -> [Ver = 1, 0, 0, 1 | Size = 73728 bytes | Modified Date = 25/09/2006 9:13:12 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 29/08/2002 7:00:00 AM | Attr = ]
{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> Reg Data - Key not found [WinAce Archiver 2.2 Context Menu Shell Extension] -> File not found
{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> Reg Data - Key not found [WinAce Archiver 2.2 Property Sheet Shell Extension] -> File not found
{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> Reg Data - Key not found [WinAce Archiver 2.2 DragDrop Shell Extension] -> File not found
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} [HKLM] -> Reg Data - Key not found [WinAce Archiver 2.2 Context Menu Shell Extension] -> File not found
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 125440 bytes | Modified Date = 12/07/2005 9:02:58 PM | Attr = ]
{B8323370-FF27-11D2-97B6-204C4F4F5020} [HKLM] -> Reg Data - Key not found [SmartFTP Shell Extension DLL] -> File not found
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 30/10/2006 9:36:36 AM | Attr = ]
{BDA77241-42F6-11d0-85E2-00AA001FE28C} [HKLM] -> Reg Data - Value does not exist [LDVP Shell Extensions] -> File not found
{D9872D13-7651-4471-9EEE-F0A00218BEBB} [HKLM] -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlavscan.dll [Multiscan] -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 50928 bytes | Modified Date = 08/01/2007 2:29:00 PM | Attr = ]
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} [HKLM] -> %ProgramFiles%\Sonic\RecordNow! Deluxe\shlext.dll [RecordNow! SendToExt] -> [Ver = 7.0.0.0 | Size = 73728 bytes | Modified Date = 22/06/2004 6:02:00 AM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2488 | Size = 54848 bytes | Modified Date = 26/12/2006 11:07:54 PM | Attr = ]
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> Reg Data - Key not found [dBpowerAMP Music Converter 1] -> File not found
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06/10/2006 6:40:48 AM | Attr = ]
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} [HKLM] -> %ProgramFiles%\TuneUp Utilities 2007\SDShelEx-win32.dll [TuneUp Shredder Shell Extension] -> TuneUp Software GmbH [Ver = 2.0.0.2 | Size = 25608 bytes | Modified Date = 19/12/2006 4:53:48 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 12/07/2005 9:02:58 PM | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> %ProgramFiles%\Yahoo!\common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 11, 23, 1 | Size = 175616 bytes | Modified Date = 23/11/2004 9:56:26 AM | Attr = ]
{D9872D13-7651-4471-9EEE-F0A00218BEBB} [HKLM] -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlavscan.dll [ZLAVShExt] -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 50928 bytes | Modified Date = 08/01/2007 2:29:00 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06/10/2006 6:40:48 AM | Attr = ]
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} [HKLM] -> %ProgramFiles%\TuneUp Utilities 2007\SDShelEx-win32.dll [TuneUp Shredder Shell Extension] -> TuneUp Software GmbH [Ver = 2.0.0.2 | Size = 25608 bytes | Modified Date = 19/12/2006 4:53:48 PM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 12/07/2005 9:02:58 PM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{5E2121EE-0300-11D4-8D3B-444553540000} [HKLM] -> %ProgramFiles%\ATI Technologies\ATI.ACE\atiacmxx.dll [ACE] -> [Ver = 1, 0, 0, 1 | Size = 73728 bytes | Modified Date = 25/09/2006 9:13:12 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{BDA77241-42F6-11d0-85E2-00AA001FE28C} [HKLM] -> Reg Data - Value does not exist [LDVPMenu] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Modified Date = 12/07/2005 9:02:58 PM | Attr = ]
{D9872D13-7651-4471-9EEE-F0A00218BEBB} [HKLM] -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlavscan.dll [ZLAVShExt] -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 50928 bytes | Modified Date = 08/01/2007 2:29:00 PM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14/12/2004 1:20:02 AM | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{F069C251-F968-4CC2-B612-89882C02B86E} -> (ASUSTeK/Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00000055-9980-0010-8000-00AA00389B71} -> - CodeBase = http://codecs.micros...cs/i386/fhg.CAB ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft....k/?linkid=39204 ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> - CodeBase = http://download.mcaf...01/mcinsctl.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.micros...b?1142550094578 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> Shockwave Flash Object - CodeBase = http://download.macr...ash/swflash.cab ->
DirectAnimation Java Classes -> - CodeBase = ->
Microsoft XML Parser for Java -> - CodeBase = ->

[Files - Created Within 30 days]
rollback.ini -> %SystemDrive%\rollback.ini -> [Ver = | Size = 639 bytes | Created Date = 24/01/2007 8:14:31 AM | Attr = ]
ScanSectorLog.dat -> %SystemDrive%\ScanSectorLog.dat -> [Ver = | Size = 512 bytes | Created Date = 23/01/2007 11:00:58 PM | Attr = ]
WISC8BB491212D942AEB571E580D8CD1B5B_6_0_1255.MSI -> %CommonProgramFiles%\Wise Installation Wizard\WISC8BB491212D942AEB571E580D8CD1B5B_6_0_1255.MSI -> [Ver = | Size = 8005632 bytes | Created Date = 22/01/2007 5:07:03 PM | Attr = ]
DVDRegionFreeLite.INI -> %SystemRoot%\DVDRegionFreeLite.INI -> [Ver = | Size = 67 bytes | Created Date = 27/01/2007 6:14:25 PM | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12011 | Size = 565311 bytes | Created Date = 26/01/2007 11:51:43 AM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12011 | Size = 573440 bytes | Created Date = 26/01/2007 11:51:43 AM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 26/01/2007 11:51:48 AM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 26/01/2007 11:51:43 AM | Attr = ]
MIDIDEF.EXE -> %SystemRoot%\MIDIDEF.EXE -> Creative Technology Ltd [Ver = 2, 8, 2, 0 | Size = 61440 bytes | Created Date = 28/01/2007 9:49:48 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 24/01/2007 11:39:11 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 24/01/2007 11:39:11 AM | Attr = H ]
system.tmp -> %SystemRoot%\system.tmp -> [Ver = | Size = 362 bytes | Created Date = 23/01/2007 3:24:30 PM | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 16896 bytes | Created Date = 25/01/2007 1:52:48 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
win.tmp -> %SystemRoot%\win.tmp -> [Ver = | Size = 971 bytes | Created Date = 23/01/2007 3:24:30 PM | Attr = ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 75512 bytes | Created Date = 23/01/2007 10:39:04 PM | Attr = ]
{00000000-00000000-0000000D-00001102-00000002-80651102}.BAK -> %SystemRoot%\{00000000-00000000-0000000D-00001102-00000002-80651102}.BAK -> [Ver = | Size = 3373917 bytes | Created Date = 28/01/2007 9:57:44 PM | Attr = ]
{00000000-00000000-0000000D-00001102-00000002-80651102}.CDF -> %SystemRoot%\{00000000-00000000-0000000D-00001102-00000002-80651102}.CDF -> [Ver = | Size = 3373917 bytes | Created Date = 28/01/2007 9:56:18 PM | Attr = ]
a3d.dll -> %System32%\a3d.dll -> [Ver = 80.0.0.3 | Size = 65536 bytes | Created Date = 28/01/2007 9:50:25 PM | Attr = ]
ati2cqag.dll -> %System32%\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0311 | Size = 258048 bytes | Created Date = 28/01/2007 10:16:54 PM | Attr = ]
ati2dvag.dll -> %System32%\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6606 | Size = 257536 bytes | Created Date = 28/01/2007 10:16:53 PM | Attr = ]
ati2edxx.dll -> %System32%\ati2edxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2500 | Size = 41984 bytes | Created Date = 28/01/2007 10:16:58 PM | Attr = ]
ati2evxx.dll -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4131 | Size = 61440 bytes | Created Date = 28/01/2007 10:16:57 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4131 | Size = 405504 bytes | Created Date = 28/01/2007 10:16:57 PM | Attr = ]
Ati2mdxx.exe -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2495 | Size = 26112 bytes | Created Date = 28/01/2007 10:16:54 PM | Attr = ]
ati3duag.dll -> %System32%\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0392 | Size = 2662688 bytes | Created Date = 28/01/2007 10:16:54 PM | Attr = ]
ATIDDC.DLL -> %System32%\ATIDDC.DLL -> ATI Technologies Inc. [Ver = 6.14.10.8 | Size = 53248 bytes | Created Date = 28/01/2007 10:16:57 PM | Attr = ]
ATIDEMGR.dll -> %System32%\ATIDEMGR.dll -> ATI Technologies Inc. [Ver = 1.2.2271.38961 | Size = 286720 bytes | Created Date = 28/01/2007 10:16:58 PM | Attr = ]
atifglpf.xml -> %System32%\atifglpf.xml -> [Ver = | Size = 6005 bytes | Created Date = 28/01/2007 10:16:59 PM | Attr = ]
atiicdxx.dat -> %System32%\atiicdxx.dat -> [Ver = | Size = 121995 bytes | Created Date = 28/01/2007 10:16:56 PM | Attr = ]
atiiiexx.dll -> %System32%\atiiiexx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4004 | Size = 307200 bytes | Created Date = 28/01/2007 10:17:03 PM | Attr = ]
atikvmag.dll -> %System32%\atikvmag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0035 | Size = 151552 bytes | Created Date = 28/01/2007 10:16:58 PM | Attr = ]
atioglx1.dll -> %System32%\atioglx1.dll -> ATI Technologies Inc. [Ver = 6.14.10.1062 | Size = 6684672 bytes | Created Date = 28/01/2007 10:17:01 PM | Attr = ]
atioglxx.dll -> %System32%\atioglxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.5757 | Size = 5025792 bytes | Created Date = 28/01/2007 10:16:59 PM | Attr = ]
atipdlxx.dll -> %System32%\atipdlxx.dll -> ATI Technologies, Inc. [Ver = 6, 14, 10, 2498 | Size = 114688 bytes | Created Date = 28/01/2007 10:16:57 PM | Attr = ]
atitvo32.dll -> %System32%\atitvo32.dll -> ATI Technologies Inc. [Ver = 6.14.10.4200 | Size = 17408 bytes | Created Date = 28/01/2007 10:16:57 PM | Attr = ]
ativvaxx.dll -> %System32%\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.01.0095 | Size = 1130752 bytes | Created Date = 28/01/2007 10:16:55 PM | Attr = ]
BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> %System32%\BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> [Ver = | Size = 25296 bytes | Created Date = 28/01/2007 9:55:09 PM | Attr = ]
BMXCtrlState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> %System32%\BMXCtrlState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> [Ver = | Size = 25296 bytes | Created Date = 28/01/2007 9:55:09 PM | Attr = ]
BMXState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> %System32%\BMXState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> [Ver = | Size = 16516 bytes | Created Date = 28/01/2007 9:55:09 PM | Attr = ]
BMXStateBkp-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> %System32%\BMXStateBkp-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> [Ver = | Size = 16516 bytes | Created Date = 28/01/2007 9:55:09 PM | Attr = ]
CT1MGM.ROM -> %System32%\CT1MGM.ROM -> [Ver = | Size = 1048576 bytes | Created Date = 28/01/2007 9:49:45 PM | Attr = ]
ctbasicw.dat -> %System32%\ctbasicw.dat -> [Ver = | Size = 113373 bytes | Created Date = 28/01/2007 9:50:25 PM | Attr = ]
ctdaught.dat -> %System32%\ctdaught.dat -> [Ver = | Size = 44055 bytes | Created Date = 28/01/2007 9:50:24 PM | Attr = ]
ctdlang.dat -> %System32%\ctdlang.dat -> [Ver = | Size = 164044 bytes | Created Date = 28/01/2007 9:50:24 PM | Attr = ]
ctstatic.dat -> %System32%\ctstatic.dat -> [Ver = | Size = 179669 bytes | Created Date = 28/01/2007 9:50:24 PM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 24/01/2007 11:40:21 AM | Attr = ]
default.ecw -> %System32%\default.ecw -> [Ver = | Size = 2259067 bytes | Created Date = 28/01/2007 9:50:24 PM | Attr = ]
DEFAULT.SFM -> %System32%\DEFAULT.SFM -> [Ver = | Size = 59 bytes | Created Date = 28/01/2007 9:49:47 PM | Attr = ]
DEFAULT4.SFM -> %System32%\DEFAULT4.SFM -> [Ver = | Size = 59 bytes | Created Date = 28/01/2007 9:49:47 PM | Attr = ]
DEFAULT8.SFM -> %System32%\DEFAULT8.SFM -> [Ver = | Size = 59 bytes | Created Date = 28/01/2007 9:49:47 PM | Attr = ]
DVCState-{00000000-00000000-0000000D-00001102-00000002-80651102}.dat -> %System32%\DVCState-{00000000-00000000-0000000D-00001102-00000002-80651102}.dat -> [Ver = | Size = 24 bytes | Created Date = 28/01/2007 9:55:09 PM | Attr = ]
DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80651102}.dat -> %System32%\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80651102}.dat -> [Ver = | Size = 24 bytes | Created Date = 28/01/2007 9:55:09 PM | Attr = ]
EAXAC3.DLL -> %System32%\EAXAC3.DLL -> Creative Labs [Ver = 1.12 | Size = 77824 bytes | Created Date = 28/01/2007 9:49:48 PM | Attr = ]
KILLAPPS.EXE -> %System32%\KILLAPPS.EXE -> [Ver = | Size = 49152 bytes | Created Date = 28/01/2007 9:49:48 PM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Created Date = 23/01/2007 10:38:01 PM | Attr = ]
Live.bmp -> %System32%\Live.bmp -> [Ver = | Size = 3126 bytes | Created Date = 28/01/2007 9:50:26 PM | Attr = ]
Oemdspif.dll -> %System32%\Oemdspif.dll -> ATI Technologies, Inc. [Ver = 6.14.0016 | Size = 77824 bytes | Created Date = 28/01/2007 10:16:58 PM | Attr = ]
REGPLIB.EXE -> %System32%\REGPLIB.EXE -> [Ver = | Size = 36864 bytes | Created Date = 28/01/2007 9:49:47 PM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 11.6.8.1 | Size = 91904 bytes | Created Date = 28/01/2007 1:10:58 PM | Attr = ]
SBLive.ico -> %System32%\SBLive.ico -> [Ver = | Size = 4398 bytes | Created Date = 28/01/2007 9:50:25 PM | Attr = ]
sfman32.dll -> %System32%\sfman32.dll -> Creative Technology Ltd [Ver = 5.12.01.0130-1.00.0000 | Size = 36864 bytes | Created Date = 28/01/2007 9:50:24 PM | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49404 bytes | Created Date = 23/01/2007 10:37:29 PM | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 157424 bytes | Created Date = 23/01/2007 10:36:56 PM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 104176 bytes | Created Date = 23/01/2007 10:37:31 PM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 272112 bytes | Created Date = 23/01/2007 10:37:31 PM | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 71408 bytes | Created Date = 23/01/2007 10:37:59 PM | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 472816 bytes | Created Date = 23/01/2007 10:36:56 PM | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 46832 bytes | Created Date = 23/01/2007 10:37:37 PM | Attr = ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 100080 bytes | Created Date = 23/01/2007 10:37:34 PM | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 83696 bytes | Created Date = 23/01/2007 10:37:51 PM | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 71408 bytes | Created Date = 23/01/2007 10:37:51 PM | Attr = ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Created Date = 23/01/2007 10:37:34 PM | Attr = ]
3cwmcru.sys -> %System32%\dllcache\3cwmcru.sys -> 3Com, Inc. [Ver = 1.44.008.0020 | Size = 762780 bytes | Created Date = 31/01/2007 12:18:45 AM | Attr = ]
3dfxvs.dll -> %System32%\dllcache\3dfxvs.dll -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 689216 bytes | Created Date = 31/01/2007 12:18:46 AM | Attr = ]
3dfxvsm.sys -> %System32%\dllcache\3dfxvsm.sys -> 3dfx Interactive, Inc. [Ver = 5.00.2489.0028 | Size = 148352 bytes | Created Date = 31/01/2007 12:18:47 AM | Attr = ]
a3d.dll -> %System32%\dllcache\a3d.dll -> [Ver = 80.0.0.3 | Size = 65536 bytes | Created Date = 28/01/2007 9:50:25 PM | Attr = ]
ac97ali.sys -> %System32%\dllcache\ac97ali.sys -> Acer Laboratories Inc. [Ver = 5.12.01.6003 | Size = 231552 bytes | Created Date = 31/01/2007 12:18:51 AM | Attr = ]
ac97intc.sys -> %System32%\dllcache\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Created Date = 31/01/2007 12:18:51 AM | Attr = ]
ac97sis.sys -> %System32%\dllcache\ac97sis.sys -> Silicon Integrated Systems Corp. [Ver = 5.1.2501.0 built by: WinDDK | Size = 297728 bytes | Created Date = 31/01/2007 12:18:53 AM | Attr = ]
ac97via.sys -> %System32%\dllcache\ac97via.sys -> VIA Technologies, Inc. [Ver = 5.10.00.3622 built by: WinDDK | Size = 84480 bytes | Created Date = 31/01/2007 12:18:53 AM | Attr = ]
acerscad.dll -> %System32%\dllcache\acerscad.dll -> Color Flatbed Scanner [Ver = 1, 0, 0, 0 | Size = 61440 bytes | Created Date = 31/01/2007 12:18:54 AM | Attr = ]
adm8511.sys -> %System32%\dllcache\adm8511.sys -> ADMtek Incorporated [Ver = 2.04.2001.0719 built by: WinDDK | Size = 20160 bytes | Created Date = 31/01/2007 12:18:57 AM | Attr = ]
adm8810.sys -> %System32%\dllcache\adm8810.sys -> Aureal, Inc. [Ver = 5.12.01.3500 | Size = 584448 bytes | Created Date = 31/01/2007 12:18:57 AM | Attr = ]
adm8820.sys -> %System32%\dllcache\adm8820.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 553984 bytes | Created Date = 31/01/2007 12:18:58 AM | Attr = ]
adm8830.sys -> %System32%\dllcache\adm8830.sys -> Aureal, Inc. [Ver = 5.12.01.2500 | Size = 747392 bytes | Created Date = 31/01/2007 12:18:59 AM | Attr = ]
admjoy.sys -> %System32%\dllcache\admjoy.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 10880 bytes | Created Date = 31/01/2007 12:19:00 AM | Attr = ]
adptsf50.sys -> %System32%\dllcache\adptsf50.sys -> Adaptec, Inc [Ver = V5.10.22 | Size = 46112 bytes | Created Date = 31/01/2007 12:19:01 AM | Attr = ]
ati2erec.dll -> %System32%\drivers\ati2erec.dll -> ATI Technologies Inc. [Ver = 1.0.0.4 | Size = 40960 bytes | Created Date = 28/01/2007 10:16:51 PM | Attr = ]
ati2mtag.sys -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6606 | Size = 1522688 bytes | Created Date = 28/01/2007 10:16:50 PM | Attr = ]
ativcaxx.cpa -> %System32%\drivers\ativcaxx.cpa -> [Ver = | Size = 1114674 bytes | Created Date = 28/01/2007 10:16:52 PM | Attr = ]
ativcaxx.vp -> %System32%\drivers\ativcaxx.vp -> [Ver = | Size = 929 bytes | Created Date = 28/01/2007 10:16:52 PM | Attr = ]
ativckxx.vp -> %System32%\drivers\ativckxx.vp -> [Ver = | Size = 58560 bytes | Created Date = 28/01/2007 10:16:51 PM | Attr = ]
ativvpxx.vp -> %System32%\drivers\ativvpxx.vp -> [Ver = | Size = 27504 bytes | Created Date = 28/01/2007 10:16:51 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 27/01/2007 11:08:32 AM | Attr = ]
CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Created Date = 28/01/2007 12:31:47 PM | Attr = ]
ctac32k.sys -> %System32%\drivers\ctac32k.sys -> Creative Technology Ltd [Ver = 5.12.01.0245-1.31.0050 | Size = 127948 bytes | Created Date = 28/01/2007 9:50:22 PM | Attr = ]
ctaud2k.sys -> %System32%\drivers\ctaud2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0252-1.31.0120 | Size = 837548 bytes | Created Date = 28/01/2007 9:50:23 PM | Attr = ]
ctoss2k.sys -> %System32%\drivers\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.0245-1.31.0050 | Size = 195432 bytes | Created Date = 28/01/2007 9:50:23 PM | Attr = ]
ctprxy2k.sys -> %System32%\drivers\ctprxy2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0244-1.31.0040 | Size = 11068 bytes | Created Date = 28/01/2007 9:50:23 PM | Attr = ]
ctsfm2k.sys -> %System32%\drivers\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0140-0.75.1490 (beta-release) | Size = 213860 bytes | Created Date = 28/01/2007 9:50:23 PM | Attr = ]
emupia2k.sys -> %System32%\drivers\emupia2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0244-1.31.0040 | Size = 156604 bytes | Created Date = 28/01/2007 9:50:23 PM | Attr = ]
ezplay.sys -> %System32%\drivers\ezplay.sys -> VSO Software [Ver = 8, 0, 0, 1 | Size = 94080 bytes | Created Date = 27/01/2007 3:15:54 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 4408352 bytes | Created Date = 01/01/1601 5:00:00 AM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 58460 bytes | Created Date = 01/01/1601 5:00:00 AM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 142624 bytes | Created Date = 01/01/1601 5:00:00 AM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 13508 bytes | Created Date = 01/01/1601 5:00:00 AM | Attr = HS]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Created Date = 26/01/2007 11:51:43 AM | Attr = ]
ha10kx2k.sys -> %System32%\drivers\ha10kx2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0250-1.31.0090 | Size = 998004 bytes | Created Date = 28/01/2007 9:50:24 PM | Attr = ]
klick.sys -> %System32%\drivers\klick.sys -> Kaspersky Lab [Ver = 2.0.0.348 | Size = 61584 bytes | Created Date = 23/01/2007 10:55:46 PM | Attr = ]
klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.247 | Size = 174864 bytes | Created Date = 23/01/2007 10:53:11 PM | Attr = ]
klin.sys -> %System32%\drivers\klin.sys -> Kaspersky Lab [Ver = 2.0.0.333 | Size = 59536 bytes | Created Date = 23/01/2007 10:55:46 PM | Attr = ]
pcouffin.sys -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.35 | Size = 47360 bytes | Created Date = 27/01/2007 3:15:46 PM | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.8.1 | Size = 124016 bytes | Created Date = 28/01/2007 1:10:58 PM | Attr = ]
videX32.sys -> %System32%\drivers\videX32.sys -> VIA Technologies, Inc. [Ver = 5.1.3790.140 | Size = 9728 bytes | Created Date = 28/01/2007 9:46:43 PM | Attr = R ]

[Files - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 225 bytes | Modified Date = 31/01/2007 12:03:18 AM | Attr = RHS]
rollback.ini -> %SystemDrive%\rollback.ini -> [Ver = | Size = 639 bytes | Modified Date = 31/01/2007 10:00:38 AM | Attr = ]
ScanSectorLog.dat -> %SystemDrive%\ScanSectorLog.dat -> [Ver = | Size = 512 bytes | Modified Date = 28/01/2007 7:09:50 PM | Attr = ]
WISC8BB491212D942AEB571E580D8CD1B5B_6_0_1255.MSI -> %CommonProgramFiles%\Wise Installation Wizard\WISC8BB491212D942AEB571E580D8CD1B5B_6_0_1255.MSI -> [Ver = | Size = 8005632 bytes | Modified Date = 22/01/2007 5:07:04 PM | Attr = ]
Uninstall.exe -> %CommonProgramFiles%\Blizzard Entertainment\World of Warcraft\Uninstall.exe -> [Ver = | Size = 397312 bytes | Modified Date = 09/01/2007 11:45:50 AM | Attr = ]
Uninstall.xml -> %CommonProgramFiles%\Blizzard Entertainment\World of Warcraft\Uninstall.xml -> [Ver = | Size = 33737 bytes | Modified Date = 23/01/2007 4:55:08 PM | Attr = ]
UninstallLocalization.xml -> %CommonProgramFiles%\Blizzard Entertainment\World of Warcraft\UninstallLocalization.xml -> [Ver = | Size = 328 bytes | Modified Date = 09/01/2007 11:45:50 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 31/01/2007 12:31:58 AM | Attr = S]
DVDRegionFreeLite.INI -> %SystemRoot%\DVDRegionFreeLite.INI -> [Ver = | Size = 67 bytes | Modified Date = 27/01/2007 6:14:28 PM | Attr = ]

Edited by kylewilk04, 31 January 2007 - 11:00 AM.

#29
kylewilk04

Posted 31 January 2007 - 10:59 AM

Member

Topic Starter
Member
30 posts

gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12011 | Size = 565311 bytes | Modified Date = 26/01/2007 11:51:44 AM | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 26/01/2007 11:51:50 AM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 26/01/2007 11:51:44 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1917 bytes | Modified Date = 23/01/2007 11:08:28 AM | Attr = ]
M3JPEG.INI -> %SystemRoot%\M3JPEG.INI -> [Ver = | Size = 578 bytes | Modified Date = 30/01/2007 11:23:00 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 24/01/2007 11:39:12 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 25/01/2007 8:56:02 PM | Attr = H ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 362 bytes | Modified Date = 31/01/2007 12:03:18 AM | Attr = ]
system.tmp -> %SystemRoot%\system.tmp -> [Ver = | Size = 362 bytes | Modified Date = 31/01/2007 12:03:18 AM | Attr = ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 16896 bytes | Modified Date = 25/01/2007 1:53:02 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 971 bytes | Modified Date = 31/01/2007 12:03:18 AM | Attr = ]
win.tmp -> %SystemRoot%\win.tmp -> [Ver = | Size = 971 bytes | Modified Date = 31/01/2007 12:03:18 AM | Attr = ]
zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 75512 bytes | Modified Date = 08/01/2007 2:29:40 PM | Attr = ]
{00000000-00000000-0000000D-00001102-00000002-80651102}.BAK -> %SystemRoot%\{00000000-00000000-0000000D-00001102-00000002-80651102}.BAK -> [Ver = | Size = 3373917 bytes | Modified Date = 31/01/2007 12:32:50 AM | Attr = ]
{00000000-00000000-0000000D-00001102-00000002-80651102}.CDF -> %SystemRoot%\{00000000-00000000-0000000D-00001102-00000002-80651102}.CDF -> [Ver = | Size = 3373917 bytes | Modified Date = 31/01/2007 12:32:50 AM | Attr = ]
BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> %System32%\BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> [Ver = | Size = 25296 bytes | Modified Date = 31/01/2007 12:30:08 AM | Attr = ]
BMXCtrlState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> %System32%\BMXCtrlState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> [Ver = | Size = 25296 bytes | Modified Date = 31/01/2007 12:30:08 AM | Attr = ]
BMXState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> %System32%\BMXState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> [Ver = | Size = 16516 bytes | Modified Date = 31/01/2007 12:30:08 AM | Attr = ]
BMXStateBkp-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> %System32%\BMXStateBkp-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -> [Ver = | Size = 16516 bytes | Modified Date = 31/01/2007 12:30:08 AM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 24/01/2007 11:40:26 AM | Attr = ]
DVCState-{00000000-00000000-0000000D-00001102-00000002-80651102}.dat -> %System32%\DVCState-{00000000-00000000-0000000D-00001102-00000002-80651102}.dat -> [Ver = | Size = 24 bytes | Modified Date = 31/01/2007 12:30:08 AM | Attr = ]
DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80651102}.dat -> %System32%\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80651102}.dat -> [Ver = | Size = 24 bytes | Modified Date = 31/01/2007 12:30:08 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 247104 bytes | Modified Date = 29/01/2007 11:21:26 AM | Attr = ]
libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796312 bytes | Modified Date = 08/01/2007 2:28:40 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 63304 bytes | Modified Date = 10/01/2007 2:10:48 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 404276 bytes | Modified Date = 10/01/2007 2:10:48 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 472204 bytes | Modified Date = 10/01/2007 2:10:46 PM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 11.6.8.1 | Size = 91904 bytes | Modified Date = 28/01/2007 12:35:20 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 31/01/2007 12:30:08 AM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 31/01/2007 12:30:08 AM | Attr = ]
Thumbs.db -> %System32%\Thumbs.db -> [Ver = | Size = 7680 bytes | Modified Date = 28/01/2007 10:46:02 PM | Attr = HS]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 49404 bytes | Modified Date = 31/01/2007 12:32:32 AM | Attr = ]
vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 83696 bytes | Modified Date = 08/01/2007 2:28:52 PM | Attr = ]
vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 394160 bytes | Modified Date = 08/01/2007 2:29:54 PM | Attr = ]
vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 157424 bytes | Modified Date = 08/01/2007 2:28:52 PM | Attr = ]
vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 104176 bytes | Modified Date = 08/01/2007 2:28:52 PM | Attr = ]
vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 272112 bytes | Modified Date = 08/01/2007 2:28:54 PM | Attr = ]
vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 71408 bytes | Modified Date = 08/01/2007 2:28:54 PM | Attr = ]
vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 472816 bytes | Modified Date = 08/01/2007 2:28:56 PM | Attr = ]
vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 46832 bytes | Modified Date = 08/01/2007 2:28:58 PM | Attr = ]
vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 100080 bytes | Modified Date = 08/01/2007 2:28:58 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 12598 bytes | Modified Date = 28/01/2007 10:24:46 PM | Attr = ]
zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 83696 bytes | Modified Date = 08/01/2007 2:29:00 PM | Attr = ]
zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.302.000 | Size = 71408 bytes | Modified Date = 08/01/2007 2:29:00 PM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 23/01/2007 10:52:38 PM | Attr = H ]
zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1087216 bytes | Modified Date = 08/01/2007 2:29:14 PM | Attr = ]
CO_Mon.sys -> %System32%\drivers\CO_Mon.sys -> [Ver = | Size = 28672 bytes | Modified Date = 28/01/2007 12:32:14 PM | Attr = ]
ezplay.sys -> %System32%\drivers\ezplay.sys -> VSO Software [Ver = 8, 0, 0, 1 | Size = 94080 bytes | Modified Date = 27/01/2007 3:15:56 PM | Attr = ]
fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 4408352 bytes | Modified Date = 31/01/2007 11:45:34 AM | Attr = HS]
fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 58460 bytes | Modified Date = 31/01/2007 12:30:08 AM | Attr = HS]
fidbox2.dat -> %System32%\drivers\fidbox2.dat -> [Ver = | Size = 142624 bytes | Modified Date = 31/01/2007 11:45:48 AM | Attr = HS]
fidbox2.idx -> %System32%\drivers\fidbox2.idx -> [Ver = | Size = 13508 bytes | Modified Date = 31/01/2007 12:30:08 AM | Attr = HS]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Modified Date = 26/01/2007 11:51:44 AM | Attr = ]
klick.sys -> %System32%\drivers\klick.sys -> Kaspersky Lab [Ver = 2.0.0.348 | Size = 61584 bytes | Modified Date = 23/01/2007 10:55:48 PM | Attr = ]
klin.sys -> %System32%\drivers\klin.sys -> Kaspersky Lab [Ver = 2.0.0.333 | Size = 59536 bytes | Modified Date = 23/01/2007 10:55:48 PM | Attr = ]
sptd6093.sys -> %System32%\drivers\sptd6093.sys -> [Ver = | Size = 96256 bytes | Modified Date = 23/01/2007 5:03:38 PM | Attr = ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.8.1 | Size = 124016 bytes | Modified Date = 28/01/2007 12:35:20 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Adobe\Updater\AdobeUpdaterApp.dll -> Adobe Systems Incorporated [Ver = 4, 0, 3, 26 | Size = 745984 bytes | Modified Date = 19/09/2005 11:49:16 AM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 02/03/2006 4:18:34 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Logitech\LGS460Inst\setup.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 118736 bytes | Modified Date = 22/10/2004 4:16:58 AM | Attr = ]
UPX! , UPX0 , -> %CommonProgramFiles%\Microsoft Shared\MSSearch\Bin\msclevi.exe -> [Ver = | Size = 39936 bytes | Modified Date = 27/08/2006 1:54:48 PM | Attr = ]
UPX! , UPX0 , -> %CommonProgramFiles%\Microsoft Shared\Temp\MsoService.exe -> [Ver = | Size = 291840 bytes | Modified Date = 31/08/2006 12:53:18 AM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GDSSetup.exe -> [Ver = | Size = 746600 bytes | Modified Date = 26/12/2006 11:08:28 PM | Attr = ]
PEC2 , PECompact2 , -> %CommonProgramFiles%\Real\GToolbar\GoogleToolbarInstaller.exe -> Google [Ver = 3, 0, 131, 0 | Size = 583696 bytes | Modified Date = 26/12/2006 11:08:24 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 26/12/2006 11:07:34 PM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\Real\Update_OB\rnxproc.exe -> RealNetworks, Inc. [Ver = 7.0.0.3105 | Size = 58912 bytes | Modified Date = 26/12/2006 11:07:36 PM | Attr = ]
PEC2 , -> %CommonProgramFiles%\Sony Shared\AVLib\Metallic.dll -> Sony Corporation [Ver = 2.8.00.12140 | Size = 237568 bytes | Modified Date = 21/03/2005 7:33:36 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 29/08/2002 7:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.4.0.51 | Size = 635486 bytes | Modified Date = 12/12/2006 11:25:20 AM | Attr = ]
Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 26/12/2006 11:08:08 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 29/08/2002 7:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 29/08/2002 7:00:00 AM | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04/08/2004 12:41:38 AM | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04/08/2004 12:41:38 AM | Attr = ]

< End of report >

Did you mean my start-up log that I couldn't post, because I don't have anything from bitdefender.