Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE problems - am I infected?


  • Please log in to reply

#1
youngratty

youngratty

    Member

  • Member
  • PipPip
  • 59 posts
I can't open more than one IE browser at a time, certain programmes crash or freeze. I don't get any error messages,but the whole system has slowed to a crawl - all internet pages take forever to load and mostly only part load before freezing.
I've gone through all the recommended tests and scans and am posting the logs here.
Please would some kind geek take a look at my SUPERAntiSpyware Scan Log/Panda Active Scan/Hijackthis log and see if they can spot what's going on??
Many, many thanks
Youngratty :whistling:

SUPERAntiSpyware Scan Log
Generated 07/04/2007 at 11:07 PM

Application Version : 3.6.1000

Core Rules Database Version : 3265
Trace Rules Database Version: 1276

Scan type : Quick Scan
Total Scan Time : 00:42:38

Memory items scanned : 563
Memory threats detected : 0
Registry items scanned : 787
Registry threats detected : 9
File items scanned : 45235
File threats detected : 0

Adware.MyWebSearch
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable






Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr
Adware:adware/wupd Not disinfected c:\program files\Media Pass
Spyware:spyware/dluca Not disinfected Windows Registry
Dialer:dialer.dgi Not disinfected hkey_local_machine\software\Mpb
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.com.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[.xiti.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Haze\Application Data\Mozilla\Firefox\Profiles\drlr0hzk.default\cookies.txt[ad.yieldmanager.com/]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\riched20.dll


Logfile of HijackThis v1.99.1
Scan saved at 09:16:58, on 05/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Inetcam\iVISTA40\programs\ivista.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
C:\Program Files\iFinger\iFinger.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\Inetcam\iVISTA40\Programs\Inetcamserver.exe
C:\Program Files\Inetcam\iVISTA40\Programs\iws.exe
C:\Program Files\Inetcam\iVISTA40\Programs\iws.exe
C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\SmartProductUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by evesham.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = nott-cache-1.server.ntli.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AntivirusRegistration] c:\WINDOWS\system32\EzAntivirusRegistrationCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iVISTA] C:\Program Files\Inetcam\iVISTA40\programs\ivista.exe -tray
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Desktop Boycott] C:\Program Files\DA Group\Desktop Boycott\DesktopBoycott.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O4 - Global Startup: iFinger 2.1.lnk = C:\Program Files\iFinger\iFinger.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136139114515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory....ap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify305.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
racenutalways

racenutalways

    Member 1K

  • Retired Staff
  • 1,663 posts
Hello youngratty and welcome to G2G.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\windows\system32\f3PSSavr.scr
    c:\program files\Media Pass
    C:\Program Files\MSN Messenger\riched20.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • <list of options>
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
  • 0

#3
youngratty

youngratty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hello - thanks for your welcome and for picking up this one!

I followed your instructions (and didn't get a PendingFileRename Operations prompt when running Killbox).

I'm pasting the WinPFind3u repost below...

Many thanks again for your help it's very much appreciated.
- youngratty :whistling:

WinPFind3 logfile created on: 10/07/2007 17:09:05
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Haze\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

511.48 Mb Total Physical Memory | 118.70 Mb Available Physical Memory | 23.21% Memory free
1.22 Gb Paging File | 0.89 Gb Available in Paging File | 72.59% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 69.07 Gb Free Space | 46.34% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: EVESHAM
Current User Name: Haze
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
apache.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.47 | Size = 20541 bytes | Modified Date = 12/01/2004 20:07:46 | Attr = ]
apache.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.47 | Size = 20541 bytes | Modified Date = 12/01/2004 20:07:46 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 10/06/2004 22:44:56 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 10/06/2004 22:44:56 | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5113 | Size = 339968 bytes | Modified Date = 10/06/2004 21:10:00 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 22/04/2007 22:11:06 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 22/04/2007 22:11:08 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.474 | Size = 352768 bytes | Modified Date = 01/07/2007 12:08:22 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 21/03/2007 11:15:46 | Attr = ]
aware.exe -> %ProgramFiles%\SMART Board Software\Aware.exe -> SMART Technologies Inc. [Ver = 9.5.56.2 | Size = 1515520 bytes | Modified Date = 27/06/2006 04:25:54 | Attr = ]
bigfix.exe -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 31/07/2002 10:22:26 | Attr = ]
connectautoupdate.exe -> %ProgramFiles%\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe -> Sony Corporation [Ver = 1.0.02.11150 | Size = 2799176 bytes | Modified Date = 15/11/2005 04:45:38 | Attr = ]
connectautrayapp.exe -> %ProgramFiles%\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe -> Sony Corporation [Ver = 1.0.00.10120 | Size = 114688 bytes | Modified Date = 15/11/2005 03:54:02 | Attr = ]
connectscheduler.exe -> %ProgramFiles%\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe -> Sony Corporation [Ver = 1.0.00.10120 | Size = 69632 bytes | Modified Date = 15/11/2005 03:54:18 | Attr = ]
gmrman.exe -> %CommonProgramFiles%\Sony Shared\GMR\GMRMan.exe -> Sony Corporation [Ver = 1.0.01.15080 | Size = 91720 bytes | Modified Date = 08/03/2006 19:56:14 | Attr = ]
ifinger.exe -> %ProgramFiles%\iFinger\iFinger.exe -> iFinger Ltd [Ver = 2.1.2.1 | Size = 2064384 bytes | Modified Date = 05/02/2004 12:22:28 | Attr = ]
inetcamserver.exe -> %ProgramFiles%\Inetcam\iVISTA40\programs\Inetcamserver.exe -> [Ver = 1, 0, 0, 1 | Size = 90112 bytes | Modified Date = 02/08/2001 16:23:52 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 14/03/2007 19:05:48 | Attr = ]
ivista.exe -> %ProgramFiles%\Inetcam\iVISTA40\programs\iVista.exe -> Inetcam, Inc. [Ver = v 4.1 beta ENU | Size = 851968 bytes | Modified Date = 13/11/2001 19:19:16 | Attr = ]
iws.exe -> %ProgramFiles%\Inetcam\iVISTA40\programs\iws.exe -> [Ver = | Size = 20480 bytes | Modified Date = 11/04/2001 18:22:32 | Attr = ]
iws.exe -> %ProgramFiles%\Inetcam\iVISTA40\programs\iws.exe -> [Ver = | Size = 20480 bytes | Modified Date = 11/04/2001 18:22:32 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10/11/2005 14:03:52 | Attr = ]
marker.exe -> %ProgramFiles%\SMART Board Software\Marker.exe -> SMART Technologies Inc. [Ver = 9.5.56.2 | Size = 1605632 bytes | Modified Date = 27/06/2006 04:29:10 | Attr = ]
monitor.exe -> %ProgramFiles%\OLYMPUS\OLYMPUS Master\monitor.exe -> OLYMPUS IMAGING CORP. [Ver = 1, 3, 1, 2 | Size = 57344 bytes | Modified Date = 19/07/2005 12:14:00 | Attr = ]
motivesb.exe -> %ProgramFiles%\ntl\broadband medic\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.6.7.asst_classic.smartbridge.20031210_035000 | Size = 380928 bytes | Modified Date = 30/12/2003 11:40:24 | Attr = ]
mpbtn.exe -> %ProgramFiles%\ntl\broadband medic\bin\mpbtn.exe -> [Ver = | Size = 192512 bytes | Modified Date = 10/10/2003 10:06:10 | Attr = ]
nsvcip.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe -> [Ver = | Size = 90173 bytes | Modified Date = 29/01/2004 01:16:02 | Attr = ]
nsvclog.exe -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe -> [Ver = | Size = 53313 bytes | Modified Date = 29/01/2004 01:15:18 | Attr = ]
opware32.exe -> %ProgramFiles%\Caere\OmniPagePro90\OPware32.exe -> Caere Corporation [Ver = 9.0 | Size = 44032 bytes | Modified Date = 12/10/1998 19:13:46 | Attr = ]
opwarese2.exe -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\OpwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 08/05/2003 11:00:58 | Attr = ]
osa.exe -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 51984 bytes | Modified Date = 06/08/1997 01:00:00 | Attr = ]
pcletray.exe -> %ProgramFiles%\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe -> Pinnacle Systems [Ver = 1.0.0.35 | Size = 772096 bytes | Modified Date = 06/05/2004 15:14:30 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 16/02/2007 10:54:04 | Attr = ]
sgbhp.exe -> %ProgramFiles%\SpywareGuard\sgbhp.exe -> [Ver = 2.02.0001 | Size = 233472 bytes | Modified Date = 29/08/2003 11:14:58 | Attr = ]
sgmain.exe -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 29/08/2003 19:05:36 | Attr = ]
smartboardservice.exe -> %ProgramFiles%\SMART Board Software\SMARTBoardService.exe -> SMART Technologies Inc. [Ver = 9.5.56.2 | Size = 970752 bytes | Modified Date = 27/06/2006 04:20:30 | Attr = ]
smartboardtools.exe -> %ProgramFiles%\SMART Board Software\SMARTBoardTools.exe -> SMART Technologies Inc. [Ver = 9.5.56.2 | Size = 3371008 bytes | Modified Date = 27/06/2006 04:28:24 | Attr = ]
smartproductupdate.exe -> %CommonProgramFiles%\SMART Technologies Inc\SMART Product Update\SmartProductUpdate.exe -> SMART Technologies Inc. [Ver = 3.0.20.2 | Size = 172032 bytes | Modified Date = 12/06/2006 15:36:24 | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.27 | Size = 67072 bytes | Modified Date = 14/05/2004 15:47:18 | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 05/07/2007 09:12:36 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.1.744.001 | Size = 1693464 bytes | Modified Date = 16/03/2006 11:33:12 | Attr = ]
wincinemamgr.exe -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = 1.7.1 | Size = 114688 bytes | Modified Date = 11/07/2003 04:12:26 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 23/06/2007 15:15:54 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.1.744.001 | Size = 755480 bytes | Modified Date = 16/03/2006 11:34:00 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 10/06/2004 22:44:56 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0020 | Size = 516096 bytes | Modified Date = 10/06/2004 21:10:00 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 22/04/2007 22:11:06 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 21/03/2007 11:15:46 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.474 | Size = 352768 bytes | Modified Date = 01/07/2007 12:08:22 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 13:00:00 | Attr = ]
(ForcewareWebInterface) Forceware Web Interface [Win32_Own | Auto | Running] -> %SystemDrive%\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.47 | Size = 20541 bytes | Modified Date = 12/01/2004 20:07:46 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 00:41:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 14/03/2007 19:05:42 | Attr = ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 53337 bytes | Modified Date = 30/08/2005 16:00:50 | Attr = ]
(nSvcIp) ForceWare IP service [Win32_Own | Auto | Running] -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe -> [Ver = | Size = 90173 bytes | Modified Date = 29/01/2004 01:16:02 | Attr = ]
(nSvcLog) ForceWare user log service [Win32_Own | Auto | Running] -> %SystemDrive%\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe -> [Ver = | Size = 53313 bytes | Modified Date = 29/01/2004 01:15:18 | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 53337 bytes | Modified Date = 30/08/2005 15:55:18 | Attr = ]
(SMART Board Service) SMART Board Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SMART Board Software\SMARTBoardService.exe -> SMART Technologies Inc. [Ver = 9.5.56.2 | Size = 970752 bytes | Modified Date = 27/06/2006 04:20:30 | Attr = ]
(Sony SCSI Helper Service) Sony SCSI Helper Service [Win32_Shared | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\Fsk\SonySCSIHelperService.exe -> Sony Corporation [Ver = 1, 0, 0, 08010 | Size = 79432 bytes | Modified Date = 11/04/2006 12:08:16 | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.3.00.08302 | Size = 69718 bytes | Modified Date = 30/08/2005 15:49:34 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.1.744.001 | Size = 1693464 bytes | Modified Date = 16/03/2006 11:33:12 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AntivirusRegistration -> %System32%\EzAntivirusRegistrationCheck.exe -> File not found
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5113 | Size = 339968 bytes | Modified Date = 10/06/2004 21:10:00 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 22/04/2007 22:11:08 | Attr = ]
CONNECTScheduler -> %ProgramFiles%\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe -> Sony Corporation [Ver = 1.0.00.10120 | Size = 69632 bytes | Modified Date = 15/11/2005 03:54:18 | Attr = ]
Desktop Boycott -> %ProgramFiles%\DA Group\Desktop Boycott\DesktopBoycott.exe -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 14/03/2007 19:05:48 | Attr = ]
iVISTA -> %ProgramFiles%\Inetcam\iVISTA40\programs\iVista.exe -> Inetcam, Inc. [Ver = v 4.1 beta ENU | Size = 851968 bytes | Modified Date = 13/11/2001 19:19:16 | Attr = ]
Motive SmartBridge -> %ProgramFiles%\ntl\broadband medic\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.6.7.asst_classic.smartbridge.20031210_035000 | Size = 380928 bytes | Modified Date = 30/12/2003 11:40:24 | Attr = ]
OmniPage -> %ProgramFiles%\Caere\OmniPagePro90\OPware32.exe -> Caere Corporation [Ver = 9.0 | Size = 44032 bytes | Modified Date = 12/10/1998 19:13:46 | Attr = ]
OpwareSE2 -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\OpwareSE2.exe -> ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Modified Date = 08/05/2003 11:00:58 | Attr = ]
PinnacleDriverCheck -> %System32%\PSDrvCheck.exe -> [Ver = 1.0.0.63 | Size = 406016 bytes | Modified Date = 04/12/2003 12:34:44 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 16/02/2007 10:54:04 | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.27 | Size = 67072 bytes | Modified Date = 14/05/2004 15:47:18 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10/11/2005 14:03:52 | Attr = ]
Zone Labs Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.1.744.001 | Size = 755480 bytes | Modified Date = 16/03/2006 11:34:00 | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
InstantTray -> %ProgramFiles%\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe -> Pinnacle Systems [Ver = 1.0.0.35 | Size = 772096 bytes | Modified Date = 06/05/2004 15:14:30 | Attr = ]
OM_Monitor -> %ProgramFiles%\OLYMPUS\OLYMPUS Master\monitor.exe -> OLYMPUS IMAGING CORP. [Ver = 1, 3, 1, 2 | Size = 57344 bytes | Modified Date = 19/07/2005 12:14:00 | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 05/07/2007 09:12:36 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 22:05:26 | Attr = ]
%AllUsersStartup%\BigFix.lnk -> %ProgramFiles%\BigFix\BigFix.exe -> BigFix Inc. [Ver = 1, 7, 6, 0 | Size = 1742384 bytes | Modified Date = 31/07/2002 10:22:26 | Attr = ]
%AllUsersStartup%\broadband medic.lnk -> %ProgramFiles%\ntl\broadband medic\bin\matcli.exe -> Motive Communications, Inc. [Ver = 5.6.1.asst_classic.asst_matcli.20031010_085000 | Size = 217088 bytes | Modified Date = 10/10/2003 10:06:10 | Attr = ]
%AllUsersStartup%\CONNECTAUTrayApp.lnk -> %ProgramFiles%\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe -> Sony Corporation [Ver = 1.0.00.10120 | Size = 114688 bytes | Modified Date = 15/11/2005 03:54:02 | Attr = ]
%AllUsersStartup%\iFinger 2.1.lnk -> %ProgramFiles%\iFinger\iFinger.exe -> iFinger Ltd [Ver = 2.1.2.1 | Size = 2064384 bytes | Modified Date = 05/02/2004 12:22:28 | Attr = ]
%AllUsersStartup%\InterVideo WinCinema Manager.lnk -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = 1.7.1 | Size = 114688 bytes | Modified Date = 11/07/2003 04:12:26 | Attr = ]
%AllUsersStartup%\Microsoft Find Fast.lnk -> %ProgramFiles%\Microsoft Office\Office\FINDFAST.EXE -> [Ver = | Size = 111376 bytes | Modified Date = 06/08/1997 01:00:00 | Attr = ]
%AllUsersStartup%\Office Startup.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 51984 bytes | Modified Date = 06/08/1997 01:00:00 | Attr = ]
%AllUsersStartup%\SMART Board Tools.lnk -> %ProgramFiles%\SMART Board Software\SMARTBoardTools.exe -> SMART Technologies Inc. [Ver = 9.5.56.2 | Size = 3371008 bytes | Modified Date = 27/06/2006 04:28:24 | Attr = ]
< User Startup > -> C:\Documents and Settings\Haze\Start Menu\Programs\Startup ->
%UserStartup%\SpywareGuard.lnk -> %ProgramFiles%\SpywareGuard\sgmain.exe -> [Ver = 2.02.0001 | Size = 360448 bytes | Modified Date = 29/08/2003 19:05:36 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20/12/2006 12:55:48 | Attr = ]
{81559C35-8464-49F7-BB0E-07A383BEF910} [HKLM] -> %ProgramFiles%\SpywareGuard\spywareguard.dll [] -> [Ver = 2.02 | Size = 126976 bytes | Modified Date = 02/08/2003 23:20:58 | Attr = R ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 05/07/2007 09:12:36 | Attr = ]
AtiExtEvent -> %System32%\ati2evxx.dll -> [Ver = | Size = 86016 bytes | Modified Date = 10/06/2004 22:46:34 | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
< HOSTS File > (736 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.google.co.uk/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> 127.0.0.1 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00011268-E188-40DF-A514-835FCD78B1BF} [HKLM] -> %ProgramFiles%\IE7pro\IE7pro.dll [IE7pro BHO] -> IE7pro.com [Ver = 0, 9, 0, 10 | Size = 520192 bytes | Modified Date = 10/02/2007 17:38:38 | Attr = ]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} [HKLM] -> %ProgramFiles%\SpywareGuard\dlprotect.dll [SpywareGuardDLBLOCK.CBrowserHelper] -> [Ver = 2.02 | Size = 192512 bytes | Modified Date = 02/08/2003 23:24:02 | Attr = R ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
{67BCF957-85FC-4036-8DC4-D4D80E00A77B} [HKLM] -> %ProgramFiles%\SMART Board Software\NotebookPlugin.dll [CIEDownload Object] -> SMART Technologies Inc. [Ver = 9.5.56.2 | Size = 602112 bytes | Modified Date = 27/06/2006 04:39:12 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 14:22:10 | Attr = ]
{A114D52B-870C-4F15-8021-B6D7F91A054B} [HKLM] -> %ProgramFiles%\iFinger\plugins\IE.ifp [iFinger plugin / Browser helper object] -> iFinger Ltd [Ver = 2.0.5.5 | Size = 349184 bytes | Modified Date = 09/07/2001 17:35:02 | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 5, 1, 6 | Size = 405504 bytes | Modified Date = 26/08/2004 11:27:32 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} -> Reg Data - Value does not exist [ButtonText: IE7pro Preferences] -> File not found
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10/11/2005 14:22:10 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 14:22:10 | Attr = ]
{936E5D60-596C-11D3-BB96-00600816DF55} -> Reg Data - Value does not exist [ButtonText: iFinger] -> File not found
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> %ProgramFiles%\PartyPoker\PartyPoker.exe [ButtonText: PartyPoker.com] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
{F4430FE8-2638-42e5-B849-800749B94EED} -> %ProgramFiles%\PartyGaming.Net\PartyPokerNet\RunPF.exe [ButtonText: PartyPoker.net] -> [Ver = 1, 0, 0, 2 | Size = 110592 bytes | Modified Date = 14/03/2007 22:54:16 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_AddToList.htm -> File not found
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_HSPrint.htm -> File not found
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Preview.htm -> File not found
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Print.htm -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\ ->
.spop -> %ProgramFiles%\Internet Explorer\Plugins\NPDocBox.dll [Reg Data - Value does not exist] -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0460726B-3316-4131-8F9C-F1DC903EEA83} -> () ->
{096A905B-6249-468B-BC1B-C784AF74FB41} -> () ->
{24876B51-1B55-4DAA-8273-4BC9B9F9A63E} -> (1394 Net Adapter) ->
{7675C0BB-2739-4B90-89E3-3DFD226B906E} -> (Belkin 54Mbps Wireless USB Network Adapter) ->
{AE7BD3CC-555B-4BED-BCBD-20301BD3E6D7} -> (USB Cable Modem (NDIS5)) ->
{CDF0A90E-F10E-443B-B026-77420219A714} -> (3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX)) ->
{F21DA421-7719-4137-9A3B-1DCA3C5263C4} -> (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{00B71CFB-6864-4346-A978-C0A14556272C} -> Checkers Class - CodeBase = http://messenger.zon...kr.cab31267.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://a1540.g.akama...ex/qtplugin.cab ->
{14B87622-7E19-4EA8-93B3-97215F77A6BC} -> MessengerStatsClient Class - CodeBase = http://messenger.zon...nt.cab31267.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.micr...heckControl.cab ->
{2917297F-F02B-4B9D-81DF-494B6333150B} -> Minesweeper Flags Class - CodeBase = http://messenger.zon...er.cab31267.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://spaces.msn.co...ad/MsnPUpld.cab ->
{55027008-315F-4F45-BBC3-8BE119764741} -> Slide Image Uploader Control - CodeBase = http://www.slide.com...ageUploader.cab ->
{5D6F45B3-9043-443D-A792-115447494D24} -> UnoCtrl Class - CodeBase = http://messenger.zon...1/GAME_UNO1.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.micros...b?1136139114515 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zon...nt.cab31267.cab ->
{9122D757-5A4F-4768-82C5-B4171D8556A7} -> PhotoPickConvert Class - CodeBase = http://appdirectory....ap/PhtPkMSN.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab ->
{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} -> BatchDownloader Class - CodeBase = http://appdirectory....ap/DigWXMSN.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn...pDownloader.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ZoneIntro Class - CodeBase = http://messenger.zon...ro.cab32846.cab ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zon...nt.cab56907.cab ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macr...ash/swflash.cab ->
{E6187999-9FEC-46A1-A20F-F4CA977D5643} -> ZoneChess Object - CodeBase = http://messenger.zon...ss.cab31267.cab ->
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -> Solitaire Showdown Class - CodeBase = http://messenger.zon...wn.cab31267.cab ->
{F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} -> Zoom Class - CodeBase = http://www.zoomify.c.../zoomify305.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
RaptisoftGameLoader -> - CodeBase = http://www.miniclip....tgameloader.cab ->


[Files/Folders - Created Within 30 days]
!KillBox -> %SystemDrive%\!KillBox -> [Folder | Created Date = 10/07/2007 15:58:05 | Attr = ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 13/06/2007 19:05:15 | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 13/06/2007 19:02:22 | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 13/06/2007 19:05:08 | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 04/07/2007 22:26:12 | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 04/07/2007 22:26:43 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 04/07/2007 22:26:16 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 04/07/2007 22:26:15 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 04/07/2007 22:26:16 | Attr = ]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 04/07/2007 22:26:43 | Attr = ]

[Files/Folders - Modified Within 30 days]
!KillBox -> %SystemDrive%\!KillBox -> [Folder | Modified Date = 10/07/2007 16:59:44 | Attr = ]
4479072cb03fb5fb678b7af747 -> %SystemDrive%\4479072cb03fb5fb678b7af747 -> [Folder | Modified Date = 04/07/2007 23:35:30 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 04/07/2007 22:20:38 | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Modified Date = 10/07/2007 17:01:22 | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/07/2007 17:03:06 | Attr = R ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 09/07/2007 15:09:38 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 13/06/2007 13:55:40 | Attr = H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 04/07/2007 22:10:14 | Attr = H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 04/07/2007 22:02:10 | Attr = H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 04/07/2007 22:09:40 | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 05/07/2007 00:54:22 | Attr = ]
ArtGalry.cag -> %SystemRoot%\ArtGalry.cag -> [Ver = | Size = 96256 bytes | Modified Date = 12/06/2007 09:48:48 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/07/2007 17:01:24 | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 05/07/2007 00:55:12 | Attr = S]
Haze.acl -> %SystemRoot%\Haze.acl -> [Ver = | Size = 35848 bytes | Modified Date = 12/06/2007 19:25:52 | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 22/06/2007 14:49:08 | Attr = ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 13/06/2007 20:01:44 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 04/07/2007 22:10:02 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 05/07/2007 00:59:14 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 04/07/2007 22:20:38 | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 10/07/2007 16:51:50 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 21/06/2007 18:41:52 | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 30/06/2007 23:51:02 | Attr = ]
outlook.pst -> %SystemRoot%\outlook.pst -> [Ver = | Size = 311296 bytes | Modified Date = 05/07/2007 01:06:10 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 10/07/2007 17:05:28 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 01/07/2007 11:36:30 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 05/07/2007 01:02:34 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 10/07/2007 17:01:20 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 10/07/2007 17:01:56 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 990 bytes | Modified Date = 10/07/2007 17:02:06 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/07/2007 17:01:26 | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 05/07/2007 01:02:38 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 04/07/2007 21:39:04 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 05/07/2007 01:02:48 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 05/07/2007 01:02:58 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 04/07/2007 23:18:12 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 05/07/2007 01:04:00 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 04/07/2007 23:26:18 | Attr = ]
NtmsData -> %System32%\NtmsData -> [Folder | Modified Date = 17/06/2007 16:01:34 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 04/07/2007 23:26:18 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 68202 bytes | Modified Date = 17/06/2007 15:35:16 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 414500 bytes | Modified Date = 17/06/2007 15:35:16 | Attr = ]
ShellExt -> %System32%\ShellExt -> [Folder | Modified Date = 05/07/2007 01:05:02 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 04/07/2007 23:26:18 | Attr = ]
vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 35986 bytes | Modified Date = 10/07/2007 17:01:52 | Attr = H ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 05/07/2007 01:05:32 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 10/07/2007 17:02:00 | Attr = ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 05/07/2007 01:05:40 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.476 | Size = 820928 bytes | Modified Date = 01/07/2007 12:08:18 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 19904 bytes | Modified Date = 01/07/2007 12:08:18 | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.26 | Size = 14268928 bytes | Modified Date = 14/05/2004 17:26:34 | Attr = ]
Thawte Consulting , -> %System32%\ddmon.dll -> [Ver = | Size = 24048 bytes | Modified Date = 21/02/2005 15:52:38 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 04/08/2004 13:00:00 | Attr = ]
Thawte Consulting , -> %System32%\mfimgvwr.ocx -> MyFamily.com, Inc. [Ver = 2.0.0.1 | Size = 181752 bytes | Modified Date = 09/04/2005 10:44:18 | Attr = ]
PEC2 , -> %System32%\ODBCJET.HLP -> [Ver = | Size = 163384 bytes | Modified Date = 06/08/1997 01:00:00 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 04/08/2004 13:00:00 | Attr = ]
Thawte Consulting , -> %System32%\XceedZip.dll -> Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com [Ver = 5.0.92.0 | Size = 426528 bytes | Modified Date = 24/10/2002 15:47:56 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.476 | Size = 820928 bytes | Modified Date = 01/07/2007 12:08:18 | Attr = ]

< End of report >
  • 0

#4
racenutalways

racenutalways

    Member 1K

  • Retired Staff
  • 1,663 posts
Let me know how things are running.

Go to Start > Run
Type: regedit Click OK.
On the leftside, click to highlight My Computer at the top.
Go up to "File > Export". Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put backup

Choose to save it to C:\ or somewhere else safe so that you will remember where you put it (don't put it on the desktop!)
Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

Open Notepad, and copy everything inside the code box below (Starting with REGEDIT4) and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixit.reg on your Desktop. Make sure there is NO blank line above REGEDIT4

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]

[-HKEY_LOCAL_MACHINE\Software\Mpb]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}]



Locate fixit.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Java is outdated, this needs to be kept updated as it poses a security vulnerability.

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
    Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
  • If you are unable to update you can manually update by going here:
  • After the reboot, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
    Downloaded Applications
    Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Run HJT again and post those results in your next reply along the AVG AS report.
  • 0

#5
youngratty

youngratty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Thanks.
I followed your instructions - though the AVG antivirus didn't generate a report - (it found only some tracking cookies during the scan).

New HJT log below.
thanks again :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 11:48:16, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Inetcam\iVISTA40\programs\ivista.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\SmartProductUpdate.exe
C:\Program Files\Inetcam\iVISTA40\Programs\Inetcamserver.exe
C:\Program Files\Inetcam\iVISTA40\Programs\iws.exe
C:\Program Files\Inetcam\iVISTA40\Programs\iws.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by evesham.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = nott-cache-1.server.ntli.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AntivirusRegistration] c:\WINDOWS\system32\EzAntivirusRegistrationCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iVISTA] C:\Program Files\Inetcam\iVISTA40\programs\ivista.exe -tray
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Desktop Boycott] C:\Program Files\DA Group\Desktop Boycott\DesktopBoycott.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O4 - Global Startup: iFinger 2.1.lnk = C:\Program Files\iFinger\iFinger.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136139114515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory....ap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify305.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#6
racenutalways

racenutalways

    Member 1K

  • Retired Staff
  • 1,663 posts
Everything is looking good, how things running?
  • 0

#7
youngratty

youngratty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Thanks, Good to hear it's looking ok from where you are...

It's still very slow though ... won't load the likes of MSN Messenger at all. With other programs it gets as far as the front page and then grinds very slowly after that...
Mmmm... any thoughts?? :whistling:
  • 0

#8
racenutalways

racenutalways

    Member 1K

  • Retired Staff
  • 1,663 posts
Sorry to hear that things aren't running good, we will ge tto the bottom of this.

Download Dr.Web CureIt to the desktop:

* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, in the menu, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#9
youngratty

youngratty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Thanks for sticking with this so loyally! :whistling:

Here's the Dr/Web Cureit report followed by the DSS two reports...

f3PSSavr.scr;C:\!KillBox;Adware.Msearch;Incurable.Moved.;
riched20.dll;C:\!KillBox;Adware.Msearch;Incurable.Moved.;
A0130755.scr;C:\System Volume Information\_restore{C2A1E66C-4D78-447D-ADA8-3D52D24E968E}\RP944;Adware.Msearch;Incurable.Moved.;
A0130756.dll;C:\System Volume Information\_restore{C2A1E66C-4D78-447D-ADA8-3D52D24E968E}\RP944;Adware.Msearch;Incurable.Moved.;
Abaclient.exe;C:\Program Files\Abacast;Probably DLOADER.Trojan;Incurable.Moved.;
WebServer.exe;C:\Program Files\SMART Board Software;Probably BACKDOOR.Trojan;Incurable.Moved.;

Deckard's System Scanner v20070711.54
Run by Haze on 2007-07-14 at 17:17:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2007-07-14 16:17:57 UTC - RP950 - Deckard's System Scanner Restore Point
11: 2007-07-13 20:03:29 UTC - RP949 - System Checkpoint
10: 2007-07-12 10:31:22 UTC - RP948 - Installed Java™ SE Runtime Environment 6 Update 1
9: 2007-07-11 22:50:32 UTC - RP947 - Software Distribution Service 3.0
8: 2007-07-11 16:52:39 UTC - RP946 - System Checkpoint


-- First Restore Point --
1: 2007-07-04 20:57:46 UTC - RP939 - Software Distribution Service 3.0


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Haze.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 17:19:22, on 14/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Inetcam\iVISTA40\programs\ivista.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Inetcam\iVISTA40\Programs\Inetcamserver.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\Program Files\Inetcam\iVISTA40\Programs\iws.exe
C:\Program Files\Inetcam\iVISTA40\Programs\iws.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
C:\Program Files\iFinger\iFinger.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\SmartProductUpdate.exe
C:\Documents and Settings\Haze\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Haze.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by evesham.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = nott-cache-1.server.ntli.net:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AntivirusRegistration] c:\WINDOWS\system32\EzAntivirusRegistrationCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iVISTA] C:\Program Files\Inetcam\iVISTA40\programs\ivista.exe -tray
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Desktop Boycott] C:\Program Files\DA Group\Desktop Boycott\DesktopBoycott.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O4 - Global Startup: iFinger 2.1.lnk = C:\Program Files\iFinger\iFinger.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.evesham.com/
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136139114515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory....ap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.c.../zoomify305.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 vobiw - c:\windows\system32\drivers\vobiw.sys <Not Verified; Pinnacle Systems GmbH; InstantWrite>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 cdrdrv - c:\windows\system32\drivers\cdrdrv.sys <Not Verified; Pinnacle Systems GmbH; InstantWrite>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 bkn50USB (Belkin 54Mbps Wireless USB Network Adapter) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 tbntnd5 (USB Cable Modem NDIS driver) - c:\windows\system32\drivers\tbntnd5.sys <Not Verified; MCCI; USB Cable Modem>
S3 tbntunic (USB Cable Modem WDM driver) - c:\windows\system32\drivers\tbntunic.sys <Not Verified; MCCI; USB Cable Modem>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ForcewareWebInterface (Forceware Web Interface) - "c:\nvidia\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcIp (ForceWare IP service) - c:\nvidia\networkaccessmanager\bin\nsvcip.exe
R2 nSvcLog (ForceWare user log service) - c:\nvidia\networkaccessmanager\bin\nsvclog.exe
R2 SMART Board Service - "c:\program files\smart board software\smartboardservice.exe" <Not Verified; SMART Technologies Inc.; SMART Board Software>


-- Scheduled Tasks -------------------------------------------------------------

2007-04-12 17:38:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-06-14 and 2007-07-14 -----------------------------

2007-07-14 12:58:22 0 d-------- C:\Documents and Settings\Haze\DoctorWeb
2007-07-10 16:58:05 0 d-------- C:\!KillBox
2007-07-04 23:26:12 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-04 22:20:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-07-04 22:20:33 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-07-04 22:20:33 0 d-------- C:\Documents and Settings\Haze\Application Data\SUPERAntiSpyware.com
2007-07-01 11:34:03 0 d-------- C:\Documents and Settings\Haze\Application Data\InstallShield
2007-06-30 10:49:37 0 d-------- C:\Documents and Settings\Haze\Application Data\Microsoft Games
2007-06-27 21:40:51 0 d-------- C:\Program Files\Typing Tutor
2007-06-27 21:24:52 0 d-------- C:\Program Files\Spex+
2007-06-17 15:39:45 0 d-------- C:\Program Files\Disc2Phone


-- Find3M Report ---------------------------------------------------------------

2007-07-14 17:07:39 0 d-------- C:\Program Files\SMART Board Software
2007-07-14 17:07:30 0 d-------- C:\Program Files\Abacast
2007-07-14 12:53:40 0 d-------- C:\Documents and Settings\Haze\Application Data\AVG7
2007-07-12 11:34:12 0 d-------- C:\Program Files\Java
2007-07-10 17:01:19 0 d-------- C:\Program Files\MSN Messenger
2007-07-05 00:52:14 0 d-------- C:\Program Files\SpywareGuard
2007-07-05 00:50:15 0 d-------- C:\Program Files\QuickTime
2007-07-05 00:43:56 0 d-------- C:\Program Files\iTunes
2007-07-05 00:43:23 0 d-------- C:\Program Files\iFinger
2007-07-05 00:43:18 0 d-------- C:\Program Files\IE7pro
2007-07-05 00:40:53 0 d-------- C:\Program Files\BigFix
2007-07-04 22:20:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-01 11:34:03 0 d-------- C:\Program Files\SEGA
2007-07-01 11:34:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-01 11:34:03 0 d-------- C:\Documents and Settings\Haze\Application Data\My Games
2007-07-01 11:33:34 0 d-------- C:\Program Files\Microsoft Games
2007-06-30 22:49:56 0 d-------- C:\Program Files\SpywareBlaster
2007-06-13 17:45:32 20166 --a------ C:\Documents and Settings\Haze\Application Data\wklnhst.dat
2007-06-09 20:48:09 0 d-------- C:\Program Files\DA Group
2007-05-31 22:24:07 0 d-------- C:\Program Files\ICT Self Assessment
2007-05-31 22:23:32 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-05-31 22:23:31 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-05-20 11:37:27 0 d-------- C:\Program Files\Common Files\Cadsoft
2007-05-20 11:37:18 0 d-------- C:\Program Files\Cadsoft


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00011268-E188-40DF-A514-835FCD78B1BF} C:\Program Files\IE7pro\IE7pro.dll
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{67BCF957-85FC-4036-8DC4-D4D80E00A77B} C:\Program Files\SMART Board Software\NotebookPlugin.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
{A114D52B-870C-4F15-8021-B6D7F91A054B} C:\PROGRA~1\iFinger\plugins\IE.ifp
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-gb\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AntivirusRegistration"="c:\\WINDOWS\\system32\\EzAntivirusRegistrationCheck.exe"
"SoundMan"="SOUNDMAN.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"OmniPage"="C:\\Program Files\\Caere\\OmniPagePro90\\opware32.exe"
"Motive SmartBridge"="C:\\PROGRA~1\\ntl\\BROADB~1\\SMARTB~1\\MotiveSB.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"iVISTA"="C:\\Program Files\\Inetcam\\iVISTA40\\programs\\ivista.exe -tray"
"OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"CONNECTScheduler"="\"C:\\Program Files\\Sony\\CONNECTAutoUpdate\\CONNECTScheduler.exe\" /RUN_SCHEDULER"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Desktop Boycott"="C:\\Program Files\\DA Group\\Desktop Boycott\\DesktopBoycott.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"InstantTray"="C:\\Program Files\\Pinnacle\\Shared Files\\InstantCDDVD\\PCLETray.exe"
"OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
WudfServiceGroup REG_MULTI_SZ WUDFSvc\


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72e22c02-c269-11db-8c49-001109857d4e}]
Shell\AutoRun\command G:\setupSNK.exe


-- End of Deckard's System Scanner: finished at 2007-07-14 at 17:19:55 ---------

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 511.48 MiB / 121.68 MiB
Pagefile Memory (total/avail): 1248.52 MiB / 745.08 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1960.02 MiB

C: is Fixed (NTFS) - 149.05 GiB total, 68.36 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v6.1.744.001 (Zone Labs, Inc.)
AV: AVG 7.5.476 v7.5.476 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Mini Oddie\\MiniOddie.exe"="C:\\Program Files\\Mini Oddie\\MiniOddie.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Program Files\\Mini Oddie\\MiniOddie.exe"="C:\\Program Files\\Mini Oddie\\MiniOddie.exe"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"="C:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe:*:Enabled:Rio Music Manager"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\My Games\\Pearl Harbor - Zero Hour\\phz.exe"="C:\\My Games\\Pearl Harbor - Zero Hour\\phz.exe:*:Enabled:phz"
"C:\\Program Files\\Inetcam\\iVISTA40\\programs\\iws.exe"="C:\\Program Files\\Inetcam\\iVISTA40\\programs\\iws.exe:*:Enabled:iws"
"C:\\Program Files\\Inetcam\\iVISTA40\\programs\\msgproc.exe"="C:\\Program Files\\Inetcam\\iVISTA40\\programs\\msgproc.exe:*:Enabled:msgproc"
"C:\\Program Files\\THQ\\Dawn of War DEMO\\W40k.exe"="C:\\Program Files\\THQ\\Dawn of War DEMO\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\BAMZOOKi Zook Kit\\Bonsai.exe"="C:\\Program Files\\BAMZOOKi Zook Kit\\Bonsai.exe:*:Disabled:Bonsai"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\THQ\\Dawn of War - Winter Assault Demo\\WinterAssault.exe"="C:\\Program Files\\THQ\\Dawn of War - Winter Assault Demo\\WinterAssault.exe:*:Enabled:WinterAssault"
"C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40k.exe:*:Enabled:W40k"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4 Demo\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4 Demo\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Demo"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Haze\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EVESHAM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Haze
LOGONSERVER=\\EVESHAM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Haze\LOCALS~1\Temp
TMP=C:\DOCUME~1\Haze\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=EVESHAM
USERNAME=Haze
USERPROFILE=C:\Documents and Settings\Haze
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Haze (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\ntl\BROADB~1\Uninstall.exe ntl
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Inetcam\iVISTA40\uninstall.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abacast Client --> C:\PROGRA~1\Abacast\UNWISE.EXE C:\PROGRA~1\Abacast\client.LOG
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Age of Mythology --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Age of Mythology Titans Expansion Trial --> "C:\Program Files\Microsoft Games\Age of Mythology Titans Expansion Trial\UNINSTXP.EXE" /runtemp /addremove
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ArcSoft PhotoBase --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoBase\Uninst.isu"
ArcSoft PhotoStudio 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoStudio 2000\Uninst.isu"
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.5 --> "C:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
broadband medic --> C:\WINDOWS\Motive\ntl\MCCUninst.exe
Canon MP Navigator 2.0 --> "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP150 --> "C:\WINDOWS\system32\CanonMP Uninstaller Information\{CA9A3609-3ECC-4574-8824-A8161A71A603}\DelDrv.exe" /U:{CA9A3609-3ECC-4574-8824-A8161A71A603} /L0x0009
Canon S200 --> C:\WINDOWS\system32\CNMCP3W.EXE [email protected]:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\DeIsL1.isu" -pCanon S200-c"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\bjinst.dll
Canon ScanGear Toolbox 3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ScanGear Toolbox Ver3.1\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox Ver3.1\uninst.dll"
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CNXT V92 Data Fax Voice --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F01&SUBSYS_9305141C\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F01&SUBSYS_9305141C
CONNECT Auto Update --> C:\Program Files\Sony\CONNECTAutoUpdate\Uninstall.exe
CONNECT Player --> MsiExec.exe /X{EC62DAEB-05E7-46FF-8867-FEBE00DBD790}
CONNECT Player Language Pack --> MsiExec.exe /X{DC986B2B-DAE4-43E1-A00A-74044CFB6EA4}
Data Access Objects (DAO) 3.5 --> C:\Program Files\Common Files\Microsoft Shared\DAO\Remove.EXE C:\WINDOWS\UNINST.EXE -fC:\PROGRA~1\COMMON~1\MICROS~1\DAO\DeIsL2.isu
deskPDF 2.11 Standard Edition --> "C:\Program Files\Docudesk\deskPDF\unins000.exe"
Digital Flash Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5E2495A-A626-4AE2-B46A-DA66F4192A89}\setup.exe" -l0x9
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
eJay DJMixStation - Deinstallation --> C:\eJay\DJMixStation\deinstal.exe
Envisioneer 4.0 Express --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9B4AC532-3551-4F44-82FC-864FEFC80906}
eTrust Antivirus Registration --> MsiExec.exe /I{C5223522-2B12-4522-B165-99EE6C88771E}
Generations® Starter Kit 8.0 --> C:\WINDOWS\IsUninst.exe -fC:\Sierra\GSK8\Uninst.isu
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 Exporters --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x9 -removeonly
Google SketchUp LayOut 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x9 -removeonly
Google SketchUp Pro 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x9 -removeonly
HCM 1.1.0.4 --> "C:\Program Files\100 Chords Method\uninst\unins000.exe"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\DOCUME~1\Haze\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ICT Self Assessment --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\ICT Self Assessment\ST6UNST.LOG"
IE7pro --> "C:\Program Files\IE7pro\unins000.exe"
iFinger 2.1 --> C:\PROGRA~1\iFinger\UNWISE.EXE C:\PROGRA~1\iFinger\INSTALL.LOG
ImageMixer VCD/DVD2 for OLYMPUS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-02-07 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{78B50D1D-642C-4B89-BCC7-352EAE3614D7} /l1033
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Legacy 5.0 --> C:\Legacy\UNWISE.EXE /U C:\Legacy\Install.log
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Medieval II Total War Demo SE --> C:\Program Files\InstallShield Installation Information\{8A5359C9-7B27-45C0-B41C-666798A75752}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 97, Standard Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Std.stf
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (1.5) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (en-GB)"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\en-gb\mtbs.exe c
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
NVIDIA Drivers --> C:\WINDOWS\system32\NVUninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8797FC40-AE6F-4AF3-9485-0A51668A46CE}
OLYMPUS Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL/zUNINSTALL
OmniPage Pro 9.0 --> C:\Program Files\Caere\OmniPagePro90\Deinstall.exe "C:\Program Files\Caere\OmniPagePro90\uninstall.exe -f'C:\Program Files\Caere\OmniPagePro90\DeIsL1.isu'"
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
OpenMG Secure Module 4.3.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA} UNINSTALL
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PCL-W310 --> C:\Program Files\PCL-W310\uninst.exe
PDF Manual NW-A10003000 --> MsiExec.exe /X{BF2F7927-92AF-4F5D-8B93-658F63DF8727}
Pinnacle Hollywood FX 5 --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log
Pinnacle InstantCD/DVD Suite --> MsiExec.exe /I{A01872BE-2123-4F1B-B295-E3D1774DC0C9}
Plan3D --> MsiExec.exe /I{4613D63D-52C3-4BC5-BB65-622A801997E2}
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Powerpoint-PPT to AVI-GIF Converter v1.10 --> "C:\Program Files\Powerpoint-PPT to AVI-GIF Converter\unins000.exe"
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Revelation Natural Art --> MsiExec.exe /I{24E35472-646D-4981-9791-889BFD43F164}
Scan Manager 5.2 --> MsiExec.exe /I{E0A1559B-9886-11D4-8D06-0050DA284A39}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sid Meier's Civilization 4 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A241A64-9AD1-4D94-A227-6C3D5D2F854D}\setup.exe" -l0x9 -removeonly
SigmaTel MSCN Audio Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9B59DAD-86AC-456C-80A7-B665E77AA325}\setup.exe" -l0x9
Skype 1.4 --> "C:\Program Files\Skype\Phone\unins000.exe"
SMART Board Software (English United Kingdom Language Pack) --> MsiExec.exe /X{4D918BF6-9C9A-4FF4-A188-54DAD933C286}
SMART Essentials for Educators --> MsiExec.exe /X{C9710CCD-2A90-4545-B4B9-1E525FBB9195}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Studio 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\setup.exe" -l0x9 UNINSTALL
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tennis Titans --> C:\WINDOWS\unvise32.exe C:\Skunk Studios\Tennis Titans\uninstal.log
Virtual Garden --> C:\WINDOWS\unvise32.exe C:\Program Files\uninstal.log
WebCam for MSN Messenger --> Rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 128 C:\WINDOWS\INF\Athena.inf
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
YP-C1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6532C786-F647-4772-B03D-7257C7E5EDEA}\Setup.exe" -l0x9
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- End of Deckard's System Scanner: finished at 2007-07-14 at 17:19:55 ---------
  • 0

#10
racenutalways

racenutalways

    Member 1K

  • Retired Staff
  • 1,663 posts
How are things now? Other then that one file, I don't see any other malware residing on your PC. Is your PC slow when it boots? Does IE load properly or is it just certain programs you are having dufficulty with?

Please double-click Killbox.exe to run it.
Select:
  • Delete on Reboot
  • then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\orun32.isu


Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).[/list]
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
  • 0

#11
youngratty

youngratty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Glad to report things are much improved! Internet pages are loading far more quickly and, so far, haven't had one stall on me!
The only glitch remaining seems to be that if any of my kids sign in to MSN messenger and then attempt to open any web page, then MSN freezes and signs them out.

Unless you can think of a glaringly obvious reason for that happening, I'm happy to live with that - I reckon they'll just have to do either one thing or another and not both!!

I'm truly very grateful for all the time and patient help you've given so willingly over this.
Were it not for the minor matter of the Atlantic between us, I'd be buying you a pint down the pub right now...

Many, many thanks again..

young ratty x :whistling:
  • 0

#12
racenutalways

racenutalways

    Member 1K

  • Retired Staff
  • 1,663 posts
Glad to hear things are running better. We can try tuning it up, but speaking with experience, I myself have loads of problems with MSN Messenger, it isn't without it's faults. You can try un-installiing and re-installing. Try Tuneup utilities, it's a 30 day free trial and has options that will optimize your system as well as your internet.
Good Luck! :whistling:

Prefetch is clickable for more information

Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm

Click start then all programs, accessories, system tools to run Disc Cleanup

Reboot

Click start then all programs, accessories, system tools to run Disk defragmenter

Download, install and run
Tune Up 2006 Trial

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable the anti virus program then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus program is running

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor


Since your issues have been addressed and you are ready to travel the net again, I will just give you a few ideas on how to stay safe out there. Best of all these programs are all readily available on the net for free :blink:

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

More info and download is available at:

Spyware Blaster Spyware Guard

Might I suggest the following Free Spyware programs for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE--Adaware Tutorial

Spybot S&D--Spybot Tutorial

Antiviruses play an important role in keeping your computer safe and worry free while using the net. *NOTE* Only one antivirus must be allowed to run on your computer, as having two or more running can and will cause conflicts.

AVG Avast

Firewalls are also a must in any good prevention :

Zone Alarm Tiny Personal Firewall

There are different browsers available on the net, other than Internet Explorer, we believe!! these are better for security purposes :

Firefox Opera

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by microsoft.

This can be accessed by going to Windows Updates and following the prompts.

To add to the performance of your computer, i suggest a weekly maintenance program. Run this tool. Ccleaner

Lastly a second opinion on the Antivirus that you have chosen. I suggest running these online virus scans periodically, just to make sure that the av is doing a proper job, of keeping you safe :

Housecall Online Scan Panda Activescan

Housecall Java Online Scan<---For those who use Firefox, or opera.

And finally a little Posted Image How did I get infected in the first place ? (by Mr. Tony Klein)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP