Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Query over Spybot result [RESOLVED]

Started by VicGTG , Feb 04 2008 04:15 AM

This topic is locked

#1
VicGTG

Posted 04 February 2008 - 04:15 AM

Member

Member
10 posts

Dear Members,

I noticed that there was a posting in September 2007 about the file PWS.LDPinchIE but there did not seem to be any follow-up in that topic. On the Web, someone describes it as a "Password Stealer". Also, that after removal, it keeps re-appearing! Please can you confirm that this file is definitely harmful and should be removed.

NB. I get no warnings in "Panda PIS 2008" or in "AdAware PE" (both programmes with latest definitions).

In "Spybot", I also am advised about 3 other items, which are:

ABetterInternet (this seems to be connected with "nv" entries - perhaps nvidia ? I have an Asus Graphics Card)

Microsoft.Windows.ActiveDesktop

Microsoft.Windows.FirewallOverride

In respect of the last mentioned item (Override), I would just like to say that I use the Panda Firewall (not Microsoft's Firewall) and I wonder if this is anything to do with the last item being mentioned?

Thank you for any information and advice.

Regards,
VicGTG (London) 4 Feb 2008.

#2
Rorschach112

Posted 04 February 2008 - 09:19 AM

Ralphie

Retired Staff
47,710 posts

Do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#3
VicGTG

Posted 04 February 2008 - 06:58 PM

Member

Topic Starter
Member
10 posts

Thank you very much for responding.

I have downloaded the programme that you kindly directed me to and I am about to run the programme.

I would be glad to know whether the 4 items I listed are all harmful. I copied my posting to Panda with whom I am a long term subscription paid member in the hope that they can also investigate.

In fact, I am currently having a problem that from time to time Panda jams up my system (99% CPU Usage) and I get the following message.
An exception (0EEDFADE) occurred during DllEntryPoint or DllMain in module: C:\Program Files\Panda Internet Security 2008\Config.dll

So far, the problem has puzzled Panda in the UK, who have been most helpful to me even assisting me with a remote connection in one 3-hour effort to get me sorted out. I mention this just on the off-chance that one of the Spybot files flagged up is in some way connected with the Panda problem that arises for as yet no known cause.

The result of the scans follows in my next posting.

Thank you again.

ADDENDUM: I am afraid that my computer is unable to run the programme properly for some reason. Perhaps, you could simply let me know about the 4 items I mentioned in my original posting, for which I would be most grateful and I will await news from Panda, who may be able to come up with something?

Edited by VicGTG, 04 February 2008 - 07:07 PM.

#4
VicGTG

Posted 05 February 2008 - 04:42 AM

Member

Topic Starter
Member
10 posts

Further to my posting above, although I was unable to run the programme you kindly recommended, I am able to run HiJack This and I re-print below the readings. Right now, I am struggling because Panda has put my computer into 99% CPU Usage via its file APVXDWIN.EXE preceded by the warning message quoted above. Even Registry restores are not able to overcome the 99% takeover at present. All it seems that I can do is to uninstall Panda and then re-install it. This happens about 3 times a week and is rather time consuming with all the updates and re-settings needed. For the moment, Panda in the UK are unable to pinpoint the source of my recurring problems. Before "TRU PREVENT" was introduced into Panda, I rarely had problems for years. Possibly, Panda is over-sensitive to something or other on my system. It's a bit weird. I do not know if anyone else has had this Panda problem?

So, this is my Log whilst my computer is in distress with the system operating as if in a jar of treacle!

Any observations would be welcome. Thank you again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:05, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\WINDOWS\system32\SLEE81.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Everstrike Software\Universal Shield 3.3.1\US30Service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Smart Type Assistant\sta.exe
C:\Program Files\4t Explorer Sweeper\4t-swp.exe
C:\Program Files\Accent Composer\ACompose.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\X2Net\SmartBoard\X2Net_SmartBoard.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\X2Net\SmartBoard\X2Net_SmartBoard.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: ICHlprObj Class - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\PROGRA~1\ALADDI~1\INTERN~1\ic3hlpr.dll
O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRA~1\ALADDI~1\INTERN~1\PopFiltr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ExplorerView by GetData - {6E48A5AF-4EE0-42E4-AC31-6BA0D9572285} - C:\PROGRA~1\GetData\EXPLOR~1\EXPLOR~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKCU\..\Run: [Smart Type Assistant] C:\Program Files\Smart Type Assistant\sta.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [4t Explorer Sweeper] C:\Program Files\4t Explorer Sweeper\4t-swp.exe -start
O4 - HKCU\..\Run: [ACompose] C:\Program Files\Accent Composer\ACompose.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS7] "C:\Program Files\Steganos Security Suite 7\SSS7.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS7] "C:\Program Files\Steganos Security Suite 7\SSS7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SSS7] "C:\Program Files\Steganos Security Suite 7\SSS7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SSS7] "C:\Program Files\Steganos Security Suite 7\SSS7.exe" -firstboot (User 'Default user')
O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: X2Net SmartBoard.lnk = C:\Program Files\X2Net\SmartBoard\X2Net_SmartBoard.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O15 - Trusted Zone: http://www.pandasoftware.co.uk
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.vposters.me.uk
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan....s/ascinstie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131226363515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140702945796
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B7F24A8-6DC2-414D-B946-3C6C1D11F3E8}: NameServer = 80.189.92.2 80.189.94.2
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Fix-It Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PD91Engine.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Everstrike Software\Universal Shield 3.3.1\US30Service.exe

--
End of file - 11853 bytes

#5
Rorschach112

Posted 05 February 2008 - 08:07 AM

Ralphie

Retired Staff
47,710 posts

Yes those things are bad

Do this instead

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
Under Additional Scans check the box beside Reg - Disabled MS Config Items.
Under Rootkit Search change that to Yes.
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.

#6
VicGTG

Posted 05 February 2008 - 05:03 PM

Member

Topic Starter
Member
10 posts

Thank you very much again. I am amazed that each time I look in that so many postings have been added with problems about spyware/malware etc. How is it that the commercial programmes are not sorting all these out?

I followed your instructions and here is the result below. Regarding the Panda problem APVXDWIN.EXE taking 99% CPU usage, I see that there are numerous postings on Google about this, but I have not seen any definite solution. One poster suggested that some TDI Filters (?) were causing problems when he had Torrent (?) on. Thanks again. I have sent all the postings to Panda UK with a request that Spain (the HQ) please sorts this out, as I have had to uninstall and reinstall Panda 3 times this week alone and it is time-consuming and every time, you have to update definitions and re-enter codes, etc.

[code=auto:0]WinPFind35 logfile created on: 05/02/2008 22:50:20
WinPFind35U Version Beta42 Folder = C:\Documents and Settings\Victor\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

1023.43 Mb Total Physical Memory | 706.43 Mb Available Physical Memory | 69.03% Memory free
2.41 Gb Paging File | 2.15 Gb Available in Paging File | 89.27% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.69 Gb Free Space | 17.95% Space Free | Partition Type: FAT32
Drive D: | 37.26 Gb Total Space | 26.45 Gb Free Space | 71.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 280.57 Gb Free Space | 94.12% Space Free | Partition Type: NTFS

Computer Name: GKBZQ3IL7X82WG4
Current User Name: Victor
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
mxtask.exe -> %SystemDrive%\PROGRA~1\VCOM\Fix-It\mxtask.exe -> V Communications, Inc. [Ver = 5.0.0.7 | Size = 184320 bytes | Modified Date = 10/06/2003 16:31:00 | Attr = ]
gbpoll.exe -> %ProgramFiles%\Roxio\GoBack\GBPoll.exe -> Roxio, Inc. [Ver = 3.1.56 | Size = 503808 bytes | Modified Date = 10/09/2001 08:10:56 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 155716 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ]
pd91agent.exe -> %ProgramFiles%\Raxco\PerfectDisk\PD91Agent.exe -> Raxco Software, Inc. [Ver = 9, 0, 0, 39 | Size = 664840 bytes | Modified Date = 16/01/2008 10:52:44 | Attr = ]
slee81.exe -> %System32%\SLEE81.exe -> [Ver = | Size = 36864 bytes | Modified Date = 13/05/2005 09:59:46 | Attr = ]
us30service.exe -> %ProgramFiles%\Everstrike Software\Universal Shield 3.3.1\US30Service.exe -> [Ver = | Size = 24576 bytes | Modified Date = 27/11/2003 12:00:30 | Attr = ]
mxtask.exe -> %SystemDrive%\PROGRA~1\VCOM\Fix-It\mxtask.exe -> V Communications, Inc. [Ver = 5.0.0.7 | Size = 184320 bytes | Modified Date = 10/06/2003 16:31:00 | Attr = ]
dslstat.exe -> %ProgramFiles%\Voyager 105 ADSL Modem\dslstat.exe -> GlobespanVirata, Inc. [Ver = 4.1.0 | Size = 1716321 bytes | Modified Date = 04/06/2004 14:37:58 | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.21 | Size = 53248 bytes | Modified Date = 27/03/2003 08:34:58 | Attr = ]
sta.exe -> %ProgramFiles%\Smart Type Assistant\sta.exe -> Blazing Tools Software [Ver = 1, 3, 1, 0 | Size = 340992 bytes | Modified Date = 13/02/2003 20:01:22 | Attr = ]
em_exec.exe -> %ProgramFiles%\Logitech\MouseWare\system\em_exec.exe -> Logitech Inc. [Ver = 9.79.025 | Size = 37888 bytes | Modified Date = 08/01/2004 09:50:00 | Attr = ]
4t-swp.exe -> %ProgramFiles%\4t Explorer Sweeper\4t-swp.exe -> 4t Niagara Software [Ver = 1.0.2.0 | Size = 897536 bytes | Modified Date = 29/04/2002 14:46:26 | Attr = ]
acompose.exe -> %ProgramFiles%\Accent Composer\ACompose.exe -> Kovach Computing Services [Ver = 1.0.1.2 | Size = 549888 bytes | Modified Date = 18/01/2000 10:19:20 | Attr = ]
x2net_smartboard.exe -> %ProgramFiles%\X2Net\SmartBoard\X2Net_SmartBoard.exe -> X2Net Limited [Ver = 4.1.0.9 | Size = 4321280 bytes | Modified Date = 02/12/2005 11:22:26 | Attr = ]
gbtray.exe -> %ProgramFiles%\Roxio\GoBack\GBTray.exe -> Roxio, Inc. [Ver = 3.1.56 | Size = 524288 bytes | Modified Date = 10/09/2001 08:10:56 | Attr = R ]
x2net_smartboard.exe -> %ProgramFiles%\X2Net\SmartBoard\X2Net_SmartBoard.exe -> X2Net Limited [Ver = 4.1.0.9 | Size = 4321280 bytes | Modified Date = 02/12/2005 11:22:26 | Attr = ]
wweb32.exe -> %ProgramFiles%\WordWeb\wweb32.exe -> Antony Lewis [Ver = 4.0.0.0 | Size = 19968 bytes | Modified Date = 29/08/2005 16:10:36 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 31/01/2008 12:38:16 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 27/12/2005 19:10:38 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> -> File not found
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 12:42:38 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 00:56:50 | Attr = ]
(FirebirdServerMAGIXInstance) Firebird Server - MAGIX Instance [Win32_Own | On_Demand | Stopped] -> -> File not found
(Fix-It Task Manager) Fix-It Task Manager [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\VCOM\Fix-It\mxtask.exe -> V Communications, Inc. [Ver = 5.0.0.7 | Size = 184320 bytes | Modified Date = 10/06/2003 16:31:00 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 01/06/2007 00:40:44 | Attr = ]
(GBPoll) GBPoll [Win32_Own | Auto | Running] -> %ProgramFiles%\Roxio\GoBack\GBPoll.exe -> Roxio, Inc. [Ver = 3.1.56 | Size = 503808 bytes | Modified Date = 10/09/2001 08:10:56 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 22/10/2004 03:24:18 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 155716 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ]
(PD91Agent) PD91Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Raxco\PerfectDisk\PD91Agent.exe -> Raxco Software, Inc. [Ver = 9, 0, 0, 39 | Size = 664840 bytes | Modified Date = 16/01/2008 10:52:44 | Attr = ]
(PD91Engine) PD91Engine [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Raxco\PerfectDisk\PD91Engine.exe -> Raxco Software, Inc. [Ver = 9, 0, 0, 39 | Size = 894216 bytes | Modified Date = 16/01/2008 10:52:48 | Attr = ]
(SLEE_81_SERVICE) Steganos Live Encryption Engine 8.1 [Service] [Win32_Own | Auto | Running] -> %System32%\SLEE81.exe -> [Ver = | Size = 36864 bytes | Modified Date = 13/05/2005 09:59:46 | Attr = ]
(UPnPService) UPnPService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\MAGIX Shared\UPnPService\UPnPService.exe -> Magix AG [Ver = 1, 0, 0, 11 | Size = 544768 bytes | Modified Date = 14/12/2006 17:00:00 | Attr = ]
(US30Service) US30Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Everstrike Software\Universal Shield 3.3.1\US30Service.exe -> [Ver = | Size = 24576 bytes | Modified Date = 27/11/2003 12:00:30 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DSLSTATEXE -> %ProgramFiles%\Voyager 105 ADSL Modem\dslstat.exe -> GlobespanVirata, Inc. [Ver = 4.1.0 | Size = 1716321 bytes | Modified Date = 04/06/2004 14:37:58 | Attr = ]
Logitech Utility -> %SystemRoot%\Logi_MwX.Exe -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 17/12/2003 09:50:00 | Attr = ]
NvCplDaemon -> %System32%\NvCpl.DLL -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 8491008 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ]
NvMediaCenter -> %System32%\NvMcTray.DLL -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 81920 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 04/10/2007 17:14:00 | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.0.21 | Size = 53248 bytes | Modified Date = 27/03/2003 08:34:58 | Attr = ]
UserFaultCheck -> -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
4t Explorer Sweeper -> %ProgramFiles%\4t Explorer Sweeper\4t-swp.exe -> 4t Niagara Software [Ver = 1.0.2.0 | Size = 897536 bytes | Modified Date = 29/04/2002 14:46:26 | Attr = ]
ACompose -> %ProgramFiles%\Accent Composer\ACompose.exe -> Kovach Computing Services [Ver = 1.0.1.2 | Size = 549888 bytes | Modified Date = 18/01/2000 10:19:20 | Attr = ]
Smart Type Assistant -> %ProgramFiles%\Smart Type Assistant\sta.exe -> Blazing Tools Software [Ver = 1, 3, 1, 0 | Size = 340992 bytes | Modified Date = 13/02/2003 20:01:22 | Attr = ]
TClockEx -> %ProgramFiles%\TClockEx\TCLOCKEX.EXE -> Dale Nurden [Ver = 1.3.3 | Size = 75264 bytes | Modified Date = 14/03/1999 01:33:00 | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14/12/2004 04:44:06 | Attr = ]
%AllUsersStartup%\X2Net SmartBoard.lnk -> %ProgramFiles%\X2Net\SmartBoard\X2Net_SmartBoard.exe -> X2Net Limited [Ver = 4.1.0.9 | Size = 4321280 bytes | Modified Date = 02/12/2005 11:22:26 | Attr = ]
%AllUsersStartup%\GoBack.lnk -> %ProgramFiles%\Roxio\GoBack\GBTray.exe -> Roxio, Inc. [Ver = 3.1.56 | Size = 524288 bytes | Modified Date = 10/09/2001 08:10:56 | Attr = R ]
< Victor Startup Folder > -> C:\Documents and Settings\Victor\Start Menu\Programs\Startup ->
%UserStartup%\WordWeb Pro.lnk -> %ProgramFiles%\WordWeb\wweb32.exe -> Antony Lewis [Ver = 4.0.0.0 | Size = 19968 bytes | Modified Date = 29/08/2005 16:10:36 | Attr = ]
%UserStartup%\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 38912 bytes | Modified Date = 20/10/2005 12:04:08 | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{6809e580-a3a7-11d1-9a00-00a0c945b006} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Roxio\GoBack\ShellExt.dll [GoBack Shell Extension] -> Roxio, Inc. [Ver = 3.1.56 | Size = 516096 bytes | Modified Date = 10/09/2001 08:10:56 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> Ati2evxx.dll -> File not found
avldr -> avldr.dll -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Comdlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Comdlg32\\NoPlacesBar -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Comdlg32\\NoBackButton -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Comdlg32\\NoFileMRU -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeKeyboardNavigationIndicators -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeAnimation -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAddPrinter -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDeletePrinter -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\RestrictCpl -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowCpl -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\RestrictRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecycleFiles -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceRecycleBinSize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSharedDocuments -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoPropertiesMyComputer -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoPropertiesMyDocuments -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoPropertiesRecycleBin -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoManageMyComputerVerb -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCustomizeWebView -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewContextMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoShellSearchButton -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWinKeys -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileAssociate -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDFSTab -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoHardwareTab -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSecurityTab -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCustomizeThisFolder -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWebView -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DontShowSuperHidden -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoOnlinePrintsWizard -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoPublishingWizard -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetTaskbar -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMConfigurePrograms -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyPictures -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMyMusic -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMMyDocs -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuNetworkPlaces -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFavoritesMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMHelp -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoHelp -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetworkConnections -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCommonGroups -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeStartMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMFUprogramsList -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuPinnedList -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoUserNameInStartMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuMorePrograms -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuEjectPC -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSimpleStartMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceStartMenuLogoff -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\StartMenuLogoff -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuSubFolders -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDisconnect -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNtSecurity -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetFolders -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\GreyMSIAds -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceMaxRecentDocs -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTip -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTips -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoTrayContextMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoTrayItemsDisplay -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LockTaskbar -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideClock -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarsOnTaskbar -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartBanner -> (binary data) ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoTaskGrouping -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWebServices -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFileUrl -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInternetIcon -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarCustomize -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoExpandedNewMenu -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\SpecifyDefaultButtons -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetHood -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetConnectDisconnect -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoComputersNearMe -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\EnforceShellExtensionSecurity -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogOff -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRunasInstallPrompt -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\PromptRunasInstallNetPath -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDevMgrUpdate -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThumbnailCache -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceCopyAclwithFile -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\StartRunNoHOMEPATH -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\0? -> apvxdwin.exe [apvxdwin.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\2? -> C:\WINDOWS\logi_mwx.exe [logi_mwx.exe] -> Logitech Inc. [Ver = 9.79.024 | Size = 19968 bytes | Modified Date = 17/12/2003 09:50:00 | Attr = ]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\3? -> msfg.exe [msfg.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\4? -> inicio.exe [inicio.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\5? -> fpdisp5a.exe [fpdisp5a.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\6? -> acrotray.exe [acrotray.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\7? -> realsched.exe [realsched.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\8? -> dslstat.exe [dslstat.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\9? -> dslagent.exe [dslagent.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\10? -> apdproxy.exe [apdproxy.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\11? -> newadmin.exe [newadmin.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\12? -> gbtray.exe [gbtray.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\13? -> x2net_smartboard.exe [x2net_smartboard.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\14? -> reader_sl.exe [reader_sl.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\15? -> osa.exe [osa.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\16? -> sta.exe [sta.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\17? -> tclockex.exe [tclockex.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\18? -> 4t-swp.exe [4t-swp.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\19? -> acompose.exe [acompose.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun\\20? -> wweb32.exe [wweb32.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoEntireNetwork -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoWorkgroupContents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{450D8FBA-AD25-11D0-98A8-0800361B1103} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{645FF040-5081-101B-9F08-00AA002F954E} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{208D2C60-3AEA-1069-A2D7-08002B30309D} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{D20EA4E1-3957-11d2-A40B-0C5020524153} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{7007ACC7-3202-11D1-AAD2-00805FC1270E} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{21EC2O2O-3AEA-1O69-A2DD-08002b30309d} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{85BBD92O-42A0-1O69-A2E4-08002B30309D} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{D20EA4E1-3957-11d2-A40B-0C5020524152} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{FF393560-C2A7-11CF-BFF4-444553540000} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{00020D75-0000-0000-C000-000000000046} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{00028B00-0000-0000-C000-000000000046} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{1f4de370-d627-11d1-ba4f-00a0c91eedba} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{2227A280-3AEA-1069-A2DE-08002B30309D} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{7be9d83c-a729-4d97-b5a7-1b7313c39e0a} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{E211B736-43FD-11D1-9EFB-0000F8757FCD} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{D6277990-4C6A-11CF-8D87-00AA0060F5BF} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{48e7caab-b918-4e58-a94d-505519c795dc} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11d0-BCED-00A0C90AB50F} -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddRemovePrograms -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoRemovePage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoWindowsSetupPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromCDorFloppy -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromInternet -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromNetwork -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoServices -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoSupportInfo -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoChooseProgramsPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Windows Update\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (736 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKEY_LOCAL_MACHINE\: URLSearchHooks\\{09CB80C0-EFD2-8E8A-78ED-8E0E960CAEDC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://home.microsoft.com/access/allinone.asp ->
HKEY_CURRENT_USER\: Main\\Start Page -> about:blank ->
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/keyword/%s[] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> <local> ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1367 domain(s) found. ->
.[msn] -> My Computer ->
*.update_microsoft.com [http] -> Trusted sites ->
*.update_microsoft.com [https] -> Trusted sites ->
www_pandasoftware.co.uk [http] -> Trusted sites ->
www_pandasoftware.com [http] -> Trusted sites ->
www_vposters.me.uk [http] -> Trusted sites ->
windowsupdate.com .[http] -> Trusted sites ->
download_windowsupdate.com [http] -> Trusted sites ->
8 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 25 range(s) found. ->
1 range(s) not assigned to a zone.
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{1f0c8547-2639-4c91-b8aa-c7eca24c3163} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\ALADDI~1\INTERN~1\ic3hlpr.dll [ICHlprObj Class] -> Aladdin Systems, Inc. [Ver = 3.0.0.19 | Size = 110592 bytes | Modified Date = 07/11/2005 00:43:02 | Attr = ]
{1F2E844B-8211-46ff-8262-772F03295CF4} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\ALADDI~1\INTERN~1\PopFiltr.dll [PopupFilter Class] -> Aladdin Systems, Inc. [Ver = 3.0.0.19 | Size = 49152 bytes | Modified Date = 07/11/2005 00:43:02 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 3, 0, 12 | Size = 744960 bytes | Modified Date = 12/05/2004 01:03:00 | Attr = ]
{6E48A5AF-4EE0-42E4-AC31-6BA0D9572285} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\GetData\EXPLOR~1\EXPLOR~1.DLL [ExplorerView by GetData] -> GetData Pty Ltd [Ver = 4.1.0.432 | Size = 8041152 bytes | Modified Date = 28/06/2007 13:29:12 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 18/12/2006 04:18:14 | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{FD8D2ECE-B598-4E2E-A540-2DFD8AE7ED83} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\GetData\EXPLOR~1\EXPLOR~1.DLL [Explorer View...] -> GetData Pty Ltd [Ver = 4.1.0.432 | Size = 8041152 bytes | Modified Date = 28/06/2007 13:29:12 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 18/12/2006 04:18:14 | Attr = ]
WebBrowser\\{00000000-5736-4205-0008-781CD0E19F00} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 18/12/2006 04:18:14 | Attr = ]
WebBrowser\\{860C2F6B-CA82-4282-9187-BECCBB66F0AF} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{C420F40F-9AD0-4EC5-BF71-01B8384CD66C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{C5F7A735-70F1-477F-8C36-6FF3C736017B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell] -> File not found
{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell Options] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ]
CmdMapping\\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} [HKEY_LOCAL_MACHINE] -> [ieSpell] -> File not found
CmdMapping\\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKEY_LOCAL_MACHINE] -> [ieSpell Options] -> File not found
CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{302172A1-A2B4-4402-B1D0-F5D54C3E83C6} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Micro

#7
VicGTG

Posted 05 February 2008 - 05:14 PM

Member

Topic Starter
Member
10 posts

Further to my posting about 10 minutes ago, having uninstalled Panda earlier this morning, I tried to use your original DSS programme again and this time it worked so I could get a read-out after all, which is as below.

This scan is without Panda and without Roxio's GoBack3 De Luxe running.

Deckard's System Scanner v20071014.68
Run by Victor on 2008-02-05 23:07:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2008-02-05 23:06:23 UTC - RP33 - Deckard's System Scanner Restore Point
2: 2008-02-05 10:03:36 UTC - RP32 - System Checkpoint
1: 2008-02-05 00:31:24 UTC - RP31 - Deckard's System Scanner Restore Point

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Victor.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:17, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe
C:\WINDOWS\system32\SLEE81.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Everstrike Software\Universal Shield 3.3.1\US30Service.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\4t Explorer Sweeper\4t-swp.exe
C:\Program Files\Accent Composer\ACompose.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\X2Net\SmartBoard\X2Net_SmartBoard.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\X2Net\SmartBoard\X2Net_SmartBoard.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Victor\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Victor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: ICHlprObj Class - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\PROGRA~1\ALADDI~1\INTERN~1\ic3hlpr.dll
O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRA~1\ALADDI~1\INTERN~1\PopFiltr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ExplorerView by GetData - {6E48A5AF-4EE0-42E4-AC31-6BA0D9572285} - C:\PROGRA~1\GetData\EXPLOR~1\EXPLOR~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Smart Type Assistant] C:\Program Files\Smart Type Assistant\sta.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [4t Explorer Sweeper] C:\Program Files\4t Explorer Sweeper\4t-swp.exe -start
O4 - HKCU\..\Run: [ACompose] C:\Program Files\Accent Composer\ACompose.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [SSS7] "C:\Program Files\Steganos Security Suite 7\SSS7.exe" -firstboot (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SSS7] "C:\Program Files\Steganos Security Suite 7\SSS7.exe" -firstboot (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SSS7] "C:\Program Files\Steganos Security Suite 7\SSS7.exe" -firstboot (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SSS7] "C:\Program Files\Steganos Security Suite 7\SSS7.exe" -firstboot (User 'Default user')
O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: X2Net SmartBoard.lnk = C:\Program Files\X2Net\SmartBoard\X2Net_SmartBoard.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O15 - Trusted Zone: http://www.pandasoftware.co.uk
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.vposters.me.uk
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan....s/ascinstie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131226363515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140702945796
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B7F24A8-6DC2-414D-B946-3C6C1D11F3E8}: NameServer = 80.189.92.2 80.189.94.2
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Fix-It Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PD91Engine.exe
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Everstrike Software\Universal Shield 3.3.1\US30Service.exe

--
End of file - 9404 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080118-205211-471 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080118-205211-887 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080119-115139-586 O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
backup-20080122-131843-946 O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
backup-20080122-225230-507 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20080122-225231-647 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20080122-225232-215 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
backup-20080122-225311-496 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
backup-20080122-225856-624 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 GBDevice - c:\windows\system32\drivers\gbdevice.sys <Not Verified; Roxio, Inc.; GoBack>
R0 GoBack2K - c:\windows\system32\drivers\goback2k.sys <Not Verified; Roxio, Inc.; GoBack>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R2 Dev_CBIDDRV - c:\windows\system32\drivers\cbid.sys <Not Verified; TwinSSoft Co.; CBId NT direct hardware access driver>
R2 GBFSHook - c:\windows\system32\drivers\gbfshook.sys <Not Verified; Roxio, Inc.; GoBack>
R2 MediaLock - c:\windows\system32\drivers\medialock.sys
R2 SLEE_81_DRIVER (Steganos Live Encryption Engine 8.1 [Driver]) - c:\windows\system32\drivers\slee81.sys
R2 US30Sys - c:\program files\everstrike software\universal shield 3.3.1\us30xp.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 US30Kbd - c:\program files\everstrike software\universal shield 3.3.1\us30kbd2k.sys

S1 Uim_IM (UIM Drive Backup Image Plugin) - c:\windows\system32\drivers\uim_im.sys (file missing)
S1 UimBus (Universal Image Mounter Controller) - c:\windows\system32\drivers\uimbus.sys (file missing)
S2 windrvNT - c:\windows\system32\windrvnt.sys (file missing)
S3 DLPortIO (DriverLINX Port I/O Driver) - c:\windows\system32\drivers\dlportio.sys
S3 mxInsMon - c:\program files\aladdin systems\internet cleanup\mxinsmon.sys
S3 pxark - c:\windows\system32\drivers\pxark.sys <Not Verified; ; Prevx CSI>
S3 USBNIC (USBNIC Network Adapter) - c:\windows\system32\drivers\usbnic.sys <Not Verified; UTStarcom Co.Ltd; USB Miniport Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Fix-It Task Manager - c:\progra~1\vcom\fix-it\mxtask.exe -service <Not Verified; V Communications, Inc.; >
R2 GBPoll - c:\program files\roxio\goback\gbpoll.exe <Not Verified; Roxio, Inc.; GoBack>
R2 SLEE_81_SERVICE (Steganos Live Encryption Engine 8.1 [Service]) - c:\windows\system32\slee81.exe
R2 US30Service - c:\program files\everstrike software\universal shield 3.3.1\us30service.exe

S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) -
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S4 UPnPService - c:\program files\common files\magix shared\upnpservice\upnpservice.exe

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-02-05 03:30:02 404 --a------ C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
2008-02-05 01:41:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-21 00:00:02 496 --a------ C:\WINDOWS\Tasks\Basic clean-up.job

-- Files created between 2008-01-05 and 2008-02-05 -----------------------------

2008-02-03 00:22:45 2147483647 --ahs---- C:\gobackio.bin
2008-02-03 00:22:13 156301 -ra------ C:\WINDOWS\system32\drivers\GoBack2K.sys <Not Verified; Roxio, Inc.; GoBack>
2008-02-03 00:22:13 15248 -ra------ C:\WINDOWS\system32\drivers\GBFSHook.sys <Not Verified; Roxio, Inc.; GoBack>
2008-02-03 00:22:13 3913 -ra------ C:\WINDOWS\system32\drivers\GBDevice.sys <Not Verified; Roxio, Inc.; GoBack>
2008-02-03 00:21:58 0 d-------- C:\Program Files\Roxio
2008-01-25 01:06:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\Acronis
2008-01-25 01:02:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2008-01-23 04:57:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-21 12:27:41 0 d-------- C:\Program Files\Panda Security
2008-01-20 21:54:27 0 d-------- C:\Documents and Settings\Victor\Application Data\ErrorSmart
2008-01-20 21:54:18 0 d-------- C:\Program Files\ErrorSmart
2008-01-19 12:27:02 0 d-------- C:\Downloads
2008-01-19 12:27:01 0 d-------- C:\Documents and Settings\Victor\Application Data\GetRightToGo
2008-01-18 20:58:02 0 d-------- C:\WINDOWS\Prefetch
2008-01-18 20:50:56 0 d-------- C:\Program Files\Trend Micro
2008-01-18 17:03:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Tanagra
2008-01-18 16:42:54 0 d-------- C:\Program Files\Seagate
2008-01-17 13:57:37 30820 --a------ C:\WINDOWS\system32\drivers\hotcore.sys <Not Verified; Paragon Software Group; HotBackup>
2008-01-17 13:08:29 0 d-------- C:\Program Files\Paragon Software
2008-01-16 13:34:33 0 d-------- C:\Program Files\Common Files\Panda Software
2008-01-15 02:40:47 0 d-------- C:\Program Files\JoshMadison

-- Find3M Report ---------------------------------------------------------------

2008-01-22 23:01:36 114 --a------ C:\sccfg.sys
2008-01-20 23:05:00 16826 --ah----- C:\Program Files\dmw.GID
2008-01-18 18:27:30 23388 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-28 15:03:36 0 d-------- C:\Documents and Settings\Victor\Application Data\LaCie
2007-12-20 08:11:04 0 d-------- C:\Program Files\FinePix_USB
2007-12-08 23:29:58 0 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-12-07 00:30:02 0 d-------- C:\Program Files\Raxco
2007-12-06 22:42:04 0 d-------- C:\Program Files\PrevxCSI
2007-12-06 22:26:46 0 d-------- C:\Documents and Settings\Victor\Application Data\PrevxCSI
2007-12-06 10:29:54 0 d-------- C:\Program Files\MSXML 6.0

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"DSLSTATEXE"="C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe" [04/06/2004 14:37]
"Logitech Utility"="Logi_MwX.Exe" [17/12/2003 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"nwiz"="nwiz.exe" [04/10/2007 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/10/2007 17:14]
"SoundMan"="SOUNDMAN.EXE" [27/03/2003 08:34 C:\WINDOWS\SOUNDMAN.EXE]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/10/2007 17:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smart Type Assistant"="C:\Program Files\Smart Type Assistant\sta.exe" [13/02/2003 20:01]
"TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [14/03/1999 01:33]
"4t Explorer Sweeper"="C:\Program Files\4t Explorer Sweeper\4t-swp.exe" [29/04/2002 14:46]
"ACompose"="C:\Program Files\Accent Composer\ACompose.exe" [18/01/2000 10:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SSS7"="C:\Program Files\Steganos Security Suite 7\SSS7.exe" -firstboot
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\Victor\Start Menu\Programs\Startup\
WordWeb Pro.lnk - C:\Program Files\WordWeb\wweb32.exe [05/11/2005 14:02:31]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [20/10/2005 12:04:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 01:01:04]
X2Net SmartBoard.lnk - C:\Program Files\X2Net\SmartBoard\X2Net_SmartBoard.exe [08/12/2007 13:45:14]
GoBack.lnk - C:\Program Files\Roxio\GoBack\GBTray.exe [03/02/2008 00:21:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
"DisableChangePassword"=0 (0x0)
"HideLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"RestrictCpl"=0 (0x0)
"DisallowCpl"=0 (0x0)
"NoViewOnDrive"=0 (0x0)
"RestrictRun"=0 (0x0)
"DisallowRun"=0 (0x0)
"NoRecycleFiles"=0 (0x0)
"ForceRecycleBinSize"=0 (0x0)
"NoSharedDocuments"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoPropertiesMyDocuments"=0 (0x0)
"NoPropertiesRecycleBin"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoCustomizeWebView"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoWinKeys"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoDFSTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoCustomizeThisFolder"=0 (0x0)
"NoWebView"=0 (0x0)
"DontShowSuperHidden"=0 (0x0)
"NoOnlinePrintsWizard"=0 (0x0)
"NoPublishingWizard"=0 (0x0)
"NoRun"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoSMConfigurePrograms"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoStartMenuNetworkPlaces"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoHelp"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoFind"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"NoStartMenuMorePrograms"=0 (0x0)
"NoStartMenuEjectPC"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"ForceStartMenuLogoff"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoDisconnect"=0 (0x0)
"NoNtSecurity"=0 (0x0)
"NoSetFolders"=0 (0x0)
"GreyMSIAds"=0 (0x0)
"ForceMaxRecentDocs"=0 (0x0)
"NoSMBalloonTip"=0 (0x0)
"NoSMBalloonTips"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"LockTaskbar"=0 (0x0)
"HideClock"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoStartBanner"=00000000
"NoTaskGrouping"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)
"NoWebServices"=0 (0x0)
"NoFileUrl"=0 (0x0)
"NoInternetIcon"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoExpandedNewMenu"=0 (0x0)
"SpecifyDefaultButtons"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"EnforceShellExtensionSecurity"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"NoClose"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoRunasInstallPrompt"=0 (0x0)
"PromptRunasInstallNetPath"=1 (0x1)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoDevMgrUpdate"=0 (0x0)
"NoDesktopCleanupWizard"=0 (0x0)
"NoThumbnailCache"=0 (0x0)
"ForceCopyAclwithFile"=0 (0x0)
"StartRunNoHOMEPATH"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
"0?"=apvxdwin.exe
"2?"=logi_mwx.exe
"3?"=msfg.exe
"4?"=inicio.exe
"5?"=fpdisp5a.exe
"6?"=acrotray.exe
"7?"=realsched.exe
"8?"=dslstat.exe
"9?"=dslagent.exe
"10?"=apdproxy.exe
"11?"=newadmin.exe
"12?"=gbtray.exe
"13?"=x2net_smartboard.exe
"14?"=reader_sl.exe
"15?"=osa.exe
"16?"=sta.exe
"17?"=tclockex.exe
"18?"=4t-swp.exe
"19?"=acompose.exe
"20?"=wweb32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6809e580-a3a7-11d1-9a00-00a0c945b006}"= C:\Program Files\Roxio\GoBack\ShellExt.dll [10/09/2001 08:10 516096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"upnphost"=3 (0x3)
"Schedule"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Magnifying Glass"="C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe"
"SSS7"="C:\Program Files\Steganos Security Suite 7\SSS7.exe" -boot
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SoundMan"=SOUNDMAN.EXE
"Norman ACP"=C:\Program Files\Norman Access Control Privacy\nrmenctb.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"Visualware Security Suite"="C:\Program Files\Visualware Security Suite\tscore.exe" -autostartup
"DesktopIcon"=C:\Program Files\Visualware Security Suite\desktopicon.exe
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"MediaLock"=C:\Program Files\VCOM\MediaLock\MLock.exe /S
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

-- End of Deckard's System Scanner: finished at 2008-02-05 23:09:48 ------------

#8
Rorschach112

Posted 05 February 2008 - 06:43 PM

Ralphie

Retired Staff
47,710 posts

Hello

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Also tell me how your PC is running

#9
VicGTG

Posted 06 February 2008 - 11:10 PM

Member

Topic Starter
Member
10 posts

Dear Rorschach112,

Thank you for all the help. I followed your instructions and did the scan which took 2½ hours!

Of the items shown below, the vposters entries relate to a photo storage FTP facility but I do not know what the "Browser Hijacker" means? I hope that I have not damaged use of the facility.

The Start Info is I think a programme I recently downloaded (similar to "Startman").

I don't know what the other items are.

When I ran Panda PIS 2008 (which itself is liable to becoming unstable for some reason and causing 99% CPU Usage by Panda file APVXDWIN.EXE) and AdAware, they both ran clear.

It seems that every detector programme has its own ideas about what is suspicious!

Over 98,000 files have been checked. It does not seem that there was a lot of malware and none of the items seem to be connected with the items that Spybot originally threw up?

How does that leave me, I wonder?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/07/2008 at 02:40 AM

Application Version : 3.9.1008

Core Rules Database Version : 3396
Trace Rules Database Version: 1388

Scan type : Complete Scan
Total Scan Time : 02:30:35

Memory items scanned : 490
Memory threats detected : 0
Registry items scanned : 6274
Registry threats detected : 4
File items scanned : 91910
File threats detected : 3

Trojan.Media-Codec
HKU\S-1-5-21-842925246-776561741-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{860C2F6B-CA82-4282-9187-BECCBB66F0AF}

Browser Hijacker.Internet Explorer Zone Hijack
HKU\S-1-5-21-842925246-776561741-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vposters.me.uk
HKU\S-1-5-21-842925246-776561741-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vposters.me.uk\www
HKU\S-1-5-21-842925246-776561741-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vposters.me.uk\www#http

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\WNSTSSV32.EXE

Trojan.HiPoint-Installer
C:\WINDOWS\DOWNLOADED PROGRAM FILES\START.INF

Adware.Tracking Cookie
C:\Documents and Settings\Victor\Cookies\[email protected][1].txt

ADDENDUM: I just ran one of my programmes Internet Clean-up and it found Spyware called "Lop.com" which I didn't have before as far as I know. I have removed it.

FURTHER ADDENDUM I have been up all night checking and running programmes. You will recall in my first posting, Spybot had indicated four items.

Two of these "A Better Internet" (nv) and "PWS.LDPinchIE" (thought to be a Password Stealer) have now gone for good it seems.

But the other two are still with us. These are "Microsoft.WindowsSecurityCenter.FirewallOverride" and "Microsoft.Windows.ActiveDesktop".

I am not sure what the last mentioned entry "Microsoft.Windows.ActiveDesktop" is for (it's in a User registry entry) but I am wondering about the first one "Microsoft.WindowsSecurityCenter.FirewallOverride". Could it be that this (Local Machine registry entry) is connected with the fact that I have decided to use Panda's Firewall rather than Microsoft Windows' Firewall? I believe that Panda's Firewall is superior or at least Panda think so! Could this entry be caused by my choice to use Panda's Firewall instead?

As for the "Active Desktop", perhaps there is something about this on the Web? It seems to be a Microsoft connected entry.

Thanks again - now I am off to get some rest (it's 7.22am!)

Edited by VicGTG, 07 February 2008 - 01:22 AM.

#10
Rorschach112

Posted 07 February 2008 - 07:48 AM

Ralphie

Retired Staff
47,710 posts

Your logs are clean ! You have nothing to worry about

You can delete the tools that we used

You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#11
VicGTG

Posted 07 February 2008 - 03:48 PM

Member

Topic Starter
Member
10 posts

Thanks very much, Rorschach112.

I will start on the new tasks soon with Java updates (whatever they are?) and Cleanmgr.

I am still trying to check out what the couple of queries raised by Spybot are to do with.

The "Microsoft.Windows.ActiveDesktop" seems to be (looking at postings on the Web) something that enables or restricts changes presumably to the Desktop?

If there is a "0" at the end of the Registry entry, apparently this means that changes are possible (enabled) but if this is changed to "1" then restrictions prevent changes. I wonder if this makes sense to you?

As for the "Override" entry, as I wrote before, I suspect that this is to do with my using the Panda Firewall (instead of Windows) but I have no idea if this is so?

Simon at Panda wrote to me and said he had looked at a couple of machines at Panda's UK office and couldn't see any reference to these two items, but it does seem that a lot of people have written about them on the Web.

I am glad that my system seems to be running clear at present.

I am still amazed how many postings there are from people in distress. It is very good of you and your "Helper" colleagues to try to assist us all so very patiently.

Regards:

#12
Rorschach112

Posted 07 February 2008 - 06:29 PM

Ralphie

Retired Staff
47,710 posts

Hello

I am still trying to check out what the couple of queries raised by Spybot are to do with.

They are registry restrictions like you said, but they are nothing to worry about. The program DSS shows any registry keys that are modified by malware that need to be changed, there are none on your PC to fix.

I am still amazed how many postings there are from people in distress. It is very good of you and your "Helper" colleagues to try to assist us all so very patiently.

Thank you for the kind words, we get so many people here for help that it is just impossible to keep up with them.

Let me know if you have any more questions.

#13
Rorschach112

Posted 12 February 2008 - 07:09 PM

Ralphie

Retired Staff
47,710 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.