Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winfixer Popup


  • Please log in to reply

#1
kdsimpso

kdsimpso

    New Member

  • Member
  • Pip
  • 5 posts
I recently acquired the winfixer ddcca.dll virus that has been affecting so many computers. I have tried a few times to remove this using methods I read about on the internet but have had no success. Please help, here is my Hijackthis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 4:22:34 PM, on 10/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
C:\Program Files\AIM\AIM95\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ddcca.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\ddcca.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi kdsimpso and Welcome to GeekstoGo!


Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.14 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\ddcca.dll
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\accdd.*
    This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ddcca.dll

    O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\ddcca.dll
  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry! If you do not receive the "Blue Screen of Death", please manually reboot the computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#3
kdsimpso

kdsimpso

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here are all the results:

Detected Disinfected
Virus 0 0
Spyware 0 0
Hacking Tools 0 0
Dialers 0 0
Security Risks 0 0
Suspicious files 0 0

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Suspending PID 148 'smss.exe'
Threads [152][156][160]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 788 'explorer.exe'
Killing PID 788 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 236 'winlogon.exe'
File Deleted sucessfully.
Files Deleted sucessfully.

Logfile of HijackThis v1.99.1
Scan saved at 1:11:05 PM, on 10/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\AIM95\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Lets be sure there arent any leftovers running around!

Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Restart in Safe Mode

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!


Post the results of the WinPFind scan in the next reply!
  • 0

#5
kdsimpso

kdsimpso

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/4/2004 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 8/9/2005 6:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 8/9/2005 6:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 10/4/2005 10:09:08 PM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 10/4/2005 10:09:08 PM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 7:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/4/2004 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/16/2005 6:51:28 PM S 2048 C:\WINDOWS\bootstat.dat
10/16/2005 2:31:28 AM H 54156 C:\WINDOWS\QTFont.qfn
10/4/2005 6:17:42 PM S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
9/28/2005 11:53:30 AM S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
9/9/2005 7:15:08 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat
8/29/2005 9:25:44 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB904706.cat
8/22/2005 2:48:28 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905414.cat
8/22/2005 9:03:36 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905749.cat
10/16/2005 6:51:22 PM H 8192 C:\WINDOWS\system32\config\default.LOG
10/16/2005 6:51:48 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
10/16/2005 6:51:30 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
10/16/2005 6:51:54 PM H 73728 C:\WINDOWS\system32\config\software.LOG
10/16/2005 6:51:34 PM H 1007616 C:\WINDOWS\system32\config\system.LOG
10/14/2005 12:02:22 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
10/15/2005 8:40:14 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5KTAS0JX\desktop.ini
10/15/2005 8:40:14 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KZCZQR0J\desktop.ini
10/15/2005 8:40:14 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MV2WIDED\desktop.ini
10/15/2005 8:40:14 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RS5Y1GLA\desktop.ini
9/2/2005 1:09:20 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\47eb466c-46ad-4a8c-a39e-ebfba52e6c32
9/2/2005 1:09:20 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
10/16/2005 6:50:32 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 4/6/2005 6:58:48 PM 294912 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/4/2004 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 11/2/2004 5:01:34 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 2/16/2005 10:54:36 AM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 10:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Realtek Semiconductor Corp. 3/17/2005 11:43:34 AM 262144 C:\WINDOWS\SYSTEM32\RTSndMgr.CPL
Microsoft Corporation 8/4/2004 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/4/2004 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/4/2004 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/4/2004 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation 11/2/2004 5:01:34 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\igfxcpl.cpl
Realtek Semiconductor Corp. 9/30/2004 7:02:22 AM 278528 C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\ALSNDMGR.CPL

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
5/28/2005 5:02:22 PM 1918 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
10/14/2004 11:38:26 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
10/11/2005 11:35:06 PM 2121 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kaspersky Anti-Hacker.lnk
2/16/2005 11:15:38 AM 807 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/14/2004 4:31:00 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
10/14/2004 11:38:26 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
10/14/2004 4:31:00 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\shellex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\shellex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
hpsysdrv c:\windows\system\hpsysdrv.exe
High Definition Audio Property Page Shortcut HDAudPropShortcut.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
AGRSMMSG AGRSMMSG.exe
KBD C:\HP\KBD\KBD.EXE
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
ccApp "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SSC_UserPrompt c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
LSBWatcher c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
type32 "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
SoundMan SOUNDMAN.EXE
AlcWzrd ALCWZRD.EXE
Alcmtr ALCMTR.EXE
DIGStream C:\Program Files\DIGStream\digstream.exe
DIGServices C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
DiskeeperSystray "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
KAVPersonal50 "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
OESpamTest C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/16/2005 6:57:23 PM
  • 0

#6
kdsimpso

kdsimpso

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/4/2004 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 8/9/2005 6:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 8/9/2005 6:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 10/4/2005 10:09:08 PM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 10/4/2005 10:09:08 PM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 7:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/4/2004 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/16/2005 6:51:28 PM S 2048 C:\WINDOWS\bootstat.dat
10/16/2005 2:31:28 AM H 54156 C:\WINDOWS\QTFont.qfn
10/4/2005 6:17:42 PM S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
9/28/2005 11:53:30 AM S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
9/9/2005 7:15:08 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat
8/29/2005 9:25:44 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB904706.cat
8/22/2005 2:48:28 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905414.cat
8/22/2005 9:03:36 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905749.cat
10/16/2005 6:51:22 PM H 8192 C:\WINDOWS\system32\config\default.LOG
10/16/2005 6:51:48 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
10/16/2005 6:51:30 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
10/16/2005 6:51:54 PM H 73728 C:\WINDOWS\system32\config\software.LOG
10/16/2005 6:51:34 PM H 1007616 C:\WINDOWS\system32\config\system.LOG
10/14/2005 12:02:22 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
10/15/2005 8:40:14 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5KTAS0JX\desktop.ini
10/15/2005 8:40:14 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KZCZQR0J\desktop.ini
10/15/2005 8:40:14 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MV2WIDED\desktop.ini
10/15/2005 8:40:14 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\RS5Y1GLA\desktop.ini
9/2/2005 1:09:20 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\47eb466c-46ad-4a8c-a39e-ebfba52e6c32
9/2/2005 1:09:20 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
10/16/2005 6:50:32 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 4/6/2005 6:58:48 PM 294912 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/4/2004 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 11/2/2004 5:01:34 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 2/16/2005 10:54:36 AM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 10:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Realtek Semiconductor Corp. 3/17/2005 11:43:34 AM 262144 C:\WINDOWS\SYSTEM32\RTSndMgr.CPL
Microsoft Corporation 8/4/2004 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/4/2004 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/4/2004 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/4/2004 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation 11/2/2004 5:01:34 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\igfxcpl.cpl
Realtek Semiconductor Corp. 9/30/2004 7:02:22 AM 278528 C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\ALSNDMGR.CPL

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
5/28/2005 5:02:22 PM 1918 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
10/14/2004 11:38:26 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
10/11/2005 11:35:06 PM 2121 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kaspersky Anti-Hacker.lnk
2/16/2005 11:15:38 AM 807 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/14/2004 4:31:00 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
10/14/2004 11:38:26 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
10/14/2004 4:31:00 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\shellex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\shellex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
hpsysdrv c:\windows\system\hpsysdrv.exe
High Definition Audio Property Page Shortcut HDAudPropShortcut.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
AGRSMMSG AGRSMMSG.exe
KBD C:\HP\KBD\KBD.EXE
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
ccApp "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SSC_UserPrompt c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
LSBWatcher c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
type32 "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
SoundMan SOUNDMAN.EXE
AlcWzrd ALCWZRD.EXE
Alcmtr ALCMTR.EXE
DIGStream C:\Program Files\DIGStream\digstream.exe
DIGServices C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
DiskeeperSystray "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
KAVPersonal50 "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize
OESpamTest C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/16/2005 6:57:23 PM
  • 0

#7
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Looks Peachy! :tazz:

Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...2002/hosts2.htm

Disable System Restore
http://service1.syma...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup!

Go ahead and remove any of the tools downloaded that are of no use anymore!

Post back and let me know how things are?
  • 0

#8
kdsimpso

kdsimpso

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Everything seems to be running smooth again. The computer is about 10x faster now, its crazy how bad that virus affected the speed. Thanks for all your help, I really appreciate it.
  • 0

#9
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Go ahead and Renable System Restore and this will flush out all the old nasty restore points and create a nice new clean one!

Read through those 3 little black links in my signature for some extra ideas on how to avoid this in the future!

Please frequent the Windows Update Site to keep the System Updated with the latest Windows Patches!

If ever you need us again,you know how to find us!

Job well done! :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP