Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE Crashes, winfix problems, hung up before SafeMode


  • Please log in to reply

#1
face_plain

face_plain

    New Member

  • Member
  • Pip
  • 3 posts
** i hope this isnt a duplicate post**

my current HJT log is at the bottom of this page.



hi

Ive been working on my friend's HP, (XP/sp2) trying to rid it of spyware/walware and i need some advice from the pros here :) I was cleaning up the registry and doing fairly well wiping out some adware when I made the awful, awful AWFUL mistake of clicking on a "winfixer2005" ad. Needless to say, ive been trying to completely purge this *crap software* for 2 days.

The worst part, is that since becoming infected, ive been unable to boot into Safe Mode. I get hung up at the boot screen. Also, when in normal mode, IE crashes almost instantly. He's using AOL to browse and AIM for IMs. To my amazement, AOL works fine. :-0


Ive run plenty of scans using multiple tools. Here is what ive tried:


1.
Software: Norton Antivirus

Action Performed: LiveUpdate
Action Performed: Full System Scan
Results: No new threats found.




2.
Software: Noadware

Action Performed: Update Protection
Action Performed: Full System Scan
Results:

Noadware Log
Date : Friday, October 28, 2005
Time:07:53:07TYPE Cookie
ACTION Deleted
VALUE DoubleClick

TYPE Cookie
ACTION Deleted
VALUE about

TYPE Cookie
ACTION Deleted
VALUE ads.adsag

TYPE Cookie
ACTION Deleted
VALUE bizrate

TYPE Cookie
ACTION Deleted
VALUE cdfreaks

TYPE Cookie
ACTION Deleted
VALUE classmates

TYPE Cookie
ACTION Deleted
VALUE com

TYPE Cookie
ACTION Deleted
VALUE data.coremetrics

TYPE Cookie
ACTION Deleted
VALUE stat.dealtime

TYPE Cookie
ACTION Deleted
VALUE fastclick

TYPE Cookie
ACTION Deleted
VALUE hitbox

TYPE Cookie
ACTION Deleted
VALUE indextools

TYPE Cookie
ACTION Deleted
VALUE cgi-bin

TYPE Cookie
ACTION Deleted
VALUE servedby.advertising

TYPE Cookie
ACTION Deleted
VALUE statcounter

TYPE Cookie
ACTION Deleted
VALUE travelocity

TYPE Cookie
ACTION Deleted
VALUE cookie.monster

TYPE Cookie
ACTION Deleted
VALUE SageAnalyst

TYPE Cookie
ACTION Deleted
VALUE casalemedia

TYPE Cookie
ACTION Deleted
VALUE realmedia

TYPE Cookie
ACTION Deleted
VALUE bluestreak

TYPE Cookie
ACTION Deleted
VALUE tribalfusion

TYPE Cookie
ACTION Deleted
VALUE edge.ru4

TYPE Cookie
ACTION Deleted
VALUE trafficmp

TYPE Cookie
ACTION Deleted
VALUE serving-sys

TYPE Cookie
ACTION Deleted
VALUE overture

TYPE Cookie
ACTION Deleted
VALUE server.iad.liveperson

TYPE Cookie
ACTION Deleted
VALUE targetnet

TYPE Cookie
ACTION Deleted
VALUE citi.bridgetrack

TYPE Cookie
ACTION Deleted
VALUE stat.onestat

TYPE Cookie
ACTION Deleted
VALUE mediaplex

TYPE Cookie
ACTION Deleted
VALUE ads.pointroll

TYPE Cookie
ACTION Deleted
VALUE atdmt

TYPE Cookie
ACTION Deleted
VALUE counter.hitslink

TYPE Cookie
ACTION Deleted
VALUE maxserving

TYPE Cookie
ACTION Deleted
VALUE centrport

TYPE Cookie
ACTION Deleted
VALUE 2o7

TYPE Cookie
ACTION Deleted
VALUE advertising

TYPE Cookie
ACTION Deleted
VALUE ads.addynamix

TYPE Cookie
ACTION Deleted
VALUE questionmarket

TYPE Cookie
ACTION Deleted
VALUE z1.adserver

TYPE Cookie
ACTION Deleted
VALUE zedo

TYPE Cookie
ACTION Deleted
VALUE bfast

TYPE Cookie
ACTION Deleted
VALUE apmebf

TYPE Cookie
ACTION Deleted
VALUE cc.bridgetrack

TYPE Cookie
ACTION Deleted
VALUE valueclick

TYPE Cookie
ACTION Deleted
VALUE tripod

TYPE Cookie
ACTION Deleted
VALUE adknowledge

TYPE Cookie
ACTION Deleted
VALUE qksrv

TYPE Cookie
ACTION Deleted
VALUE as-us.falkag



3.
Software: Spybot S&D:

Action Performed: Check For Problems
Action Performed: 6 Full System Scans
Results: All Fixes except Back Web Lite and Noadware and Windows Firewall settingsI assume Back Web Lite has something to do with HP... so i left it alone. lol

--- Report generated: 2005-10-28 21:01 ---

NoAdware: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NoAdware_is1

BackWeb lite: Program directory (Directory, nothing done)
C:\Program Files\BackWeb\

BackWeb lite: File extension (Registry key, nothing done)
HKEY_CLASSES_ROOT\bwpfile

BackWeb lite: File extension (Registry key, nothing done)
HKEY_CLASSES_ROOT\.bwp

BackWeb lite: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\BackWeb

BackWeb lite: Netscape viewer (Registry value, nothing done)
HKEY_USERS\S-1-5-21-390508023-2344068290-1355416408-1003\Software\Netscape\Netscape Navigator\Viewers\application/x-bwpreview

WildTangent: Global settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\WildTangent

WildTangent: Program directory (Directory, fixed)
C:\WINDOWS\wt\updater\

WildTangent: Program directory (Directory, fixed)
C:\Program Files\WildTangent\

Windows Security Center.FirewallDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

WildTangent: Program directory (Directory, fixed)
C:\WINDOWS\wt\

Winsoftware.Common: Program directory (Directory, fixed)
C:\Program Files\Common Files\WinSoftware\

BackWeb lite: Interface (IBackWebDisplaySettings4_2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{001B3F20-D866-11D1-8B4C-00609761C47A}

BackWeb lite: Interface (IBackWebChannel4_2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{025632A0-BCEC-11D1-8B35-00609761C47A}

BackWeb lite: Interface (IBackWebDirectoryEntry) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0C6E0440-0B50-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebDownloadTimeConstraint) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0D1F7C83-8123-11D0-B5CA-0000B43698D6}

BackWeb lite: Interface (IBackWebDownloadTimeConstraintCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0D1F7C84-8123-11D0-B5CA-0000B43698D6}

BackWeb lite: Interface (IBackWebExtension) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0F4FE440-983F-11D0-9B9C-444553540000}

BackWeb lite: Interface (IBackWebGeneralSettings) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC3-61A7-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebDialerSettings) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC4-61A7-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebCommSettings) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC5-61A7-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebDisplaySettings) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC6-61A7-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebSetup) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC7-61A7-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebDirectory) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{15030BC0-0B52-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebStoryFieldCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{1D91D9E0-004B-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWeb2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{23F43240-F78D-11D0-9A50-00AA004812C2}

BackWeb lite: Interface (IBackWebInfoPakDownloadServices) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2DE07D90-DC04-11D0-A875-0000B43699FC}

BackWeb lite: Interface (IBackWebSetupNotifications) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2F099AF0-6329-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebChannelTableNotifications) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2F523082-5A0B-11D0-9B9C-444553540000}

BackWeb lite: Interface (IBackWebSetup4) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3667E7B0-4F28-11D1-8ADB-00609761C47A}

BackWeb lite: Interface (IBackWebFileAccess) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A6E-6F14-11D1-A884-0000B43699FC}

BackWeb lite: Interface (IBackWebInfoPakFilesCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A71-6F14-11D1-A884-0000B43699FC}

BackWeb lite: Interface (IBackWebInfoPakFile) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A74-6F14-11D1-A884-0000B43699FC}

BackWeb lite: Interface (IBackWebOpenInfoPakFile) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A77-6F14-11D1-A884-0000B43699FC}

BackWeb lite: Interface (IBackWebDirectoryNotifications) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{41CEBDC0-32C1-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebStoryTableNotifications) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{44230BC0-3105-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebInfoPakNotifications) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{4A3666F3-5F2D-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWeb) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF355-5323-11D0-A864-0000B43699FC}

BackWeb lite: Interface (IBackWebChannelCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF35A-5323-11D0-A864-0000B43699FC}

BackWeb lite: Interface (IBackWebChannel) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF35B-5323-11D0-A864-0000B43699FC}

BackWeb lite: Interface (IBackWebStoryField) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{5B1E13A0-004B-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebDirectoryEntryCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{5DF6CE40-0B50-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebFileAccessViaDir) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{608FE360-6FB2-11D1-A885-0000B43699FC}

BackWeb lite: Interface (IBackWebInfoPak4_2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{610141C2-7701-11D1-B042-004095903824}

BackWeb lite: Interface (IBackWebAlertSettings) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{72B62B40-17D1-11D1-96A7-F8E906C10000}

BackWeb lite: Interface (IBackWeb4) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{740904E0-0BFB-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebPlayer) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8028B940-4932-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebAllInfoPakCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8131F530-649E-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebChannelDownloadServices) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9132E380-DC21-11D0-A875-0000B43699FC}

BackWeb lite: Interface (IBackWebItemDownloadServices) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{93BF8F00-DBE8-11D0-A875-0000B43699FC}

BackWeb lite: Interface (IBackWebChannel2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9647FB70-DC0F-11D0-A875-0000B43699FC}

BackWeb lite: Interface (IBackWebStoryCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46422-FF61-11D0-9951-444553540000}

BackWeb lite: Interface (IBackWebAllStoryCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46423-FF61-11D0-9951-444553540000}

BackWeb lite: Interface (IBackWebStory) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46424-FF61-11D0-9951-444553540000}

BackWeb lite: Interface (IBackWebChannelVariableCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{A4BC67F0-6C90-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebChannel4) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{AEE96320-2131-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebCommunications) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{BAD37BC0-2231-11D1-9951-444553540000}

BackWeb lite: Interface (IBackWebChannelCollection4) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{BCD0C200-69C1-11D1-8AF8-00609761C47A}

BackWeb lite: Interface (IBackWebFilterSettings) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{C8CEEEE0-17D6-11D1-96A7-F8E906C10000}

BackWeb lite: Interface (IBackWebApplicationNotifications) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{D0894D60-6C6C-11D0-A866-0000B43699FC}

BackWeb lite: Interface (IBackWebGeneralSettings2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{E01AD640-F87D-11D0-9A50-00AA004812C2}

BackWeb lite: Interface (IBackWebInfoPakCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{EB1FFFC1-5688-11D0-A865-0000B43699FC}

BackWeb lite: Interface (IBackWebInfoPak) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{EB1FFFC2-5688-11D0-A865-0000B43699FC}

BackWeb lite: Interface (IBackWebChannelVariable) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{FEFCA7F0-6C8E-11D0-A866-0000B43699FC}

FastClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


Winfixer: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-10-28 Includes\Cookies.sbi (*)
2005-10-28 Includes\Dialer.sbi (*)
2005-10-28 Includes\Hijackers.sbi (*)
2005-10-28 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-10-28 Includes\Malware.sbi (*)
2005-10-28 Includes\PUPS.sbi (*)
2005-10-28 Includes\Revision.sbi (*)
2005-10-28 Includes\Security.sbi (*)
2005-10-28 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-10-28 Includes\Trojans.sbi (*)



4.
Software: Max PC Secure:

Action Performed: Update Protection
Action Performed: Multiple Full System Scans
Results: Registry threats and cookies removed. Log File/edit report included below.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

10/29/2005
Windows XP Home Edition

HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\(Default)\:PCheck Class
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\inprocserver32\threadingmodel\:Both
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\progid\(Default)\:PCheck.PCheck.1
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\typelib\(Default)\:{3BFF2EF1-25BA-4342-A1E8-EC1E2CB9F22B}
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\versionindependentprogid\(Default)\:PCheck.PCheck
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\(Default)\:ICheckProduct
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\proxystubclsid\(Default)\:{00020424-0000-0000-C000-000000000046}
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\proxystubclsid32\(Default)\:{00020424-0000-0000-C000-000000000046}
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\typelib\(Default)\:{3BFF2EF1-25BA-4342-A1E8-EC1E2CB9F22B}
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\typelib\version\:1.0
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\(Default)\:CheckProduct2Lib
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\flags\(Default)\:0
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\inprocserver32\(Default)\:C:\Program Files\Common Files\WinSoftware\PrCheck.dll
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck.1\(Default)\:PCheck Class
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck.1\clsid\(Default)\:{FD1A9E6B-05DA-4ca2-830D-654DA1DDBD9E}
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck\(Default)\:PCheck Class
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck\clsid\(Default)\:{FD1A9E6B-05DA-4ca2-830D-654DA1DDBD9E}
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck\curver\(Default)\:PCheck.PCheck.1
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\0\win32\(Default)\:C:\Program Files\Common Files\WinSoftware\PrCheck.dll
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\helpdir\(Default)\:C:\Program Files\Common Files\WinSoftware\
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{55910916-8B4E-4C1E-9253-CCE296EA71EB}\Compatibility Flags
Registry Value 2nd Thought
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{99410CDE-6F16-42CE-9D49-3807F78F0287}\Compatibility Flags
Registry Value 180searchassistant
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\inprocserver32\threadingmodel
Registry Value surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\typelib\version
Registry Value surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{645FD3BC-C314-4F7A-9D2E-64D62A0FDD78}\Compatibility Flags
Registry Value Apropos Media
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{65C8C1F5-230E-4DC9-9A0D-F3159A5E7778}\Compatibility Flags
Registry Value Apropos Media
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D5580D6F-0E5F-4BDB-9CDF-F8EE68BEB008}\Compatibility Flags
Registry Value Apropos Media
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{58359010-BF36-11D3-99A2-0050DA2EE1BE}\Compatibility Flags
Registry Value Ezula TopText
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}\Compatibility Flags
Registry Value CommonName
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\Compatibility Flags
Registry Value EzuLa
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D6A91CF-37C6-4EB2-A8D8-F65F1DB14ECE}\Compatibility Flags
Registry Value 7Fasst
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
Registry Key 2nd Thought
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{99410CDE-6F16-42CE-9D49-3807F78F0287}
Registry Key 180searchassistant
----------------------------------------
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext
Registry Key QuickToolBar
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\implemented categories
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\implemented categories\{7dd95801-9882-11cf-9fa9-00aa006c42c4}
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\implemented categories\{7dd95802-9882-11cf-9fa9-00aa006c42c4}
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\inprocserver32
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\progid
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\programmable
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\typelib
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\versionindependentprogid
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\proxystubclsid
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\proxystubclsid32
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\typelib
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\0
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\0\win32
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\flags
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\helpdir
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{645FD3BC-C314-4F7A-9D2E-64D62A0FDD78}
Registry Key Apropos Media
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{65C8C1F5-230E-4DC9-9A0D-F3159A5E7778}
Registry Key Apropos Media
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D5580D6F-0E5F-4BDB-9CDF-F8EE68BEB008}
Registry Key Apropos Media
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck
Registry Key WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck.1
Registry Key WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck.1\clsid
Registry Key WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck\clsid
Registry Key WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck\curver
Registry Key WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SimpleRegistry.Registry
Registry Key WhenUSearchBar
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SimpleRegistry.Registry.1
Registry Key WhenUSearchBar
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SimpleRegistry.Registry.1\CLSID
Registry Key WhenUSearchBar
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SimpleRegistry.Registry\CLSID
Registry Key WhenUSearchBar
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SimpleRegistry.Registry\CurVer
Registry Key WhenUSearchBar
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{58359010-BF36-11D3-99A2-0050DA2EE1BE}
Registry Key Ezula TopText
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}
Registry Key CommonName
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe
Registry Key CommonName
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{19DFB2CB-9B27-11D4-B192-0050DAB79376}
Registry Key EzuLa
----------------------------------------
HKEY_LOCAL_MACHINE\Software\Microsoft\IEAK
Registry Key Aornum
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D6A91CF-37C6-4EB2-A8D8-F65F1DB14ECE}
Registry Key 7Fasst
----------------------------------------
C:\WINDOWS\Q330994.exe
File Aurora
----------------------------------------
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
Folder w32.capside.worm
----------------------------------------
C:\Documents and Settings\Owner\Local Settings\Temp\WinFixer2005Setup.exe
File surf sidekick
----------------------------------------
@EDGE.RU4.COM
Cookie Edge.ru4
----------------------------------------
@QNSR.COM
Cookie SearchTheWeb
----------------------------------------
@SMILEYCENTRAL.COM
Cookie SearchTheWeb
----------------------------------------
@ADS.POINTROLL
Cookie pointroll cookie
----------------------------------------
@ADS.POINTROLL.COM
Cookie PointRoll.com
----------------------------------------
@INSIGHTEXPRESSAI.COM
Cookie IPInsight
----------------------------------------
@WWW.123COUNT.COM
Cookie ILookup
----------------------------------------
@IMRWORLDWIDE.COM/CGI-BIN
Cookie CGI-Bin
----------------------------------------
@STATCOUNTER.COM
Cookie Statcounter
----------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

10/29/2005
Windows XP Home Edition

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext
Registry Key QuickToolBar
----------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

10/29/2005
Windows XP Home Edition

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

10/29/2005
Windows XP Home Edition

: Database Version: 5.4
: Product Version: 8.8
: <Start Export Log>
: - Windows XP Home Edition

Internet Explorer :R0 : HKLM\Software\Microsoft\Internet Explorer\Main,Start Page http://www.microsoft...B_PVER}&ar=home
Internet Explorer :R0 : HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL http://www.microsoft...er=6&ar=msnhome
Internet Explorer :R0 : HKCU\Software\Microsoft\Internet Explorer\Main,Start Page http://www.yahoo.com/
Internet Explorer :R0 : HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant http://ie.search.msn...st/srchasst.htm

Internet Explorer :R1 : HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch http://ie.search.msn...st/srchcust.htm
Internet Explorer :R1 : HKCU\Software\Microsoft\Internet Explorer\Main,Search Page http://www.microsoft...=ie&ar=iesearch
Internet Explorer :R1 : HKLM\Software\Microsoft\Internet Explorer\Main,Search Page http://www.microsoft...=ie&ar=iesearch
Internet Explorer :R1 : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel Not Present
Internet Explorer :R1 : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,(ProxyOverride) localhost


BHO :O2 : {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll
BHO :O2 : {437B70A9-36E9-47EE-A955-CBEF08ED3542} C:\Program Files\Max PC Secure\MaxPopupSmasher\PopupSmasher.dll
BHO :O2 : {9ECB9560-04F9-4bbc-943D-298DDF1699E1} C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
BHO :O2 : {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
BHO :O2 : {8DBF02DA-4360-4A7E-BEA1-347B87816327} C:\WINDOWS\system32\mljge.dll
BHO :O2 : {65D886A2-7CA7-479B-BB95-14D1EFB7946A} C:\Program Files\Yahoo!\Common\YIeTagBm.dll
BHO :O2 : {BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
BHO :O2 : {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll

HKCU - Run :O4 : MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
HKCU - Run :O4 : RecordNow!
HKCU - Run :O4 : Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
HKCU - Run :O4 : AOLCC "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
HKCU - Run :O4 : Eyeball Chat "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min

HKLM - Run :O4 : KernelFaultCheck %systemroot%\system32\dumprep 0 -k
HKLM - Run :O4 : SystemTraySD C:\WINDOWS\system32\SDSystemTray.exe
HKLM - Run :O4 : HostManager C:\Program Files\Common Files\AOL\1111906512\ee\AOLSoftware.exe
HKLM - Run :O4 : SDMONITOR C:\WINDOWS\system32\SDMonitor.exe
HKLM - Run :O4 : REGSHAVE C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
HKLM - Run :O4 : SystemTraySecure C:\WINDOWS\system32\MaxSecureTray.exe
HKLM - Run :O4 : MonitorSD C:\Program Files\Max PC Secure\MaxSpyDetector\SDMonitor.exe #FROMDLG
HKLM - Run :O4 : ProxyChecker C:\Program Files\Max PC Secure\MaxSecureAnnonySurf\CheckProxy.exe
HKLM - Run :O4 : ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKLM - Run :O4 : TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKLM - Run :O4 : QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM - Run :O4 : SDAutoScan "C:\Program Files\Max PC Secure\MaxSpyDetector\SpywareDetector.exe" -AUTOSCAN
HKLM - Run :O4 : URLLSTCK.exe C:\Program Files\Norton Internet Security\UrlLstCk.exe

Global startup :O4 : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Startup :O4 : C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
Startup :O4 : C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk C:\Program Files\interMute\SpamSubtract\SpamSub.exe

IE Options Restriction :O6 : HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions Not Present

Extra context menu item :O8 : E&xport to Microsoft Excel res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Extra context menu item :O8 : Yahoo! &Maps file:///C:\Program Files\Yahoo!\Common/ycmap.htm
Extra context menu item :O8 : Yahoo! &Dictionary file:///C:\Program Files\Yahoo!\Common/ycdict.htm
Extra context menu item :O8 : &AOL Toolbar search res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Extra context menu item :O8 : Yahoo! &SMS file:///C:\Program Files\Yahoo!\Common/ycsms.htm
Extra context menu item :O8 : &Yahoo! Search file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

Extra Button :O9 : {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} Yahoo! Services - C:\Program Files\Yahoo!\Common\yiesrvc.dll
Extra Menu :O9 : {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
Extra Menu :O9 : {4982D40A-C53B-4615-B15B-B5B5E98D167C} {4982D40A-C53B-4615-B15B-B5B5E98D167C}
Extra Menu :O9 : CmdMapping CmdMapping
Extra Menu :O9 : {FB5F1910-F110-11d2-BB9E-00C04F795683} {FB5F1910-F110-11d2-BB9E-00C04F795683}
Extra Menu :O9 : {92780B25-18CC-41C8-B9BE-3C9C571A8263} {92780B25-18CC-41C8-B9BE-3C9C571A8263}

Winsock :O10 : 000000000001 %SystemRoot%\System32\mswsock.dll
Winsock :O10 : 000000000002 %SystemRoot%\System32\winrnr.dll
Winsock :O10 : 000000000003 %SystemRoot%\System32\mswsock.dll

Advance Option :O11 : CRYPTO Security
Advance Option :O11 : SEARCHING Search from the Address bar
Advance Option :O11 : HTTP HTTP 1.1 settings
Advance Option :O11 : PRINT Printing
Advance Option :O11 : JAVA_VM
Advance Option :O11 : ACCESSIBILITY Accessibility
Advance Option :O11 : BROWSE Browsing
Advance Option :O11 : MULTIMEDIA Multimedia

IERESET.INF :O14 : START_PAGE_URL http://www.microsoft...er=6&ar=msnhome




Activex :O16 : QDiagAOLCCUpdateObj Class - {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} C:\WINDOWS\system32\qdiagcc.ocx - http://aolcc.aol.com...kup/qdiagcc.cab
Activex :O16 : Yahoo! Webcam Upload Wrapper - {8714912E-380D-11D5-B8AA-00D0B78F3D48} C:\WINDOWS\Downloaded Program Files\CONFLICT.1\yuplapp.dll - http://chat.yahoo.com/cab/yuplapp.cab
Activex :O16 : YInstStarter Class - {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll - C:\Program Files\Yahoo!\Common\yinsthelper.dll
Activex :O16 : Java Plug-in 1.4.2 - {8AD9C840-044E-11D1-B3E9-00805F499D93} C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll - http://java.sun.com/...indows-i586.cab
Activex :O16 : Java Plug-in 1.4.2 - {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll - http://java.sun.com/...indows-i586.cab
Activex :O16 : Yahoo! Webcam Viewer Wrapper - {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} C:\WINDOWS\Downloaded Program Files\yvwrctl.dll - http://chat.yahoo.com/cab/yvwrctl.cab


Protocol Filter :O18 : application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
Protocol Filter :O18 : application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
Protocol Filter :O18 : text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll
Protocol Filter :O18 : Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
Protocol Filter :O18 : gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll
Protocol Filter :O18 : application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
Protocol Filter :O18 : text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
Protocol Filter :O18 : deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll
Protocol Filter :O18 : lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll

Protocol Handler :O18 : msdaipp
Protocol Handler :O18 : mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\System32\inetcomm.dll
Protocol Handler :O18 : tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
Protocol Handler :O18 : mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
Protocol Handler :O18 : its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\WINDOWS\System32\ITSS.DLL
Protocol Handler :O18 : ipp
Protocol Handler :O18 : local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
Protocol Handler :O18 : https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
Protocol Handler :O18 : mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
Protocol Handler :O18 : http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
Protocol Handler :O18 : res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
Protocol Handler :O18 : sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\System32\mshtml.dll
Protocol Handler :O18 : ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\WINDOWS\System32\ITSS.DLL
Protocol Handler :O18 : gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
Protocol Handler :O18 : mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll

SSODL :O21 : {35CEC8A3-2BE6-11D2-8773-92E220524153} SysTray - C:\WINDOWS\System32\stobject.dll
SSODL :O21 : {7849596a-48ea-486e-8937-a2a3009f31a9} PostBootReminder - %SystemRoot%\system32\SHELL32.dll
SSODL :O21 : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} WebCheck - %SystemRoot%\System32\webcheck.dll
SSODL :O21 : {fbeb8a05-beee-4442-804e-409d6c4515e9} CDBurn - %SystemRoot%\system32\SHELL32.dll

SharedTaskScheduler :O22 : Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} (No File)
SharedTaskScheduler :O22 : Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} (No File)

Services :O23 : WZCSVC %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : WebClient %SystemRoot%\System32\svchost.exe -k LocalService
Services :O23 : viaagp1 System32\DRIVERS\viaagp1.sys
Services :O23 : VgaSave \SystemRoot\System32\drivers\vga.sys
Services :O23 : upnphost %SystemRoot%\System32\svchost.exe -k LocalService
Services :O23 : SymWSC C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Services :O23 : SYMIDS \SystemRoot\System32\Drivers\SYMIDS.SYS
Services :O23 : SLIP System32\DRIVERS\SLIP.sys
Services :O23 : RasAcd System32\DRIVERS\rasacd.sys
Services :O23 : Netlogon %SystemRoot%\System32\lsass.exe
Services :O23 : mouhid System32\DRIVERS\mouhid.sys
Services :O23 : ERSvc %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : CryptSvc %SystemRoot%\system32\svchost.exe -k netsvcs
Services :O23 : BridgeMP System32\DRIVERS\bridge.sys
Services :O23 : WS2IFSL \SystemRoot\System32\drivers\ws2ifsl.sys
Services :O23 : wanatw System32\DRIVERS\wanatw4.sys
Services :O23 : VSS %SystemRoot%\System32\vssvc.exe
Services :O23 : usbhub System32\DRIVERS\usbhub.sys
Services :O23 : TrkWks %SystemRoot%\system32\svchost.exe -k netsvcs
Services :O23 : SYMTDI \SystemRoot\System32\Drivers\SYMTDI.SYS
Services :O23 : ShellHWDetection %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : ScsiPort %SystemRoot%\system32\drivers\scsiport.sys
Services :O23 : S3Psddr System32\DRIVERS\s3gnbm.sys
Services :O23 : Raspti System32\DRIVERS\raspti.sys
Services :O23 : PptpMiniport System32\DRIVERS\raspptp.sys
Services :O23 : PCI System32\DRIVERS\pci.sys
Services :O23 : nv_agp System32\DRIVERS\nv_agp.sys
Services :O23 : NetDDEdsdm %SystemRoot%\system32\netdde.exe
Services :O23 : MSIServer C:\WINDOWS\system32\msiexec.exe /V
Services :O23 : HidUsb System32\DRIVERS\hidusb.sys
Services :O23 : Fdc System32\DRIVERS\fdc.sys
Services :O23 : fasttx2k System32\DRIVERS\fasttx2k.sys
Services :O23 : Eventlog %SystemRoot%\system32\services.exe
Services :O23 : DMusic system32\drivers\DMusic.sys
Services :O23 : DcomLaunch %SystemRoot%\system32\svchost -k DcomLaunch
Services :O23 : COMSysApp C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Services :O23 : ClipSrv %SystemRoot%\system32\clipsrv.exe
Services :O23 : Browser %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : ALCXSENS system32\drivers\ALCXSENS.SYS
Services :O23 : wdmaud system32\drivers\wdmaud.sys
Services :O23 : Tcpip System32\DRIVERS\tcpip.sys
Services :O23 : symlcbrd \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
Services :O23 : SYMDNS \SystemRoot\System32\Drivers\SYMDNS.SYS
Services :O23 : Sunkfiltp \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys
Services :O23 : Srv System32\DRIVERS\srv.sys
Services :O23 : Schedule %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : rtl8139 System32\DRIVERS\R8139n51.SYS
Services :O23 : redbook System32\DRIVERS\redbook.sys
Services :O23 : ProtectedStorage %SystemRoot%\system32\lsass.exe
Services :O23 : PolicyAgent %SystemRoot%\System32\lsass.exe
Services :O23 : ohci1394 System32\DRIVERS\ohci1394.sys
Services :O23 : NtLmSsp %SystemRoot%\System32\lsass.exe
Services :O23 : navapsvc "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
Services :O23 : MSPQM system32\drivers\MSPQM.sys
Services :O23 : LmHosts %SystemRoot%\System32\svchost.exe -k LocalService
Services :O23 : Kbdclass System32\DRIVERS\kbdclass.sys
Services :O23 : ewido security suite driver \??\C:\Documents and Settings\Owner\Desktop\security suite\guard.sys
Services :O23 : AsyncMac System32\DRIVERS\asyncmac.sys
Services :O23 : AmdK7 System32\DRIVERS\amdk7.sys
Services :O23 : Alerter %SystemRoot%\System32\svchost.exe -k LocalService
Services :O23 : UPS %SystemRoot%\System32\ups.exe
Services :O23 : SYMFW \SystemRoot\System32\Drivers\SYMFW.SYS
Services :O23 : streamip System32\DRIVERS\StreamIP.sys
Services :O23 : srservice %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : Serial System32\DRIVERS\serial.sys
Services :O23 : SCardSvr %SystemRoot%\System32\SCardSvr.exe
Services :O23 : RasAuto %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : NwlnkFlt System32\DRIVERS\nwlnkflt.sys
Services :O23 : NVXBAR System32\DRIVERS\NVxbar.sys
Services :O23 : ISSVC "C:\Program Files\Norton Internet Security\ISSVC.exe"
Services :O23 : intelppm System32\DRIVERS\intelppm.sys
Services :O23 : Imapi System32\DRIVERS\imapi.sys
Services :O23 : drmkaud system32\drivers\drmkaud.sys
Services :O23 : dmadmin %SystemRoot%\System32\dmadmin.exe /com
Services :O23 : atapi System32\DRIVERS\atapi.sys
Services :O23 : {6080A529-897E-4629-A488-ABA0C29B635E} system32\drivers\ialmsbw.sys
Services :O23 : winmgmt %systemroot%\system32\svchost.exe -k netsvcs
Services :O23 : TapiSrv %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : swmidi system32\drivers\swmidi.sys
Services :O23 : swenum System32\DRIVERS\swenum.sys
Services :O23 : SPBBCDrv \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
Services :O23 : Serenum System32\DRIVERS\serenum.sys
Services :O23 : seclogon %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : SBService C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Services :O23 : SAVRT \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
Services :O23 : Ptilink System32\DRIVERS\ptilink.sys
Services :O23 : PlugPlay %SystemRoot%\system32\services.exe
Services :O23 : nvcap System32\DRIVERS\nvcap.sys
Services :O23 : mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
Services :O23 : ltmodem5 System32\DRIVERS\ltmdmnt.sys
Services :O23 : ewido security suite control C:\Documents and Settings\Owner\Desktop\security suite\ewidoctrl.exe
Services :O23 : W32Time %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : usbehci System32\DRIVERS\usbehci.sys
Services :O23 : usbccgp System32\DRIVERS\usbccgp.sys
Services :O23 : splitter system32\drivers\splitter.sys
Services :O23 : SharedAccess %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : SAVRTPEL \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
Services :O23 : RDSessMgr C:\WINDOWS\system32\sessmgr.exe
Services :O23 : PCIIde \SystemRoot\System32\DRIVERS\pciide.sys
Services :O23 : NVSvc %SystemRoot%\System32\nvsvc32.exe
Services :O23 : NdisIP System32\DRIVERS\NdisIP.sys
Services :O23 : xmlprov %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : usbuhci System32\DRIVERS\usbuhci.sys
Services :O23 : sysaudio system32\drivers\sysaudio.sys
Services :O23 : Secdrv System32\DRIVERS\secdrv.sys
Services :O23 : SAVScan "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"
Services :O23 : RpcLocator %SystemRoot%\System32\locator.exe
Services :O23 : PxHelp20 System32\DRIVERS\PxHelp20.sys
Services :O23 : Processor System32\DRIVERS\processr.sys
Services :O23 : Parport System32\DRIVERS\parport.sys
Services :O23 : Mouclass System32\DRIVERS\mouclass.sys
Services :O23 : kbdhid System32\DRIVERS\kbdhid.sys
Services :O23 : IPSec System32\DRIVERS\ipsec.sys
Services :O23 : dmserver %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : BITS %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : Arp1394 System32\DRIVERS\arp1394.sys
Services :O23 : AOL ACS "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
Services :O23 : RDPCDD System32\DRIVERS\RDPCDD.sys
Services :O23 : RasMan %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : PSched System32\DRIVERS\psched.sys
Services :O23 : pfc system32\drivers\pfc.sys
Services :O23 : IpNat System32\DRIVERS\ipnat.sys
Services :O23 : Gpc System32\DRIVERS\msgpc.sys
Services :O23 : Bridge System32\DRIVERS\bridge.sys
Services :O23 : WmdmPmSN %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : Themes %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : stisvc %SystemRoot%\System32\svchost.exe -k imgsvc
Services :O23 : SENS %SystemRoot%\system32\svchost.exe -k netsvcs
Services :O23 : SamSs %SystemRoot%\system32\lsass.exe
Services :O23 : nv System32\DRIVERS\nv4_mini.sys
Services :O23 : MRxSmb System32\DRIVERS\mrxsmb.sys
Services :O23 : MRxDAV System32\DRIVERS\mrxdav.sys
Services :O23 : lanmanserver %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : HTTP System32\Drivers\HTTP.sys
Services :O23 : Fax %systemroot%\system32\fxssvc.exe
Services :O23 : Atmarpc System32\DRIVERS\atmarpc.sys
Services :O23 : wscsvc %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : Update System32\DRIVERS\update.sys
Services :O23 : SNDSrvc "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
Services :O23 : RemoteAccess %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : NetBT System32\DRIVERS\netbt.sys
Services :O23 : Ftdisk System32\DRIVERS\ftdisk.sys
Services :O23 : EventSystem C:\WINDOWS\System32\svchost.exe -k netsvcs
Services :O23 : CiSvc %SystemRoot%\system32\cisvc.exe
Services :O23 : CCDECODE System32\DRIVERS\CCDECODE.sys
Services :O23 : ALG %SystemRoot%\System32\alg.exe
Services :O23 : WmXlCore system32\drivers\WmXlCore.sys
Services :O23 : viagfx System32\DRIVERS\vtmini.sys
Services :O23 : NwlnkFwd System32\DRIVERS\nwlnkfwd.sys
Services :O23 : netwg311 System32\DRIVERS\netwg311.sys
Services :O23 : NetDDE %SystemRoot%\system32\netdde.exe
Services :O23 : NdisWan System32\DRIVERS\ndiswan.sys
Services :O23 : NAV Alert C:\PROGRA~1\Navnt\alertsvc.exe
Services :O23 : MSTEE s
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP