# Solved: task manager not working also running slow plz help



## stormie9870 (Mar 25, 2007)

hi guys 
my comp seems to be running slow and when i tried Ctrl,Alt and Delete i got nothing have tried going through system 32 file but it comes up that it is already in use

HJT file:
Logfile of HijackThis v1.99.1
Scan saved at 21:38:45, on 25/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
G:\hijackthis_sfx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.orangehome.co.uk:8080;ftp=http://www-cache.orangehome.co.uk:8080
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: XBTP01629 - {1B728C8D-9F82-41FA-93CC-25445F51FC70} - C:\PROGRA~1\AUCTIO~1.UKT\AUCTIO~1.DLL
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: auction-typos.co.uk Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\auction-typos.co.uk Toolbar\auction-typos.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: dllhost.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: auction-typos.co.uk Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\auction-typos.co.uk Toolbar\auction-typos.dll
O9 - Extra 'Tools' menuitem: auction-typos.co.uk Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\auction-typos.co.uk Toolbar\auction-typos.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775F} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlabsli.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

any help would be greatly received
stormie9870


----------



## JSntgRvr (Jul 1, 2003)

Hi, *stormie9870*. 

Welcome to the forum.

Please download *Brute Force Uninstaller* to your desktop.
Right click the BFU folder on your desktop, and choose *Extract All*
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C: ) or whatever your primary drive is 
Click "Make New Folder"
Type in *BFU*
Click "Next", and *Un*check the "Show Extracted Files" box and then click "Finish".
*RIGHT-CLICK HERE* and choose "Save As" (in IE it's "Save Target As") in order to download Alcra *PLUS* Remover. 
*Save it in the same folder you made earlier (c:\BFU)*.

Do not do anything with these yet!








Please download *ATF Cleaner* by Atribune.
*This program is for XP and Windows 2000 only*

Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
If you use Firefox browser
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
If you use Opera browser
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
Click *Exit* on the Main menu to close the program.
For *Technical Support*, double-click the e-mail address located at the bottom of each menu.








Download *AVG Anti-Spyware* from *HERE* and save that file to your desktop.
_This is a 30 day trial of the program_
Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "*Update*" then select the "*Update now*" link.
Next select the "*Start Update*" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "*Scanner*" icon at the top of the screen, then select the "*Settings*" tab.
Once in the Settings screen click on "*Recommended actions*" and then select "*Quarantine*".
Under "*Reports*"
Select "*Automatically generate report after every scan*"
Un-Select "*Only if threats were found*"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly

*Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.*

*Boot into Safe Mode:*

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Perform the following steps in safe mode:


*IMPORTANT:* Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "*Scanner*" icon at the top and then the "*Scan*" tab then click on "*Complete System Scan*".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
*Once the scan is complete do the following:*
If you have any infections you will prompted, then select "*Apply all actions*"
Next select the "*Reports*" icon at the top.
Select the "*Save report as*" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware .
Then, please go to Start > My Computer and navigate to the C:\BFU folder.
 Start the Brute Force Uninstaller by doubleclicking *BFU.exe*
 Behind the *scriptline to execute* field click the folder icon







and select *alcanshorty.bfu*
 Press *Execute* and let the program do its job. (You ought to see a progress bar if you did this correctly.)
Wait for the *complete script execution* box to pop up and press OK.
Press *exit* to terminate the BFU program.
*Restart back into Windows normally now*.

Please go *HERE* to run Panda's ActiveScan
Once you are on the Panda site click the *Scan your PC* button
A new window will open...click the *Check Now* button
Enter your *Country*
Enter your *State/Province*
Enter your *e-mail address* and click *send*
Select either *Home User* or *Company*
Click the big *Scan Now* button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on *My Computer* to start the scan
When the scan completes, if anything malicious is detected, click the *See Report* button, *then Save Report* and save it to a convenient location.
*Post a fresh Hijackthis log along with the AVG Anti-spyware and ActiveScan reports.*


----------



## stormie9870 (Mar 25, 2007)

k here goes HJT first then AVG and Activescan last on other post

thanks again for ur help 

Logfile of HijackThis v1.99.1
Scan saved at 16:36:17, on 26/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.orangehome.co.uk:8080;ftp=http://www-cache.orangehome.co.uk:8080
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: XBTP01629 - {1B728C8D-9F82-41FA-93CC-25445F51FC70} - C:\PROGRA~1\AUCTIO~1.UKT\AUCTIO~1.DLL
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: auction-typos.co.uk Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\auction-typos.co.uk Toolbar\auction-typos.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: auction-typos.co.uk Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\auction-typos.co.uk Toolbar\auction-typos.dll
O9 - Extra 'Tools' menuitem: auction-typos.co.uk Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\auction-typos.co.uk Toolbar\auction-typos.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775F} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlabsli.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:	10:23:25 26/03/2007

+ Scan result:

C:\Documents and Settings\me\Local Settings\Temporary Internet Files\Content.IE5\H1UHQG0L\mm[1].js -> Adware.Chitika : Cleaned with backup (quarantined).
C:\Documents and Settings\me\My Documents\My Music\kuhana reef 2.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\me\Shared\kuhana reef 2.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E061232E-56A1-411E-B84E-F4B19B14C01A}\RP20\A0003225.EXE -> Adware.Lop : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E061232E-56A1-411E-B84E-F4B19B14C01A}\RP33\A0004923.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\me\Desktop\auction-typos_co_uk_toolbar.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\auction-typos.co.uk Toolbar\tbhelper.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\auction-typos.co.uk Toolbar\tbu04312\tbhelper.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E061232E-56A1-411E-B84E-F4B19B14C01A}\RP52\A0007299.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E061232E-56A1-411E-B84E-F4B19B14C01A}\RP52\A0007317.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E061232E-56A1-411E-B84E-F4B19B14C01A}\RP60\A0010895.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\auction-typos.co.uk Toolbar\spyrem.exe -> Adware.SpywareRem : Cleaned with backup (quarantined).
C:\Program Files\auction-typos.co.uk Toolbar\tbu04312\spyrem.exe -> Adware.SpywareRem : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E061232E-56A1-411E-B84E-F4B19B14C01A}\RP52\A0007298.exe -> Adware.SpywareRem : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E061232E-56A1-411E-B84E-F4B19B14C01A}\RP52\A0007316.exe -> Adware.SpywareRem : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E061232E-56A1-411E-B84E-F4B19B14C01A}\RP60\A0010894.exe -> Adware.SpywareRem : Cleaned with backup (quarantined).
C:\Documents and Settings\me\My Documents\My Music\PC.Registry.Cleaner.v3.0-TBE.zip/PC.Registry.Cleaner.v3.0-TBE/Crack.eXe -> Dropper.Delf.xo : Cleaned with backup (quarantined).
C:\Documents and Settings\me\My Documents\My Music\PC.Registry.Cleaner.v3.0-TBE.zip/PC.Registry.Cleaner.v3.0-TBE/PCRegistryCleanerTrial.exe -> Dropper.Delf.xo : Cleaned with backup (quarantined).
C:\Program Files\PCRegistryCleaner\Crack.eXe -> Dropper.Delf.xo : Cleaned with backup (quarantined).
F:\PC.Registry.Cleaner.v3.0-TBE\Crack.eXe -> Dropper.Delf.xo : Cleaned with backup (quarantined).
F:\PC.Registry.Cleaner.v3.0-TBE\PCRegistryCleanerTrial.exe -> Dropper.Delf.xo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E061232E-56A1-411E-B84E-F4B19B14C01A}\RP54\A0008449.exe -> Proxy.Agent.kj : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00532760.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00532761.TXT -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00532764.TXT -> TrackingCookie.Connextra : Cleaned.
C:\RECYCLER\NPROTECT\00532765.TXT -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\NPROTECT\00532786.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00532774.TXT -> TrackingCookie.Mediaplex : Cleaned.
C:\RECYCLER\NPROTECT\00532779.TXT -> TrackingCookie.Revsci : Cleaned.
C:\RECYCLER\NPROTECT\00532763.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\NPROTECT\00532782.TXT -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\NPROTECT\00532773.TXT -> TrackingCookie.Webtrends : Cleaned.

::Report end


----------



## stormie9870 (Mar 25, 2007)

Incident Status Location

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\me\Cookies\[email protected][1].txt 
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\me\Cookies\[email protected][2].txt 
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\me\Cookies\[email protected][1].txt 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\battlestar.galactica.s03e05.avi.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Charlie.And.Lola.Volume.3.NTSC.DVDR-MADE.zip[Video.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Dirty Dancing- I've Had The Time Of My Life.mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Dusty Springfield - Son of a Preacher Man.mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Eric Carmen - Hungry Eyes (Dirty Dancing Soundtrack).mp3.zip[Setup.exe]  
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Grease - You're the one that I want (John Travolta & Olivia Newton-John).mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Grease Soundtrack - There Are Worse Things I Could Do.mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Janis Joplin - Pulp fiction - Son of a Preacher Man.mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Jerry Lee Lewis - C'est La Vie - Pulp Fiction Soundtrack.mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Lost - Season 3 - Episode 11 - Enter 77.avi.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Lost - Season 3 Episode 12.avi.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Lost Season 3 - Episode 4 - Every Man For Himself.avi.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Movie Quotes - Pulp Fiction - John Travolta and Samuel L. Jackson - Personality Goes A Long Way.mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Oldies - Dirty Dancing - Loverboy.mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Olivia Newton-John - Hopelessly Devoted To You (Grease Soundtrack) 1.mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Pulp Fiction - Maria McKee - If Love Is A Red Dress.mp3.zip[Setup.exe]  
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Pulp Fiction Soundtrack - 09 - Chuck Berry - You Never Can Tell.mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Pulp Fiction Soundtrack - Girl, You'll Be A Woman Soon - Urge Overkill.mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Reservoir dogs - Resevoir Dogs.avi.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\She's Like The Wind - Patrick Swayze - Dirty Dancing Soundtrack.mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\SoundTracks - Dirty Dancing - Hey Baby.mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Soundtracks - Disney - The Lion King - Can You Feel the Love Tonight - Elton John.mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Soundtracks - Pulp Fiction Theme (movie).mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Soundtracks - Top Gun - You've Lost That Loving Feeling (Righteous Brothers).mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\Statler Brothers - Counting Flowers On the Wall.mp3.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\Documents and Settings\me\Shared\_\q7q7q7q7q7q7q7q7xx.zip[Track_03.exe] 
Virus:Trj/Vb.TT Disinfected C:\Program Files\a.zip[Setup.exe]  
Virus:Trj/Vb.TT Disinfected C:\Program Files\b.zip[Video.exe] 
Virus:Trj/Vb.TT Disinfected C:\Program Files\c.zip[Track_03.exe] 
Virus:Trj/Vb.TT Disinfected C:\Program Files\Setup.exe 
Virus:Trj/Vb.TT Disinfected C:\Program Files\Track_03.exe 
Virus:Bck/VBBot.C Disinfected C:\Program Files\uy.exe 
Virus:Trj/Vb.TT Disinfected C:\Program Files\Video.exe 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531586.exe 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531587.exe 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531592.exe 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531593.exe 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531924.exe  
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531925.exe 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531926.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531927.zip[Video.exe] 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531928.zip[Track_03.exe] 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531931.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531932.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531934.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531936.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531938.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531940.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531941.EXE  
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531942.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531943.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531944.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531945.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531946.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531947.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531948.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531949.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531950.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531951.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531952.EXE  
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531953.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531954.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531955.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531956.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531957.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00531958.EXE 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00532321.exe 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00532322.exe 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00532324.zip[Setup.exe] 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00532329.zip[Video.exe] 
Virus:Trj/Vb.TT Disinfected C:\RECYCLER\NPROTECT\00532330.zip[Track_03.exe]


----------



## JSntgRvr (Jul 1, 2003)

Hi, *stormie9870* 

Please *download* the *OTMoveIt by OldTimer*.

 *Save* it to your *desktop*.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. *

O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - (no file)
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)

*Now *close all windows and browsers, other than HiJackThis*, then click Fix Checked.

Close Hijackthis.

 Please double-click *OTMoveIt.exe* to run it.
*Copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy):

*C:\WINDOWS\System32\p2pnetworking.exe*

 Return to OTMoveIt, right click on the *"Paste List of Files/Folders to be moved"* window and choose *Paste*.
Click the red *Moveit!* button.
*If able, copy everything on the Results window to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it on a note pad document. Save it on the desktop and post its contents in your next reply.

Close *OTMoveIt*
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

Please *Download NoLop* to your desktop from one of the links below...
Link 1
Link 2
Link 3
First close any other programs you have running as this will require a reboot
Double click *NoLop.exe *to run it
Now click the button labelled "*Search and Destroy*"
*<<your computer will now be scanned for infected files>>*
 When scanning is finished you will be prompted to reboot only if infected, Click OK
 Now click the "*REBOOT*" Button.
 A Message should popup from *NoLop.* If not, double click the program again and it will finish Please Post the contents of *C:\NoLop.log* in your next reply.
* --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.* --

Click *here* to download WinPFind.

Right Click the Zip Folder and Select "Extract All" 
Extract it somewhere you will remember like the Desktop 
Dont do anything with it yet!

*Reboot into Safe Mode*

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.


Double click WinPFind.exe 
Click "Start Scan" 
It will scan the entire System, so please be patient! 
Once the Scan is Complete, *restart the computer back in Normal Mode.* 
Go to the WinPFind folder 
Locate *WinPFind.txt *
Place those results in the next reply.


----------



## stormie9870 (Mar 25, 2007)

hi JSntgRvr.

reports on scans as follows i have included HJT scan aswell.

OTMoveIt

File/Folder C:\WINDOWS\System32\p2pnetworking.exe not found.

Created on 03/26/2007 20:12:29

NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\me\Desktop
[26/03/2007]
[20:17:26]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A44202C1902DB525.job

Beginning Removal...
Rebooting...
C:\WINDOWS\tasks\A44202C1902DB525.job
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Kontiki
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Nvidia
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Prism
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\The Ping Rect Option
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Lisa\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Lisa\Application Data\Ideazon
C:\Documents and Settings\Lisa\Application Data\Identities
C:\Documents and Settings\Lisa\Application Data\Macromedia
C:\Documents and Settings\Lisa\Application Data\Microsoft
C:\Documents and Settings\Lisa\Application Data\Real
C:\Documents and Settings\Lisa\Application Data\Template
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Me\Application Data\Adobe
C:\Documents and Settings\Me\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Me\Application Data\Apple Computer
C:\Documents and Settings\Me\Application Data\Bittorrent
C:\Documents and Settings\Me\Application Data\Command & Conquer 3 Tiberium Wars Demo
C:\Documents and Settings\Me\Application Data\Firaxis Games
C:\Documents and Settings\Me\Application Data\Google
C:\Documents and Settings\Me\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Me\Application Data\Ideazon
C:\Documents and Settings\Me\Application Data\Identities
C:\Documents and Settings\Me\Application Data\Installshield Installation Information
C:\Documents and Settings\Me\Application Data\Lionhead Studios
C:\Documents and Settings\Me\Application Data\Macromedia
C:\Documents and Settings\Me\Application Data\Microsoft
C:\Documents and Settings\Me\Application Data\Microsoft Games
C:\Documents and Settings\Me\Application Data\My Games
C:\Documents and Settings\Me\Application Data\Real
C:\Documents and Settings\Me\Application Data\Sun
C:\Documents and Settings\Me\Application Data\Symantec
C:\Documents and Settings\Me\Application Data\Teamspeak2
C:\Documents and Settings\Me\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\Me\Application Data\Template
C:\Documents and Settings\Me\Application Data\Uniblue
C:\Documents and Settings\Me\Application Data\Versiontracker Pro
C:\Documents and Settings\Me\Application Data\Yahoo!
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Symantec

Logfile of HijackThis v1.99.1
Scan saved at 21:29:54, on 26/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.orangehome.co.uk:8080;ftp=http://www-cache.orangehome.co.uk:8080
O2 - BHO: XBTP01629 - {1B728C8D-9F82-41FA-93CC-25445F51FC70} - C:\PROGRA~1\AUCTIO~1.UKT\AUCTIO~1.DLL
O2 - BHO: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Orange - {4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - C:\PROGRA~1\orange3\orange3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: auction-typos.co.uk Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\auction-typos.co.uk Toolbar\auction-typos.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: orange search - file://C:\Program Files\ORANGE3\Cache\SelectedContextSearch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: auction-typos.co.uk Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\auction-typos.co.uk Toolbar\auction-typos.dll
O9 - Extra 'Tools' menuitem: auction-typos.co.uk Toolbar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\auction-typos.co.uk Toolbar\auction-typos.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775F} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlabsli.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


----------



## stormie9870 (Mar 25, 2007)

WinPFind logfile created on: 26/03/2007 21:07:38
WinPFind by OldTimer - v2.0.2	Folder = C:\Documents and Settings\me\Desktop\WinPFind\

»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 7.0.5730.11

»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

522224 Kb Total Physical Memory | 378316 Kb Available Physical Memory | 72.44% Memory free
2839604 Kb Paging File | 2772288 Kb Available in Paging File | 97.63% Paging File free
Paging file location: C:\pagefile.sys 0 0
Paging file location: F:\pagefile.sys 0 0
Paging file location: G:\pagefile.sys 0 0

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78172256 Kb Total Space | 31087428 Kb Free Space | 39.77% Space Free
Drive D: | 3435774 Kb Total Space | 0 Kb Free Space | 0.00% Space Free
Drive E: | 42854 Kb Total Space | 0 Kb Free Space | 0.00% Space Free
Drive F: | 80413324 Kb Total Space | 66790152 Kb Free Space | 83.06% Space Free

»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

C:\Documents and Settings\me\Desktop\WinPFind\WinPFind.exe (OldTimer Tools)
C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)

(CCALib8) Canon Camera Access Library 8 [Win32_Own | Disabled | Stopped]
= C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Stopped]
= C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

(ccPwdSvc) Symantec Password Validation Service [Win32_Own | Disabled | Stopped]
= C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | Auto | Running]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

(gusvc) Google Updater Service [Win32_Own | Disabled | Stopped]
= C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

(IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped]
= C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)

(KService) KService [Win32_Own | Disabled | Stopped]
= C:\Program Files\Kontiki\KService.exe (File not found)

(LexBceS) LexBce Server [Win32_Own | Auto | Stopped]
= C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)

(navapsvc) Norton AntiVirus Auto Protect Service [Win32_Own | Auto | Stopped]
= C:\Program Files\Norton AntiVirus\Navapsvc.exe (Symantec Corporation)

(NProtectService) Norton Unerase Protection [Win32_Own | Auto | Stopped]
= C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (Symantec Corporation)

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped]
= C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

(SBService) ScriptBlocking Service [Win32_Own | Disabled | Stopped]
= C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe (Symantec Corporation)

(StarWindService) StarWind iSCSI Service [Win32_Own | Auto | Stopped]
= C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)

»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
!AVG Anti-Spyware = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
Advanced Tools Check = C:\Program Files\Norton AntiVirus\AdvTools\AdvChk.exe (Symantec Corporation)
ccApp = C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
ccRegVfy = C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe (Symantec Corporation)
KernelFaultCheck = umprep 0 (File not found)
NvCplDaemon = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
NvMediaCenter = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
nwiz = C:\WINDOWS\system32\nwiz.exe ()
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe (Sun Microsystems, Inc.)
TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
BitTorrent = C:\Program Files\BitTorrent\bittorrent.exe ()
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1

< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

< User Startup Folder = C:\Documents and Settings\me\Start Menu\Programs\Startup >
C:\Documents and Settings\me\Start Menu\Programs\Startup\desktop.ini ()

>>>>> MsConfig Disabled Items <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
RemoteRegistry = 3
RemoteAccess = 2
RasMan = 2
RasAuto = 2
iPod Service = 3
ImapiService = 2
IDriverT = 3
gusvc = 3
clr_optimization_v2.0.50727_32 = 3
ClipSrv = 3
ccPwdSvc = 2
CCALib8 = 3
Browser = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
system.ini = 0
win.ini = 0
bootini = 0
services = 2
startup = 0

>>>>> Disabled Startup Folder Items <<<<<

>>>>> File Associations <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.html [@ = htmlfile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found

>>>>> Registry Shell Spawning <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -> "%1" %* (File not found)

cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)

exefile [open] -> "%1" %* (File not found)

htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -> "%1" %* (File not found)

regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> Reg Data - Key not found
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

scrfile [config] -> "%1" (File not found)
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)

txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)

Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

>>>>> ActiveX StubPath settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
StubPath = C:\WINDOWS\system32\ieudinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{97BFB627-6E7B-492A-8B95-61754BAAB54D}]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

>>>>> WOW Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386


----------



## stormie9870 (Mar 25, 2007)

>>>>> SafeBoot Option Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = AVG Anti-Spyware 7.5 ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.) )

>>>>> Security Providers <<<<<

>>>>> Winlogon Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
Control_RunDLL (File not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
DllName = Reg Data - Value does not exist (File not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Zboard]
DllName = C:\WINDOWS\system32\Winlognotif.dll ()

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
ZboardTray = C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption = 
legalnoticetext = 
shutdownwithoutlogon = 1
undockwithoutlogon = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = ( 255 0 0 0 ) - ÿ

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
DisableRegistryTools = 0

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home

>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 4149 bytes | Modified Date: 24/02/2007 01:09:30)
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
127.0.0.1 mpa.one.microsoft.com

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://www.google.com
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Local Page = %SystemRoot%\system32\blank.htm
Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Start Page = http://www.google.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Default_Search_URL = http://www.google.com/ie
SearchAssistant = http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.google.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
SearchAssistant = http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0
ProxyOverride = <local>

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B728C8D-9F82-41FA-93CC-25445F51FC70}]
- XBTP01629 Class ( HKLM = C:\Program Files\auction-typos.co.uk Toolbar\auction-typos.dll () )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A1FB-F862B587B57D}]
- Orange ( HKLM = C:\Program Files\orange3\orange3.dll () )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
- ( HKLM = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
- CNavExtBho Class ( HKLM = C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation) )

>>>>> Bars, Toolbars and Extensions <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{51085E3D-A958-42A2-A6BE-A6A9B0BAF276}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google ( HKLM = c:\program files\Google\googletoolbar2.dll (Google Inc.) ) 
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus ( HKLM = C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation) ) 
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - Orange ( HKLM = C:\Program Files\orange3\orange3.dll () ) 
{B7D3E479-CC68-42B5-A338-938ECE35F419} - auction-typos.co.uk Toolbar ( HKLM = C:\Program Files\auction-typos.co.uk Toolbar\auction-typos.dll () )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\ShellBrowser]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus ( HKLM = C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google ( HKLM = c:\program files\Google\googletoolbar2.dll (Google Inc.) ) 
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus ( HKLM = C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation) ) 
{4E7BD74F-2B8D-469E-A1FB-F862B587B57D} - Orange ( HKLM = C:\Program Files\orange3\orange3.dll () ) 
{4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - Orange ( HKLM = Reg Data - Key not found (File not found) ) 
{B7D3E479-CC68-42B5-A338-938ECE35F419} - auction-typos.co.uk Toolbar ( HKLM = C:\Program Files\auction-typos.co.uk Toolbar\auction-typos.dll () ) 
{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - Alcohol Toolbar ( HKLM = C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll () ) 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) ) 
{B7D3E479-CC68-42B5-A338-938ECE35F419} = 8193 - auction-typos.co.uk Toolbar ( HKLM = C:\Program Files\auction-typos.co.uk Toolbar\auction-typos.dll () ) 
NextId = 8194

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}]
ButtonText = Research

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7D3E479-CC68-42B5-A338-938ECE35F419}]
ButtonText = auction-typos.co.uk Toolbar
MenuText = auction-typos.co.uk Toolbar
ClsidExtension = {B7D3E479-CC68-42B5-A338-938ECE35F419} - auction-typos.co.uk Toolbar ( HKLM C:\Program Files\auction-typos.co.uk Toolbar\auction-typos.dll () )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel]
@ = 000 (File not found)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\orange search]
@ = C:\Program Files\orange3\Cache\SelectedContextSearch.htm ()

>>>>> Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) ) 
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) ) 
{1CDB2949-8F65-4355-8456-263E7C208A5D} = Desktop Explorer ( HKLM = C:\WINDOWS\system32\nvshell.dll () ) 
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} = Desktop Explorer Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () ) 
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} = nView Desktop Context Menu ( HKLM = C:\WINDOWS\system32\nvshell.dll () ) 
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} = My Labtec Pictures ( HKLM = C:\Program Files\Logitech\Video\Namespc2.dll (Labtec Inc.) ) 
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! ) 
{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) ) 
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! ) 
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) ) 
{A70C977A-BF00-412C-90B7-034C51DA2439} = DesktopContext Class ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) ) 
{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} = Haali Matroska Thumbnail Exctractor ( CLSID not found! ) 
{FFB699E0-306A-11d3-8BD1-00104B6F7516} = NVIDIA CPL Extension ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@ = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} ( HKLM = C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\00nView]
@ = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} ( HKLM = C:\WINDOWS\system32\nvshell.dll () )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\NvCplDesktopContext]
@ = {A70C977A-BF00-412C-90B7-034C51DA2439} ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
@ = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} ( HKLM = C:\Program Files\Norton AntiVirus\NAVShExt.dll (Symantec Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0561EC90-CE54-4f0c-9C55-E226110A740C}]
- Haali Column Provider ( HKLM = C:\Program Files\The FilmMachine\Filters\mmfinfo.dll () )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- PDF Shell Extension ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )

>>>>> User Agent Post Platform <<<<<

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4A5863D1-5B9F-4B7B-B57B-C00D17D10D97}]
DefaultGateway = 
DisableDynamicUpdate = 0
Domain = 
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer = 
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{614FF3F4-9F2A-46C6-AF9F-45DD91FC2BD2}] ( Realtek RTL8139/810x Family Fast Ethernet NIC )
DefaultGateway = 
DhcpDefaultGateway = 192.168.1.1;
DhcpIPAddress = 192.168.1.174
DhcpNameServer = 192.168.1.1
DhcpServer = 192.168.1.1
DhcpSubnetMask = 255.255.255.0
DisableDynamicUpdate = 0
Domain = 
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer = 
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A24175A8-F0D1-4DD2-8900-84E2970FEA8E}] ( BT Voyager 220V USB Remote NDIS Device )
DefaultGateway = 
DhcpServer = 255.255.255.255
Domain = 
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer = 
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D78E15DE-7F9B-4C13-BCAC-11D8344BA2DF}] ( 2Wire 802.11g USB Wireless LAN Card )
DefaultGateway = 
DhcpIPAddress = 169.254.222.113
DhcpServer = 255.255.255.255
DhcpSubnetMask = 255.255.0.0
Domain = 
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 169.254.222.113
NameServer = 
SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Protocol Handlers <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc]
CLSID = {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - ( HKLM C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) )

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\DownloadInformation]
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204
INF = C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\DownloadInformation]
CODEBASE = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
INF = C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\DownloadInformation]
CODEBASE = http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
INF = C:\WINDOWS\Downloaded Program Files\MSNPupld.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation]
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
INF = C:\WINDOWS\Downloaded Program Files\asinst.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A90A5822-F108-45AD-8482-9BC8B12DD539}\DownloadInformation]
CODEBASE = http://www.crucial.com/controls/cpcScanner.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BE833F39-1E0C-468C-BA70-25AAEE55775F}\DownloadInformation]
CODEBASE = http://www.systemrequirementslab.com/sysreqlabsli.cab
OSD = C:\WINDOWS\Downloaded Program Files\sysreqlab.osd

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


----------



## stormie9870 (Mar 25, 2007)

»»»»»»»»»»»»»»»»»»»» Files Created Within 30 Days »»»»»»»»»»»»»

C:\Documents and Settings\me\Application Data\Gangsters2Setup.lnk [Ver = | Size = 259 bytes | Created Date = 17/03/2007 20:38:26 | Attr = ]
C:\Documents and Settings\me\My Documents\EDUCATION.doc [Ver = | Size = 27136 bytes | Created Date = 24/03/2007 12:07:17 | Attr = ]
C:\Documents and Settings\me\My Documents\Error.doc [Ver = | Size = 24064 bytes | Created Date = 07/03/2007 00:57:43 | Attr = ]
C:\Documents and Settings\me\My Documents\Miss Holly Cooke.doc [Ver = | Size = 24576 bytes | Created Date = 24/03/2007 11:33:25 | Attr = ]
C:\Documents and Settings\me\My Documents\My name is Lisa Jayne Cooke.doc [Ver = | Size = 24576 bytes | Created Date = 07/03/2007 00:52:49 | Attr = ]
C:\Documents and Settings\me\My Documents\My Sharing Folders.lnk [Ver = | Size = 571 bytes | Created Date = 13/03/2007 20:09:04 | Attr = ]
C:\Documents and Settings\me\My Documents\Picture 001.jpg [Ver = | Size = 162997 bytes | Created Date = 09/03/2007 14:53:43 | Attr = ]
C:\Documents and Settings\me\My Documents\Picture 002.jpg [Ver = | Size = 87743 bytes | Created Date = 09/03/2007 14:53:51 | Attr = ]
C:\Documents and Settings\me\My Documents\profile.doc [Ver = | Size = 19968 bytes | Created Date = 07/03/2007 01:01:34 | Attr = ]
C:\Documents and Settings\me\My Documents\UNIT H37.doc [Ver = | Size = 36352 bytes | Created Date = 07/03/2007 00:29:39 | Attr = ]
C:\Documents and Settings\me\My Documents\UNIT H5 oral questions.doc [Ver = | Size = 28160 bytes | Created Date = 06/03/2007 22:44:46 | Attr = ]
C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk [Ver = | Size = 849 bytes | Created Date = 25/03/2007 23:28:54 | Attr = ]
C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk [Ver = | Size = 706 bytes | Created Date = 23/03/2007 11:41:07 | Attr = ]
C:\Documents and Settings\All Users\Desktop\Freelancer.lnk [Ver = | Size = 1846 bytes | Created Date = 17/03/2007 13:42:01 | Attr = ]
C:\Documents and Settings\All Users\Desktop\Gangsters 2.lnk [Ver = | Size = 688 bytes | Created Date = 17/03/2007 20:43:00 | Attr = ]
C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk [Ver = | Size = 1736 bytes | Created Date = 13/03/2007 20:05:12 | Attr = ]
C:\Documents and Settings\me\Desktop\ATF-Cleaner.exe Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 25/03/2007 23:24:18 | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\ATF-Cleaner.exe:Zone.Identifier (26 bytes)
C:\Documents and Settings\me\Desktop\avgas-setup-7.5.0.50.exe [Ver = | Size = 6469352 bytes | Created Date = 25/03/2007 23:27:43 | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\avgas-setup-7.5.0.50.exe:Zone.Identifier (26 bytes)
C:\Documents and Settings\me\Desktop\bfu.zip [Ver = | Size = 62862 bytes | Created Date = 25/03/2007 23:10:27 | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\bfu.zip:Zone.Identifier (26 bytes)
C:\Documents and Settings\me\Desktop\Hitman Pro.lnk [Ver = | Size = 1580 bytes | Created Date = 26/02/2007 09:47:05 | Attr = ]
C:\Documents and Settings\me\Desktop\NoLop.exe PunkTools [Ver = 3.00.0052 | Size = 40448 bytes | Created Date = 26/03/2007 19:15:37 | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\NoLop.exe:Zone.Identifier (26 bytes)
C:\Documents and Settings\me\Desktop\OTMoveIt.exe OldTimer Tools [Ver = 1.0.9.0 | Size = 208896 bytes | Created Date = 26/03/2007 19:07:24 | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\OTMoveIt.exe:Zone.Identifier (26 bytes)
C:\Documents and Settings\me\Desktop\Pk3 Manager.exe Caskami [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Created Date = 04/03/2007 21:54:18 | Attr = ]
C:\Documents and Settings\me\Desktop\Shortcut to RT2_PLAT.EXE.lnk [Ver = | Size = 727 bytes | Created Date = 20/03/2007 00:19:42 | Attr = ]
C:\Documents and Settings\me\Desktop\WinCleaner OneClick CleanUp.lnk [Ver = | Size = 485 bytes | Created Date = 17/03/2007 19:35:25 | Attr = ]
C:\Documents and Settings\me\Desktop\winpfind.exe [Ver = | Size = 264211 bytes | Created Date = 26/03/2007 19:37:23 | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\winpfind.exe:Zone.Identifier (26 bytes)
C:\WINDOWS\DfrgUIEx.INI [Ver = | Size = 26 bytes | Created Date = 19/03/2007 18:06:13 | Attr = ]
C:\WINDOWS\System32\asuninst.exe Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 26/03/2007 09:55:10 | Attr = ]
C:\WINDOWS\System32\BASSMOD.dll [Ver = | Size = 14848 bytes | Created Date = 20/03/2007 00:17:09 | Attr = ]
C:\WINDOWS\System32\CmdLineExt03.dll [Ver = | Size = 43520 bytes | Created Date = 27/02/2007 17:44:09 | Attr = ]
C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Created Date = 26/03/2007 09:54:34 | Attr = ]
C:\WINDOWS\System32\lfbmp13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 57344 bytes | Created Date = 09/03/2007 14:47:55 | Attr = ]
C:\WINDOWS\System32\lfcmp13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 401408 bytes | Created Date = 09/03/2007 14:47:55 | Attr = ]
C:\WINDOWS\System32\lfgif13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 69632 bytes | Created Date = 09/03/2007 14:47:57 | Attr = ]
C:\WINDOWS\System32\ltdis13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 299008 bytes | Created Date = 09/03/2007 14:47:55 | Attr = ]
C:\WINDOWS\System32\ltefx13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.068 | Size = 206336 bytes | Created Date = 09/03/2007 14:47:55 | Attr = ]
C:\WINDOWS\System32\ltfil13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 163840 bytes | Created Date = 09/03/2007 14:47:55 | Attr = ]
C:\WINDOWS\System32\ltimg13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 450560 bytes | Created Date = 09/03/2007 14:47:55 | Attr = ]
C:\WINDOWS\System32\ltkrn13n.dll LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 462848 bytes | Created Date = 09/03/2007 14:47:55 | Attr = ]
C:\WINDOWS\System32\pavas.ico [Ver = | Size = 30590 bytes | Created Date = 26/03/2007 09:54:33 | Attr = ]
C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Created Date = 26/03/2007 09:54:34 | Attr = ]
C:\WINDOWS\System32\vbzip10.dll Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Created Date = 25/03/2007 16:48:31 | Attr = ]
C:\WINDOWS\System32\ZPORT4AS.dll [Ver = | Size = 11776 bytes | Created Date = 26/03/2007 09:55:10 | Attr = ]
C:\WINDOWS\System32\drivers\AvgAsCln.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 25/03/2007 23:28:50 | Attr = ]

»»»»»»»»»»»»»»»»»»»» Files Modified Within 30 Days »»»»»»»»»»»»»

C:\Documents and Settings\me\Application Data\Gangsters2Setup.lnk [Ver = | Size = 259 bytes | Modified Date = 17/03/2007 21:38:34 | Attr = ]
C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 45568 bytes | Modified Date = 25/03/2007 18:25:40 | Attr = ]
C:\Documents and Settings\me\Local Settings\Application Data\IconCache.db [Ver = | Size = 3235920 bytes | Modified Date = 23/03/2007 15:22:36 | Attr = H ]
C:\Documents and Settings\me\My Documents\EDUCATION.doc [Ver = | Size = 27136 bytes | Modified Date = 24/03/2007 13:07:18 | Attr = ]
C:\Documents and Settings\me\My Documents\Error.doc [Ver = | Size = 24064 bytes | Modified Date = 07/03/2007 01:57:44 | Attr = ]
C:\Documents and Settings\me\My Documents\Miss Holly Cooke.doc [Ver = | Size = 24576 bytes | Modified Date = 24/03/2007 12:33:28 | Attr = ]
C:\Documents and Settings\me\My Documents\My name is Lisa Jayne Cooke.doc [Ver = | Size = 24576 bytes | Modified Date = 07/03/2007 02:01:36 | Attr = ]
C:\Documents and Settings\me\My Documents\My Sharing Folders.lnk [Ver = | Size = 571 bytes | Modified Date = 25/03/2007 23:09:42 | Attr = ]
C:\Documents and Settings\me\My Documents\Picture 001.jpg [Ver = | Size = 162997 bytes | Modified Date = 09/03/2007 15:43:32 | Attr = ]
C:\Documents and Settings\me\My Documents\Picture 002.jpg [Ver = | Size = 87743 bytes | Modified Date = 09/03/2007 15:45:26 | Attr = ]
C:\Documents and Settings\me\My Documents\profile.doc [Ver = | Size = 19968 bytes | Modified Date = 07/03/2007 02:01:36 | Attr = ]
C:\Documents and Settings\me\My Documents\UNIT H37.doc [Ver = | Size = 36352 bytes | Modified Date = 07/03/2007 01:29:40 | Attr = ]
C:\Documents and Settings\me\My Documents\UNIT H5 oral questions.doc [Ver = | Size = 28160 bytes | Modified Date = 07/03/2007 01:37:28 | Attr = ]
C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk [Ver = | Size = 849 bytes | Modified Date = 26/03/2007 00:28:56 | Attr = ]
C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk [Ver = | Size = 706 bytes | Modified Date = 23/03/2007 12:41:08 | Attr = ]
C:\Documents and Settings\All Users\Desktop\Freelancer.lnk [Ver = | Size = 1846 bytes | Modified Date = 17/03/2007 14:42:04 | Attr = ]
C:\Documents and Settings\All Users\Desktop\Gangsters 2.lnk [Ver = | Size = 688 bytes | Modified Date = 17/03/2007 21:43:02 | Attr = ]
C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk [Ver = | Size = 1736 bytes | Modified Date = 13/03/2007 21:05:14 | Attr = ]
C:\Documents and Settings\me\Desktop\ATF-Cleaner.exe Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 26/03/2007 00:24:20 | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\ATF-Cleaner.exe:Zone.Identifier (26 bytes)
C:\Documents and Settings\me\Desktop\avgas-setup-7.5.0.50.exe [Ver = | Size = 6469352 bytes | Modified Date = 26/03/2007 00:27:52 | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\avgas-setup-7.5.0.50.exe:Zone.Identifier (26 bytes)
C:\Documents and Settings\me\Desktop\bfu.zip [Ver = | Size = 62862 bytes | Modified Date = 26/03/2007 00:10:32 | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\bfu.zip:Zone.Identifier (26 bytes)
C:\Documents and Settings\me\Desktop\Hitman Pro.lnk [Ver = | Size = 1580 bytes | Modified Date = 26/02/2007 10:47:06 | Attr = ]
C:\Documents and Settings\me\Desktop\NoLop.exe PunkTools [Ver = 3.00.0052 | Size = 40448 bytes | Modified Date = 26/03/2007 20:15:58 | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\NoLop.exe:Zone.Identifier (26 bytes)
C:\Documents and Settings\me\Desktop\OTMoveIt.exe OldTimer Tools [Ver = 1.0.9.0 | Size = 208896 bytes | Modified Date = 26/03/2007 20:07:26 | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\OTMoveIt.exe:Zone.Identifier (26 bytes)
C:\Documents and Settings\me\Desktop\Pk3 Manager.exe Caskami [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Modified Date = 04/03/2007 22:54:20 | Attr = ]
C:\Documents and Settings\me\Desktop\Shortcut to RT2_PLAT.EXE.lnk [Ver = | Size = 727 bytes | Modified Date = 20/03/2007 01:19:44 | Attr = ]
C:\Documents and Settings\me\Desktop\Spider Solitaire (2).lnk [Ver = | Size = 1490 bytes | Modified Date = 19/03/2007 10:02:00 | Attr = ]
C:\Documents and Settings\me\Desktop\WinCleaner OneClick CleanUp.lnk [Ver = | Size = 485 bytes | Modified Date = 17/03/2007 20:35:26 | Attr = ]
C:\Documents and Settings\me\Desktop\winpfind.exe [Ver = | Size = 264211 bytes | Modified Date = 26/03/2007 20:37:26 | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\winpfind.exe:Zone.Identifier (26 bytes)
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 26/03/2007 21:05:06 | Attr = S]
C:\WINDOWS\DfrgUIEx.INI [Ver = | Size = 26 bytes | Modified Date = 19/03/2007 23:52:04 | Attr = ]
C:\WINDOWS\imsins.BAK [Ver = | Size = 1374 bytes | Modified Date = 20/03/2007 00:15:40 | Attr = ]
C:\WINDOWS\LEXSTAT.INI [Ver = | Size = 639 bytes | Modified Date = 26/03/2007 00:25:22 | Attr = ]
C:\WINDOWS\nero.INI [Ver = | Size = 40 bytes | Modified Date = 05/03/2007 10:36:04 | Attr = ]
C:\WINDOWS\win.ini [Ver = | Size = 662 bytes | Modified Date = 26/03/2007 10:58:12 | Attr = ]
C:\WINDOWS\WMSysPr9.prx [Ver = | Size = 316640 bytes | Modified Date = 17/03/2007 14:32:26 | Attr = ]
C:\WINDOWS\System32\amcompat.tlb [Ver = | Size = 16832 bytes | Modified Date = 20/03/2007 00:15:36 | Attr = ]
C:\WINDOWS\System32\BASSMOD.dll [Ver = | Size = 14848 bytes | Modified Date = 20/03/2007 01:17:10 | Attr = ]
C:\WINDOWS\System32\CmdLineExt.dll Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Modified Date = 02/03/2007 16:43:50 | Attr = ]
C:\WINDOWS\System32\CmdLineExt03.dll [Ver = | Size = 43520 bytes | Modified Date = 17/03/2007 13:35:16 | Attr = ]
C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Modified Date = 26/03/2007 14:10:52 | Attr = ]
C:\WINDOWS\System32\nscompat.tlb [Ver = | Size = 23392 bytes | Modified Date = 20/03/2007 00:15:36 | Attr = ]
C:\WINDOWS\System32\nvapps.xml [Ver = | Size = 87808 bytes | Modified Date = 26/03/2007 21:00:42 | Attr = ]
C:\WINDOWS\System32\pavas.ico [Ver = | Size = 30590 bytes | Modified Date = 26/03/2007 14:10:50 | Attr = ]
C:\WINDOWS\System32\PCRCVersion.ini [Ver = | Size = 50 bytes | Modified Date = 17/03/2007 19:56:36 | Attr = ]
C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 58800 bytes | Modified Date = 25/03/2007 10:55:04 | Attr = ]
C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 392626 bytes | Modified Date = 25/03/2007 10:55:04 | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 458340 bytes | Modified Date = 25/03/2007 10:55:04 | Attr = ]
C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Modified Date = 26/03/2007 14:10:54 | Attr = ]
C:\WINDOWS\System32\vbzip10.dll Info-ZIP [Ver = 2.3 | Size = 147456 bytes | Modified Date = 25/03/2007 17:48:32 | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 2262 bytes | Modified Date = 22/03/2007 18:26:38 | Attr = ]

»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\ATF-Cleaner.exe:Zone.Identifier (26 bytes)
[UPX! , UPX0 , ]C:\Documents and Settings\me\Desktop\ATF-Cleaner.exe (Atribune.org)
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\avgas-setup-7.5.0.50.exe:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\bfu.zip:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\NoLop.exe:Zone.Identifier (26 bytes)
[UPX! , UPX0 , ]C:\Documents and Settings\me\Desktop\NoLop.exe (PunkTools)
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\orange.ins:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\OTMoveIt.exe:Zone.Identifier (26 bytes)
[PEC2 , PECompact2 , ]C:\Documents and Settings\me\Desktop\OTMoveIt.exe (OldTimer Tools)
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\Thumbs.db:encryptable (0 bytes)
@Alternate Data Stream - C:\Documents and Settings\me\Desktop\winpfind.exe:Zone.Identifier (26 bytes)
@Alternate Data Stream - C:\WINDOWS\Thumbs.db:encryptable (0 bytes)
[WSUD , ]C:\WINDOWS\System32\alsndmgr.cpl (Realtek Semiconductor Corp.)
[UPX! , UPX0 , ]C:\WINDOWS\System32\avisynth.dll (The Public)
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[PEC2 , PECompact2 , ]C:\WINDOWS\System32\DivX.dll (DivXNetworks)
[UPX! , UPX0 , ]C:\WINDOWS\System32\MemWarp.dll ()
[Umonitor , ]C:\WINDOWS\System32\MemWarp.ocx (Aluria Software)
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[UPX0 , WSUD , ]C:\WINDOWS\System32\dllcache\hwxjpn.dll ()

< End of report >


----------



## JSntgRvr (Jul 1, 2003)

Hi, *stormie9870* 

Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application. *Beware it is NOT supported for use in 9x or ME and probably will not install in those systems*

*Ugrading Java*: 

Download the latest version of *Java Runtime Environment (JRE) 6*.
Scroll down to where it says "*The J2SE Runtime Environment (JRE) allows end-users to run Java applications*".
Click the "*Download*" button to the right.
Check the box that says: "*Accept License Agreement*".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.
*How is the computer doing?*


----------



## stormie9870 (Mar 25, 2007)

hi JSntgRvr

the computer seems to be ok now thanks i can now use task manager and it has gotten more like normal online

thanks for all your help

stormie


----------



## JSntgRvr (Jul 1, 2003)

Hi, *stormie9870*. 

Congratulations.









Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

*Create a Restore point*:

Click *Start*, point to *All Programs*, point to *Accessories*, point to *System Tools*, and then click *System Restore*.
In the System Restore dialog box, click *Create a restore point*, and then click *Next*. 
Type a description for your restore point, such as "After Cleanup", then click *Create*.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
*Spybot Search & Destroy *- Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

*AdAware* - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

*SpywareGuard* - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

*IE-SpyAd* - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

*CleanUP*! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

Windows Updates - It is *very important* to make sure that both Internet Explorer and Windows are kept current with *the latest critical security patches* from Microsoft. To do this just start *Internet Explorer* and select *Tools > Windows Update*, and follow the online instructions from there.

*Google Toolbar* - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

*Trillian* or *Miranda-IM* - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read *this* article by Tony Klein.

Click *Here* for some advise from our security Experts.

Please use the thread's Tools and mark this thread as "*Solved*".

Best wishes!


----------

