Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Spam pops up when I Google search.
-
06-12-2007 9:15pmWhen I google for something official I keep on getting spam popping up. is there any good filter to stop this? is it a virus?0
Comments
-
Run_to_da_hills wrote: »When I google for something official I keep on getting spam popping up. is there any good filter to stop this? is it a virus?0
-
It is more than likely a virus
CLICK HERE to download the HijackThis Installer:- Save HJTInstall.exe to your desktop.
- Double-click on HJTInstall.exe to run the program.
- By default it will install to C:\Program Files\Trend Micro\HijackThis.
- Accept the license agreement by clicking the "I Accept" button.
- Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
- Click "Save log" to save the log file and then the log will open in Notepad.
- Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
- Come back here to this thread and paste the log in your next reply.
- Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
0 -
Any chance somebody could give this a once over.. im having a spam/ad problem.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:20, on 06/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~2\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ie/0SEENIE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsp5.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~2\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Windows Live Messenger.lnk = C:\Program Files\MSN Messenger\msnmsgr.exe
O4 - Global Startup: Windows Live Messenger.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Yahoo! &Dictionary - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - [URL]file:///C:\Program[/URL] Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\VCPOKE~1\client.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Goal Poker - {A44CD331-D8D4-4caf-89D1-669C92C6737A} - C:\Documents and Settings\All Users\Start Menu\Programs\Goal Poker\Goal Poker.lnk
O9 - Extra 'Tools' menuitem: Goal Poker - {A44CD331-D8D4-4caf-89D1-669C92C6737A} - C:\Documents and Settings\All Users\Start Menu\Programs\Goal Poker\Goal Poker.lnk
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Gary\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129152270289
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133102793343
O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.solitaire.com/download/solitaire.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4635/mcfscan.cab
O16 - DPF: {F2D35D99-63B1-46D3-970C-6E22320D5DCB} (kSoloCntrlIE Class) - http://www.ksolo.com/playerBase/kSoloIEHDSD.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~2\goec62~1.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 14728 bytes0 -
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsp5.dll
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Please download OTMoveIt by OldTimer.- Save it to your desktop.
- Please double-click OTMoveIt.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\nsp5.dll - Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
- Click the red Moveit! button.
- Close OTMoveIt
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.
Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")
Click "Exit" to close OTMoveIt.
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.- Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
- Under Additional Scans on the bottom right, check the boxes for Reg - Disabled MS Config Items.
- Now click the Run Scan button on the toolbar.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Make sure you attach the report in your reply.0 -
ok the OT thing couldnt move/copy the items. I ran the winpfind3u and here is the details.
WinPFind3 logfile created on: 06/12/2007 23:25:36
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\Gary\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)
1023.29 Mb Total Physical Memory | 584.56 Mb Available Physical Memory | 57.13% Memory free
2.86 Gb Paging File | 2.54 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 11.86 Gb Free Space | 5.09% Space Free
Unable to calculate disk information.
Drive E: | 526.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded
Computer Name: BYRNE
Current User Name: Gary
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 29/10/2007 13:27:04 | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 25/10/2007 19:51:08 | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.494 | Size = 406528 bytes | Modified Date = 25/10/2007 19:51:08 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 20/11/2006 22:07:20 | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 17:01:00 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 01/06/2007 15:12:44 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 00:11:36 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7189 | Size = 127043 bytes | Modified Date = 01/04/2005 15:16:00 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 08/04/2006 14:40:40 | Attr = ]
sagent2.exe -> %CommonProgramFiles%\EPSON\eEBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 3, 0, 0 | Size = 94208 bytes | Modified Date = 17/07/2002 02:03:00 | Attr = ]
servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 83, 78, 3 | Size = 292864 bytes | Modified Date = 26/03/2007 12:06:24 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 21/11/2007 09:19:46 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 29/10/2007 13:27:04 | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 12/10/2006 16:06:32 | Attr = ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 06/09/2007 12:28:18 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 25/10/2007 19:51:08 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 20/11/2006 22:07:20 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.494 | Size = 406528 bytes | Modified Date = 25/10/2007 19:51:08 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28/02/2006 11:42:38 | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 17:01:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 07:56:48 | Attr = ]
(EPSONStatusAgent2) EPSON Printer Status Agent2 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\EPSON\eEBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 3, 0, 0 | Size = 94208 bytes | Modified Date = 17/07/2002 02:03:00 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 14/09/2007 12:06:32 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 01/02/2007 16:54:30 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 14/11/2005 01:06:04 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 26/09/2007 13:41:56 | Attr = ]
(KService) KService [Win32_Own | Auto | Stopped] -> %ProgramFiles%\KService\KService.exe -> Kontiki Inc. [Ver = 4.21.51215.0 | Size = 2007040 bytes | Modified Date = 07/08/2006 14:39:36 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7189 | Size = 127043 bytes | Modified Date = 01/04/2005 15:16:00 | Attr = ]
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 83, 78, 3 | Size = 292864 bytes | Modified Date = 26/03/2007 12:06:24 | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 05/04/2005 10:17:22 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 19:51:56 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.7189 | Size = 5562368 bytes | Modified Date = 01/04/2005 15:16:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 29/06/2007 05:24:52 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 00:11:36 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 08/04/2006 14:40:40 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 01/06/2007 15:12:44 | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30/08/2007 17:43:18 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Windows Live Messenger.lnk -> -> File not found
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
interceptor.dll -> interceptor.dll -> File not found
c:\progra~1\google\google~2\goec62~1.dll -> %SystemDrive%\progra~1\google\google~2\goec62~1.dll -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoActiveDesktopChanges -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoDeletingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoEditingComponents -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoHTMLWallPaper -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://uk.yahoo.com ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://uk.yahoo.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: SearchAssistant -> http://search.bearshare.com/sidebar.html?src=ssb ->
HKCU: Search Bar -> http://search.bearshare.com/sidebar.html?src=ssb ->
HKCU: Search Page -> http://search.bearshare.com/sidebar.html?src=ssb ->
HKCU: Start Page -> http://www.yahoo.ie/ ->
HKCU: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKCU: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 | Attr = ]
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> local ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 22:08:42 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 00:04:00 | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 31/10/2006 15:29:16 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 00:11:34 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 01/06/2007 15:12:44 | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 12, 13, 1 | Size = 325184 bytes | Modified Date = 14/12/2005 15:29:40 | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{315108E4-E3AF-460F-B264-F2ACC9E1ACEB} [HKLM] -> %System32%\adssite_sidebar.dll [SE Sidebar] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 12, 13, 1 | Size = 325184 bytes | Modified Date = 14/12/2005 15:29:40 | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{07AA283A-43D7-4CBE-A064-32A21112D94D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 19/01/2007 23:55:32 | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 00:11:34 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 00:11:34 | Attr = ]
{40B2063F-DB01-4962-BE63-59435C01283C} -> %SystemDrive%\PROGRA~1\VCPOKE~1\client.exe [ButtonText: VC Poker] -> File not found
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
{A44CD331-D8D4-4caf-89D1-669C92C6737A} -> %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Goal Poker\Goal Poker.lnk [ButtonText: Goal Poker] -> [Ver = | Size = 718 bytes | Modified Date = 09/06/2006 13:39:10 | Attr = ]
{d9288080-1baa-4bc4-9cf8-a92d743db949} -> %SystemDrive%\Documents and Settings\Gary\Start Menu\Programs\IMVU\Run IMVU.lnk [ButtonText: Run IMVU] -> [Ver = | Size = 1540 bytes | Modified Date = 28/11/2007 23:56:40 | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll\RCSearch.htm -> File not found
&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 03/06/2005 18:07:38 | Attr = ]
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 03/06/2005 18:07:16 | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 03/06/2005 18:07:44 | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 01/08/2005 17:43:00 | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{042B0DBF-78C6-42D5-A3D5-623188A2B29E} -> () ->
{13746575-C8C7-4AFF-BF85-B0E75C284505} -> (1394 Net Adapter) ->
{5133FA4C-5DC2-4DA9-B7CC-76C121101260} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{5B34A3B4-54E3-44D9-AB47-238DDD92AE4D} -> (USB Cable Modem 351000) ->
{EF6AD405-5090-4797-A784-A0F6B313D530} -> (USB Cable Modem 351000) ->
{F7F28E25-F335-440B-88A1-3A6B2AB6E718} -> (USB Cable Modem 351000) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 28/02/2006 11:42:30 | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
bwfile-8876480 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 28/03/2007 15:55:10 | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{00B71CFB-6864-4346-A978-C0A14556272C} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} -> HouseCall Control - CodeBase = http://housecall60.trendmicro.com/housecall/xscan60.cab ->
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> Creative Software AutoUpdate - CodeBase = http://www.creative.com/su/ocx/15026/CTSUEng.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?LinkID=39204 ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab ->
{2917297F-F02B-4B9D-81DF-494B6333150B} -> Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> Installation Support - CodeBase = C:\Program Files\Yahoo!\Common\Yinsthelper.dll ->
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab ->
{3451DEDE-631F-421C-8127-FD793AFC6CC8} -> ActiveDataInfo Class - CodeBase = https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab ->
{44990200-3C9D-426D-81DF-AAB636FA4345} -> Symantec SmartIssue - CodeBase = https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab ->
{44990301-3C9D-426D-81DF-AAB636FA4345} -> Symantec Script Runner Class - CodeBase = https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab ->
{4B48D5DF-9021-45F7-A240-60304302A215} -> Malicious Software Removal Tool - CodeBase = http://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab ->
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> Facebook Photo Uploader 4 Control - CodeBase = http://upload.facebook.com/controls/FacebookPhotoUploader3.cab ->
{5D6F45B3-9043-443D-A792-115447494D24} -> UnoCtrl Class - CodeBase = http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129152270289 ->
{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133102793343 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{8B6193F1-837F-11D4-89E6-0050DA666184} -> Sol2axctl Class - CodeBase = http://download.solitaire.com/download/solitaire.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38927.6502083333 ->
{A90A5822-F108-45AD-8482-9BC8B12DD539} -> Crucial cpcScan - CodeBase = http://www.crucial.com/controls/cpcScanner.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab ->
{C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} -> Virtools WebPlayer Class - CodeBase = http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_07 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab ->
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ->
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -> Virtools WebPlayer Class - CodeBase = http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4635/mcfscan.cab ->
{F2D35D99-63B1-46D3-970C-6E22320D5DCB} -> kSoloCntrlIE Class - CodeBase = http://www.ksolo.com/playerBase/kSoloIEHDSD.cab ->
{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> Creative Software AutoUpdate Support Package - CodeBase = http://www.creative.com/su/ocx/15028/CTPID.cab ->
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
Bonjour Service -> ->
iPod Service -> ->
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk -> Reg Data - Value does not exist -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk -> Reg Data - Value does not exist -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk -> Reg Data - Value does not exist -> File not found
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe -> Logitech [Ver = 2.52.21 | Size = 226832 bytes | Modified Date = 28/03/2007 13:47:32 | Attr = ]
C:^Documents and Settings^Brian^Start Menu^Programs^Startup^Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 18:16:50 | Attr = ]
C:^Documents and Settings^Gary^Start Menu^Programs^Startup^BitTorrent.lnk -> %SystemDrive%\PROGRA~1\BITTOR~1\BITTOR~1.EXE -> File not found
C:^Documents and Settings^Stuart^Start Menu^Programs^Startup^Magic Holdem.lnk -> %ProgramFiles%\Magic Holdem\MagicHoldem.exe -> MagicHoldem Technologies Private Limited [Ver = 1.00.1190 | Size = 966719 bytes | Modified Date = 13/09/2007 14:56:40 | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 19:51:56 | Attr = ]
AlcWzrd -> %SystemRoot%\ALCWZRD.EXE -> RealTek Semicoductor Corp. [Ver = 1.1.0.27 | Size = 2807808 bytes | Modified Date = 21/09/2005 14:32:56 | Attr = ]
avast! -> Reg Data - Value does not exist -> File not found
BDMCon -> Reg Data - Value does not exist -> File not found
BDNewsAgent -> Reg Data - Value does not exist -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 26/09/2007 13:42:04 | Attr = ]
My Web Search Bar Search Scope Monitor -> Reg Data - Value does not exist -> File not found
MyWebSearch Email Plugin -> Reg Data - Value does not exist -> File not found
PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 83, 75, 3 | Size = 227328 bytes | Modified Date = 23/03/2007 12:20:52 | Attr = ]
PKR Pal -> %ProgramFiles%\PKR\pkrpal.exe -> [Ver = | Size = 2257512 bytes | Modified Date = 01/12/2007 19:47:04 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 29/06/2007 05:24:52 | Attr = ]
SpySweeper -> Reg Data - Value does not exist -> File not found
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 08/04/2006 14:40:40 | Attr = ]
ZangoOE -> %ProgramFiles%\Zango\bin\10.0.341.0\OEAddOn.exe -> File not found
ZangoSA -> %ProgramFiles%\Zango\bin\10.0.341.0\ZangoSA.exe -> File not found
[Files/Folders - Created Within 30 days]
MVS_SIMPS -> %SystemDrive%\MVS_SIMPS -> [Folder | Created Date = 13/11/2007 18:27:40 | Attr = ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 14/11/2007 23:54:58 | Attr = H ]
GREUninstall.exe -> %SystemRoot%\GREUninstall.exe -> [Ver = | Size = 118784 bytes | Created Date = 08/11/2007 23:17:24 | Attr = ]
SeaMonkeyUninstall.exe -> %SystemRoot%\SeaMonkeyUninstall.exe -> [Ver = | Size = 118784 bytes | Created Date = 08/11/2007 23:17:34 | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Created Date = 30/11/2007 10:45:48 | Attr = ]
User_Feed_Synchronization-{84541C83-DB18-40F5-8050-E9AC4571FA02}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{84541C83-DB18-40F5-8050-E9AC4571FA02}.job -> [Ver = | Size = 420 bytes | Created Date = 27/11/2007 01:27:31 | Attr = H ]
adssite_sidebar_uninstall.exe -> %System32%\adssite_sidebar_uninstall.exe -> [Ver = | Size = 59223 bytes | Created Date = 05/12/2007 12:24:11 | Attr = ]
[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 05/12/2007 14:20:12 | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 28/11/2007 00:05:44 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073074176 bytes | Modified Date = 06/12/2007 21:21:08 | Attr = HS]
MVS_SIMPS -> %SystemDrive%\MVS_SIMPS -> [Folder | Modified Date = 13/11/2007 18:28:26 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 02/12/2007 15:26:20 | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 232 bytes | Modified Date = 22/11/2007 14:28:52 | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 27/11/2007 22:48:30 | Attr = H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/11/2007 22:23:50 | Attr = H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 232 bytes | Modified Date = 13/11/2007 19:18:30 | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 22/11/2007 14:28:52 | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 27/11/2007 22:48:30 | Attr = H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/11/2007 22:23:50 | Attr = H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 13/11/2007 19:18:30 | Attr = H ]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 02/12/2007 01:52:50 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 06/12/2007 21:52:44 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 14/11/2007 23:54:18 | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Modified Date = 14/11/2007 23:55:00 | Attr = H ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 06/12/2007 21:21:18 | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 59186 bytes | Modified Date = 20/11/2007 01:01:02 | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 04/12/2007 22:46:28 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 27/11/2007 21:20:04 | Attr = S]
GREUninstall.exe -> %SystemRoot%\GREUninstall.exe -> [Ver = | Size = 118784 bytes | Modified Date = 08/11/2007 23:17:26 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 26/11/2007 22:59:34 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 06/12/2007 22:08:14 | Attr = HS]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 18325 bytes | Modified Date = 08/11/2007 23:17:36 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 06/12/2007 11:16:28 | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 335 bytes | Modified Date = 08/11/2007 23:17:48 | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 488 bytes | Modified Date = 11/11/2007 01:13:12 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 28/11/2007 17:40:16 | Attr = ]
SeaMonkeyUninstall.exe -> %SystemRoot%\SeaMonkeyUninstall.exe -> [Ver = | Size = 118784 bytes | Modified Date = 08/11/2007 23:17:36 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 06/12/2007 23:20:10 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 06/12/2007 21:32:30 | Attr = S]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 06/12/2007 21:30:14 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 25 bytes | Modified Date = 08/11/2007 23:17:34 | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 29/11/2007 19:33:08 | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Modified Date = 06/12/2007 22:53:02 | Attr = ]
Disk Cleanup.job -> %SystemRoot%\tasks\Disk Cleanup.job -> [Ver = | Size = 258 bytes | Modified Date = 06/12/2007 17:44:02 | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 06/12/2007 21:32:30 | Attr = H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 06/12/2007 21:21:50 | Attr = H ]
User_Feed_Synchronization-{84541C83-DB18-40F5-8050-E9AC4571FA02}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{84541C83-DB18-40F5-8050-E9AC4571FA02}.job -> [Ver = | Size = 420 bytes | Modified Date = 06/12/2007 00:24:10 | Attr = H ]
adssite-remove.exe -> %System32%\adssite-remove.exe -> [Ver = | Size = 79868 bytes | Modified Date = 30/11/2007 17:37:28 | Attr = ]
adssite_sidebar_uninstall.exe -> %System32%\adssite_sidebar_uninstall.exe -> [Ver = | Size = 59223 bytes | Modified Date = 06/12/2007 21:31:54 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 26/11/2007 23:00:36 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 06/12/2007 22:37:20 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 15/11/2007 00:06:28 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 06/12/2007 21:22:04 | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 21787 bytes | Modified Date = 06/12/2007 21:30:12 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 62344 bytes | Modified Date = 05/12/2007 23:07:18 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 401064 bytes | Modified Date = 05/12/2007 23:07:18 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 470292 bytes | Modified Date = 05/12/2007 23:07:18 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 06/12/2007 21:30:10 | Attr = ]
[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\dvdshrink32setup.zip:Zone.Identifier ->
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\lpt$vpn.981 -> [Ver = | Size = 16655063 bytes | Modified Date = 01/12/2005 13:18:56 | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\RMAgentOutput.dll -> [Ver = | Size = 25157 bytes | Modified Date = 03/05/2005 11:44:44 | Attr = ]
UPX0 , -> %SystemRoot%\RTLCPL.EXE -> Realtek Semiconductor Corp. [Ver = 1.0.1.51 | Size = 9710592 bytes | Modified Date = 21/09/2005 14:23:42 | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Modified Date = 10/01/2005 16:17:24 | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\VPTNFILE.981 -> [Ver = | Size = 16655063 bytes | Modified Date = 01/12/2005 13:18:56 | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Modified Date = 18/02/2005 18:40:14 | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\yimage.zip:Zone.Identifier ->
aspack , -> %System32%\ALZALZ.BIN -> [Ver = | Size = 62464 bytes | Modified Date = 29/03/2006 07:43:36 | Attr = ]
aspack , -> %System32%\ALZZip.BIN -> [Ver = | Size = 42496 bytes | Modified Date = 29/03/2006 07:43:38 | Attr = ]
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 07/10/2005 17:14:52 | Attr = ]
UPX! , UPX0 , -> %System32%\CoreAAC.ax -> [Ver = 1, 1, 0, 642 | Size = 158208 bytes | Modified Date = 22/04/2004 02:54:44 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 31/03/2003 12:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivXNetworks [Ver = 6,0,0,1697 | Size = 693248 bytes | Modified Date = 28/09/2005 21:29:14 | Attr = ]
Thawte Consulting , -> %System32%\itiimg3.dll -> InterActual Technologies, Inc. [Ver = 4.0.2 | Size = 285472 bytes | Modified Date = 20/06/2005 17:11:20 | Attr = ]
UPX! , UPX0 , -> %System32%\Lame.exe -> [Ver = | Size = 187904 bytes | Modified Date = 26/07/2004 12:12:38 | Attr = ]
UPX! , UPX0 , -> %System32%\LameACM.acm -> http://www.mp3dev.org/ [Ver = 0.9.1 | Size = 200192 bytes | Modified Date = 26/07/2004 12:13:08 | Attr = ]
UPX! , UPX0 , -> %System32%\lame_enc.dll -> [Ver = | Size = 85504 bytes | Modified Date = 28/09/2006 17:54:22 | Attr = ]
aspack , -> %System32%\NCTAudioFile.dll -> NCT Company [Ver = 1, 7, 6, 0 | Size = 491520 bytes | Modified Date = 03/12/2002 03:02:58 | Attr = ]
aspack , -> %System32%\NCTAudioInformation2.dll -> NCT Company Ltd. [Ver = 2, 1, 2, 0 | Size = 573440 bytes | Modified Date = 26/03/2003 06:59:40 | Attr = ]
aspack , -> %System32%\NCTAudioPlayer.dll -> NCT Company [Ver = 1, 7, 6, 0 | Size = 168448 bytes | Modified Date = 03/12/2002 03:07:08 | Attr = ]
aspack , -> %System32%\NCTWMAFile.dll -> NCT Company [Ver = 1, 7, 6, 0 | Size = 143872 bytes | Modified Date = 03/12/2002 03:11:10 | Attr = ]
PEC2 , qoologic , -> %System32%\NN -> [Ver = | Size = 13951723 bytes | Modified Date = 12/05/2007 22:28:34 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 31/03/2003 12:00:00 | Attr = ]
Thawte Consulting , -> %System32%\XMD5.dll -> Belus Technology Inc. [Ver = 1, 0, 0, 0 | Size = 78488 bytes | Modified Date = 06/10/2003 11:44:34 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 31/03/2003 12:00:00 | Attr = ]
PTech , -> %System32%\dllcache\mtlstrm.sys -> [Ver = 3.40.02RC | Size = 1301128 bytes | Modified Date = 02/07/2003 14:26:36 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 25/10/2007 19:51:04 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> [Ver = 3.40.02RC | Size = 1301128 bytes | Modified Date = 02/07/2003 14:26:36 | Attr = ]
< End of report >0 -
Advertisement
-
Hello
Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
YN -> %AllUsersStartup%\Windows Live Messenger.lnk ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> interceptor.dll -> interceptor.dll
YN -> c:\progra~1\google\google~2\goec62~1.dll -> %SystemDrive%\progra~1\google\google~2\goec62~1.dll
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {315108E4-E3AF-460F-B264-F2ACC9E1ACEB} [HKLM] -> %System32%\adssite_sidebar.dll [SE Sidebar]
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{07AA283A-43D7-4CBE-A064-32A21112D94D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {40B2063F-DB01-4962-BE63-59435C01283C} -> %SystemDrive%\PROGRA~1\VCPOKE~1\client.exe [ButtonText: VC Poker]
YN -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services]
YN -> {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll\RCSearch.htm
YN -> &Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm
YN -> Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp -> Reg Data - Key not found
YN -> msdaipp -> Reg Data - Key not found
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk -> Reg Data - Value does not exist
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk -> Reg Data - Value does not exist
YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk -> Reg Data - Value does not exist
YN -> C:^Documents and Settings^Gary^Start Menu^Programs^Startup^BitTorrent.lnk -> %SystemDrive%\PROGRA~1\BITTOR~1\BITTOR~1.EXE
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> avast! -> Reg Data - Value does not exist
YN -> BDMCon -> Reg Data - Value does not exist
YN -> BDNewsAgent -> Reg Data - Value does not exist
YN -> My Web Search Bar Search Scope Monitor -> Reg Data - Value does not exist
YN -> MyWebSearch Email Plugin -> Reg Data - Value does not exist
YN -> SpySweeper -> Reg Data - Value does not exist
YN -> ZangoOE -> %ProgramFiles%\Zango\bin\10.0.341.0\OEAddOn.exe
YN -> ZangoSA -> %ProgramFiles%\Zango\bin\10.0.341.0\ZangoSA.exe
[Files/Folders - Created Within 30 days]
NY -> adssite_sidebar_uninstall.exe -> %System32%\adssite_sidebar_uninstall.exe
[Files/Folders - Modified Within 30 days]
NY -> Tasks -> %SystemRoot%\Tasks
NY -> MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job
NY -> adssite-remove.exe -> %System32%\adssite-remove.exe
NY -> adssite_sidebar_uninstall.exe -> %System32%\adssite_sidebar_uninstall.exe
[File String Scan - Non-Microsoft Only]
NY -> @Alternate Data Stream - 26 bytes -> %SystemDrive%\dvdshrink32setup.zip:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %SystemRoot%\yimage.zip:Zone.Identifier
[Empty Temp Folders]
[Start Explorer]
[Reboot]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).
I will review the information when it comes back in.
Also post a new HijackThis log.0
Advertisement