Tech Support Guy banner
Cancel

iexplore.exe has take over my computer

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 13 of 13 Posts
B

· Registered
Joined
·
57 Posts
Discussion Starter · #1 ·
My search did not find a solution to this .

You can see 10 entery of iexplore. It will continue opening them up until you have to shut down the computer Please help me get rid of this problem and if you can please explain what is happening? Thanks in advance for your help

Logfile of HijackThis v1.99.1
Scan saved at 12:49:09 AM, on 1/7/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\htpatch.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\sistray.exe
C:\Program Files\MemInfo\meminfo.exe
c:\program files\internet explorer\iexplore.exe
C:\WINNT\system32\wuauclt.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Bill Roland\Desktop\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intel.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: MemInfo.lnk = C:\Program Files\MemInfo\meminfo.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (14.0)) - http://davidsoncorod.org/controls/LTOCX14N.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1711c31b5d02cf755805/netzip/RdxIE601.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://web29.cqservers.com:8443/msrdp.cab
O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} (Pegasus PrintPRO Control v2.0) - http://davidsoncorod.org/controls/prntpro2.CAB
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
 
cybertech

· Retired Moderator
Joined
·
72,209 Posts
#3 ·
Hi billroland,

Received your PM I'll try to help but I don't see much in the log.

Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Don't do anything with it yet!

Reboot to safe mode.

Double click WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.

Reboot to normal mode.

  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Copy and paste WinPFind.txt in your next post here please.
 
B

· Registered
Joined
·
57 Posts
Discussion Starter · #4 ·
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 1/7/2007 1:34:40 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\Bill Roland\Desktop\WinPFind\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2800.1106)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 1/3/2007 8:03:50 PM 36364 C:\WINNT\htpatch.exe ()

Checking %System% folder...
WSUD 5/14/2004 4:26:34 AM 14268928 C:\WINNT\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
UPX! 1/3/2007 8:03:50 PM 36364 C:\WINNT\SYSTEM32\keyhook.exe ()
PTech 8/7/2006 8:50:22 AM 1484592 C:\WINNT\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation)
WSUD 6/19/2003 2:05:04 PM 1011764 C:\WINNT\SYSTEM32\mfc42u.dll (Microsoft Corporation)
PECompact2 12/7/2006 6:13:44 PM 10716584 C:\WINNT\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 12/7/2006 6:13:44 PM 10716584 C:\WINNT\SYSTEM32\MRT.exe (Microsoft Corporation)
Umonitor 1/12/2005 2:39:46 PM 531216 C:\WINNT\SYSTEM32\RASDLG.DLL (Microsoft Corporation)
winsync 12/7/1999 7:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu ()

Checking %System%\Drivers folder and sub-folders...
UPX! 12/29/2006 10:17:18 AM 816672 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 12/29/2006 10:17:18 AM 816672 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 12/29/2006 10:17:18 AM 816672 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 12/29/2006 10:17:18 AM 816672 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)

Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/29/2006 2:03:00 AM H 54156 C:\WINNT\QTFont.qfn ()
12/22/2006 11:40:24 AM H 1105700 C:\WINNT\ShellIconCache ()
1/7/2007 1:31:10 PM S 64 C:\WINNT\CSC\00000001 ()
1/7/2007 1:31:12 PM S 64 C:\WINNT\CSC\00000002 ()
1/7/2007 10:37:12 AM S 64 C:\WINNT\CSC\csc1.tmp ()
1/7/2007 1:31:56 PM H 1024 C:\WINNT\system32\config\default.LOG ()
1/7/2007 1:31:10 PM H 1024 C:\WINNT\system32\config\SAM.LOG ()
1/7/2007 1:31:56 PM H 1024 C:\WINNT\system32\config\SECURITY.LOG ()
1/7/2007 1:43:50 PM H 1024 C:\WINNT\system32\config\software.LOG ()
1/7/2007 1:30:56 PM H 6 C:\WINNT\Tasks\SA.DAT ()

Checking for CPL files...
12/7/1999 7:00:00 AM 67344 C:\WINNT\SYSTEM32\access.cpl (Microsoft Corporation)
5/14/2004 4:26:34 AM 14268928 C:\WINNT\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
6/19/2003 2:05:04 PM 301328 C:\WINNT\SYSTEM32\appwiz.cpl (Microsoft Corporation)
6/19/2003 2:05:04 PM 237328 C:\WINNT\SYSTEM32\DESK.CPL (Microsoft Corporation)
12/7/1999 7:00:00 AM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/29/2002 6:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
12/7/1999 7:00:00 AM 118032 C:\WINNT\SYSTEM32\intl.cpl (Microsoft Corporation)
12/7/1999 7:00:00 AM 36112 C:\WINNT\SYSTEM32\irprops.cpl (Microsoft Corporation)
12/7/1999 7:00:00 AM 60688 C:\WINNT\SYSTEM32\joy.cpl (Microsoft Corporation)
11/9/2006 3:07:28 PM 49265 C:\WINNT\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
12/7/1999 7:00:00 AM 122128 C:\WINNT\SYSTEM32\main.cpl (Microsoft Corporation)
12/7/1999 7:00:00 AM 303888 C:\WINNT\SYSTEM32\mmsys.cpl (Microsoft Corporation)
12/7/1999 7:00:00 AM 17168 C:\WINNT\SYSTEM32\ncpa.cpl (Microsoft Corporation)
12/7/1999 7:00:00 AM 41232 C:\WINNT\SYSTEM32\nwc.cpl (Microsoft Corporation)
6/19/2003 2:05:04 PM 41232 C:\WINNT\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
6/19/2003 2:05:04 PM 90896 C:\WINNT\SYSTEM32\powercfg.cpl (Microsoft Corporation)
6/19/2003 2:05:04 PM 83216 C:\WINNT\SYSTEM32\sticpl.cpl (Microsoft Corporation)
6/19/2003 2:05:04 PM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL (Microsoft Corporation)
12/7/1999 7:00:00 AM 5904 C:\WINNT\SYSTEM32\telephon.cpl (Microsoft Corporation)
12/7/1999 7:00:00 AM 61200 C:\WINNT\SYSTEM32\timedate.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/29/2002 6:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
1/12/2005 2:40:00 PM 64784 C:\WINNT\SYSTEM32\dllcache\msmq.cpl (Microsoft Corporation)
9/23/1999 6:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl (IBM Corporation)
12/7/1999 7:00:00 AM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{0000000A-0000-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
{0000000A-9980-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab
{00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - LEAD Main Control (14.0) - CodeBase = http://davidsoncorod.org/controls/LTOCX14N.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{193C772A-87BE-4B19-A7BB-445B226FE9A1} - ewidoOnlineScan Control - CodeBase = http://download.ewido.net/ewidoOnlineScan.cab
{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - VerifyGMN Class - CodeBase = http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
{33564D57-0000-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
{33564D57-9980-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
{56336BCB-3D8A-11D6-A00B-0050DA18DE71} - RdxIE Class - CodeBase = http://software-dl.real.com/1711c31b5d02cf755805/netzip/RdxIE601.cab
{7584C670-2274-4EFB-B00B-D6AABA6D3850} - Microsoft RDP Client Control (redist) - CodeBase = https://web29.cqservers.com:8443/msrdp.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{9841D1AE-9C0B-11D3-9452-00105A098C21} - Pegasus PrintPRO Control v2.0 - CodeBase = http://davidsoncorod.org/controls/prntpro2.CAB
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38976.3230787037
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - Live365Player Class - CodeBase = http://www.live365.com/players/play365.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINNT\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINNT\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/20/2006 3:45:28 PM 1575 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
12/9/2004 8:26:50 PM 1375 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/22/2006 3:47:22 AM 228 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()
12/30/2006 7:23:44 PM 3711 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
1/1/2007 8:22:54 AM 1468 C:\Documents and Settings\Bill Roland\Start Menu\Programs\Startup\MemInfo.lnk ()

Checking files in %USERPROFILE%\Application Data folder...

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Default_Search_URL - http://www.google.com/ie
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.intel.com/
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com
\\Local Page - C:\WINNT\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar2.dll (Google Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINNT\system32\msdxm.ocx ()
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc.)
\WebBrowser\\{B13721C7-F507-4982-B2E5-502A71474FED} - = ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8195
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
\\{77BF5300-1474-4EC7-9980-D32B190E9B07} - 8194 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINNT\System32\hticons.dll (Hilgraeve, Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{248A7248-2D62-4B49-ACFB-0C1B70C04F0D} - PKZIP Shell Extension = C:\Program Files\Common Files\PKWARE\PKZIP7\PKCOM700.dll (PKWARE, Inc.)
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{BDEADF00-C265-11d0-BCED-00A0C90AB50F} - = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL ()

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\PKZIP Shell Extension - {248A7248-2D62-4B49-ACFB-0C1B70C04F0D} = C:\Program Files\Common Files\PKWARE\PKZIP7\PKCOM700.dll (PKWARE, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\PKZIP Shell Extension - {248A7248-2D62-4B49-ACFB-0C1B70C04F0D} = C:\Program Files\Common Files\PKWARE\PKZIP7\PKCOM700.dll (PKWARE, Inc.)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Synchronization Manager - C:\WINNT\SYSTEM32\mobsync.exe (Microsoft Corporation)
SiS Windows KeyHook - C:\WINNT\System32\keyhook.exe ()
HTpatch - C:\WINNT\htpatch.exe ()
SoundMan - C:\WINNT\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
Windows Defender - C:\Program Files\Windows Defender\MSASCui.exe ()
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
QuickTime Task - C:\Program Files\QuickTime\qttask.exe ()
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe ()
AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe ()
SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ()
Skype - C:\Program Files\Skype\Phone\Skype.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk - C:\WINNT\system32\sistray.exe (Silicon Integrated Systems Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Bill Roland\Start Menu\Programs\Startup\MemInfo.lnk - C:\Program Files\MemInfo\meminfo.exe (Carthago Software)

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINNT\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\wzcnotif - wzcdlg.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{73C068B3-25D2-4D28-814A-BD445492A9F9} - (SiS 900-Based PCI Fast Ethernet Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\rnr20.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\nwprovau.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000024\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\belarc - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
\ipp - ()
\msdaipp - ()
\vnd.ms.radio - C:\WINNT\system32\msdxm.ocx ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
B

· Registered
Joined
·
57 Posts
Discussion Starter · #7 ·
Sorry i missed the safe mode part., also the longer the computer runs just sitting idle it will continue putting the iexploer entrys until it reaches the point i have to sut down withth power switch

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 1/7/2007 2:10:06 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\Bill Roland\Desktop\WinPFind\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2800.1106)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 1/3/2007 8:03:50 PM 36364 C:\WINNT\htpatch.exe ()

Checking %System% folder...
WSUD 5/14/2004 4:26:34 AM 14268928 C:\WINNT\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
UPX! 1/3/2007 8:03:50 PM 36364 C:\WINNT\SYSTEM32\keyhook.exe ()
PTech 8/7/2006 8:50:22 AM 1484592 C:\WINNT\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation)
WSUD 6/19/2003 2:05:04 PM 1011764 C:\WINNT\SYSTEM32\mfc42u.dll (Microsoft Corporation)
PECompact2 12/7/2006 6:13:44 PM 10716584 C:\WINNT\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 12/7/2006 6:13:44 PM 10716584 C:\WINNT\SYSTEM32\MRT.exe (Microsoft Corporation)
Umonitor 1/12/2005 2:39:46 PM 531216 C:\WINNT\SYSTEM32\RASDLG.DLL (Microsoft Corporation)
winsync 12/7/1999 7:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu ()

Checking %System%\Drivers folder and sub-folders...
UPX! 12/29/2006 10:17:18 AM 816672 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 12/29/2006 10:17:18 AM 816672 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 12/29/2006 10:17:18 AM 816672 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 12/29/2006 10:17:18 AM 816672 C:\WINNT\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)

Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/29/2006 2:03:00 AM H 54156 C:\WINNT\QTFont.qfn ()
12/22/2006 11:40:24 AM H 1105700 C:\WINNT\ShellIconCache ()
1/7/2007 1:31:10 PM S 64 C:\WINNT\CSC\00000001 ()
1/7/2007 1:31:12 PM S 64 C:\WINNT\CSC\00000002 ()
1/7/2007 10:37:12 AM S 64 C:\WINNT\CSC\csc1.tmp ()
1/7/2007 1:31:56 PM H 1024 C:\WINNT\system32\config\default.LOG ()
1/7/2007 2:09:38 PM H 1024 C:\WINNT\system32\config\SAM.LOG ()
1/7/2007 2:07:44 PM H 1024 C:\WINNT\system32\config\SECURITY.LOG ()
1/7/2007 2:12:12 PM H 1024 C:\WINNT\system32\config\software.LOG ()
1/7/2007 1:30:56 PM H 6 C:\WINNT\Tasks\SA.DAT ()

Checking for CPL files...
12/7/1999 7:00:00 AM 67344 C:\WINNT\SYSTEM32\access.cpl (Microsoft Corporation)
5/14/2004 4:26:34 AM 14268928 C:\WINNT\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
6/19/2003 2:05:04 PM 301328 C:\WINNT\SYSTEM32\appwiz.cpl (Microsoft Corporation)
6/19/2003 2:05:04 PM 237328 C:\WINNT\SYSTEM32\DESK.CPL (Microsoft Corporation)
12/7/1999 7:00:00 AM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/29/2002 6:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
12/7/1999 7:00:00 AM 118032 C:\WINNT\SYSTEM32\intl.cpl (Microsoft Corporation)
12/7/1999 7:00:00 AM 36112 C:\WINNT\SYSTEM32\irprops.cpl (Microsoft Corporation)
12/7/1999 7:00:00 AM 60688 C:\WINNT\SYSTEM32\joy.cpl (Microsoft Corporation)
11/9/2006 3:07:28 PM 49265 C:\WINNT\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
12/7/1999 7:00:00 AM 122128 C:\WINNT\SYSTEM32\main.cpl (Microsoft Corporation)
12/7/1999 7:00:00 AM 303888 C:\WINNT\SYSTEM32\mmsys.cpl (Microsoft Corporation)
12/7/1999 7:00:00 AM 17168 C:\WINNT\SYSTEM32\ncpa.cpl (Microsoft Corporation)
12/7/1999 7:00:00 AM 41232 C:\WINNT\SYSTEM32\nwc.cpl (Microsoft Corporation)
6/19/2003 2:05:04 PM 41232 C:\WINNT\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
6/19/2003 2:05:04 PM 90896 C:\WINNT\SYSTEM32\powercfg.cpl (Microsoft Corporation)
6/19/2003 2:05:04 PM 83216 C:\WINNT\SYSTEM32\sticpl.cpl (Microsoft Corporation)
6/19/2003 2:05:04 PM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL (Microsoft Corporation)
12/7/1999 7:00:00 AM 5904 C:\WINNT\SYSTEM32\telephon.cpl (Microsoft Corporation)
12/7/1999 7:00:00 AM 61200 C:\WINNT\SYSTEM32\timedate.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/29/2002 6:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
1/12/2005 2:40:00 PM 64784 C:\WINNT\SYSTEM32\dllcache\msmq.cpl (Microsoft Corporation)
9/23/1999 6:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl (IBM Corporation)
12/7/1999 7:00:00 AM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{0000000A-0000-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
{0000000A-9980-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab
{00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - LEAD Main Control (14.0) - CodeBase = http://davidsoncorod.org/controls/LTOCX14N.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{193C772A-87BE-4B19-A7BB-445B226FE9A1} - ewidoOnlineScan Control - CodeBase = http://download.ewido.net/ewidoOnlineScan.cab
{200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - VerifyGMN Class - CodeBase = http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
{33564D57-0000-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
{33564D57-9980-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
{56336BCB-3D8A-11D6-A00B-0050DA18DE71} - RdxIE Class - CodeBase = http://software-dl.real.com/1711c31b5d02cf755805/netzip/RdxIE601.cab
{7584C670-2274-4EFB-B00B-D6AABA6D3850} - Microsoft RDP Client Control (redist) - CodeBase = https://web29.cqservers.com:8443/msrdp.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{9841D1AE-9C0B-11D3-9452-00105A098C21} - Pegasus PrintPRO Control v2.0 - CodeBase = http://davidsoncorod.org/controls/prntpro2.CAB
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38976.3230787037
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - Live365Player Class - CodeBase = http://www.live365.com/players/play365.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINNT\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINNT\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/20/2006 3:45:28 PM 1575 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
12/9/2004 8:26:50 PM 1375 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/22/2006 3:47:22 AM 228 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()
12/30/2006 7:23:44 PM 3711 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
1/1/2007 8:22:54 AM 1468 C:\Documents and Settings\Bill Roland\Start Menu\Programs\Startup\MemInfo.lnk ()

Checking files in %USERPROFILE%\Application Data folder...

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Default_Search_URL - http://www.google.com/ie
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.intel.com/
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com
\\Local Page - C:\WINNT\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar2.dll (Google Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINNT\system32\msdxm.ocx ()
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc.)
\WebBrowser\\{B13721C7-F507-4982-B2E5-502A71474FED} - = ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8195
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
\\{77BF5300-1474-4EC7-9980-D32B190E9B07} - 8194 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINNT\System32\hticons.dll (Hilgraeve, Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{248A7248-2D62-4B49-ACFB-0C1B70C04F0D} - PKZIP Shell Extension = C:\Program Files\Common Files\PKWARE\PKZIP7\PKCOM700.dll (PKWARE, Inc.)
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{BDEADF00-C265-11d0-BCED-00A0C90AB50F} - = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL ()

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\PKZIP Shell Extension - {248A7248-2D62-4B49-ACFB-0C1B70C04F0D} = C:\Program Files\Common Files\PKWARE\PKZIP7\PKCOM700.dll (PKWARE, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\PKZIP Shell Extension - {248A7248-2D62-4B49-ACFB-0C1B70C04F0D} = C:\Program Files\Common Files\PKWARE\PKZIP7\PKCOM700.dll (PKWARE, Inc.)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Synchronization Manager - C:\WINNT\SYSTEM32\mobsync.exe (Microsoft Corporation)
SiS Windows KeyHook - C:\WINNT\System32\keyhook.exe ()
HTpatch - C:\WINNT\htpatch.exe ()
SoundMan - C:\WINNT\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
Windows Defender - C:\Program Files\Windows Defender\MSASCui.exe ()
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
QuickTime Task - C:\Program Files\QuickTime\qttask.exe ()
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe ()
AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe ()
SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ()
Skype - C:\Program Files\Skype\Phone\Skype.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk - C:\WINNT\system32\sistray.exe (Silicon Integrated Systems Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Bill Roland\Start Menu\Programs\Startup\MemInfo.lnk - C:\Program Files\MemInfo\meminfo.exe (Carthago Software)

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINNT\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\wzcnotif - wzcdlg.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{73C068B3-25D2-4D28-814A-BD445492A9F9} - (SiS 900-Based PCI Fast Ethernet Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\rnr20.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\nwprovau.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)
\000000000024\\PackedCatalogItem - %SystemRoot%\system32\msafd.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\belarc - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
\ipp - ()
\msdaipp - ()
\vnd.ms.radio - C:\WINNT\system32\msdxm.ocx ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
cybertech

· Retired Moderator
Joined
·
72,209 Posts
#10 ·
OK, please give this a try and let me know if it helps

Download the Hoster and unzip it to your desktop.
www.funkytoad.com/download/hoster.zip

Next, open the Hoster
Make sure that you see "Your hosts file is editable" if not click the button in the upper right corner
Now, click on 'back up Host files'
then click on 'Restore Microsoft's orginal host files'
Finally, close the hoster.
 
cybertech

· Retired Moderator
Joined
·
72,209 Posts
#12 ·
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download and install AVG Anti-Spyware 7.5 AVG ANTI-SPYWARE IS ONLY FOR SYSTEMS RUNNING WIN 2K and XP
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware)
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:
1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
 
B

· Registered
Joined
·
57 Posts
Discussion Starter · #13 ·
I have run out off time for today I want to thank you for all of the effort you have put into this
I would like to leave it open in case you think of something that might work I may just have to get me another harddrive and start all over. Your effort still deserves a donation which I will make.

Thank You
Bill Roland
 
1 - 13 of 13 Posts
Status
Not open for further replies.
About this Discussion
12 Replies
2 Participants
Last post:
billroland
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top