Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 20 of 122 Posts

·
Registered
Joined
·
148 Posts
Discussion Starter · #1 ·
I have run all the spyware programs listed below:
Adaware
Spybot
cwshredder
ewido
ccleaner

attached is the hijackthis log after everything has been run. I would really appreciate it if it can be reviewed.

Many thanks

Logfile of HijackThis v1.99.1
Scan saved at 12:36:56 AM, on 12/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\Program Files\ConWare\InterChat3\IC3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\Spyware\abc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: InterChat3.lnk = C:\Program Files\ConWare\InterChat3\IC3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Free History Cleaner - {ECC5778A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Free History Cleaner - {ECC5778A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126447465562
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://h30155.www3.hp.com/helpandsupport/SysQuery.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - SlySoft, Inc. - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

yahoo companion means nothing to be so I would delete it but its not in add/remove
i am using winoptimizer, but maybe that is hurting more than helping
 

·
Registered
Joined
·
1,912 Posts
You may be better advised if you click on the red triangle ( top right of your post ) and ask for this to be moved to the Security Forum - there will be more log experts there.
 

·
Administrator
Joined
·
123,532 Posts
Your thread was not moved but you posted two threads for the same problem and one of them was closed. It just happens to be the one in security that was closed.

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
  1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
  2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  4. AVG will now begin the scanning process. Please be patient as this may take a little time.
    Once the scan is complete, do the following:
  5. If you have any infections you will be prompted. Then select "Apply all actions."
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Please go HERE to run Panda's ActiveScan
  • You need to use IE to run this scan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
 

·
Trusted Advisor
Joined
·
85,506 Posts
lsheps:

I got your PM. I can't tell you why your internet connection is running slow. CookieGal is trying to help you, so follow her instructions.

Other than an antivirus program and third-party firewall program(if one is used), very few other programs need to load during startup and run in the background. Most of your O4 list can be disabled from loading and running. You should make use of this site for managing the startup list.

--------------------------------------------------------------------------------------
 

·
Trusted Advisor
Joined
·
85,506 Posts
You're welcome. :)

Enjoy today because we're going to have wet, nasty weather for Christmas Day. :down:

Don't forget to follow Cookiegal's instructions. ;)

Frank

-------------------------------------------------------------------------------------
 

·
Registered
Joined
·
148 Posts
Discussion Starter · #13 ·
In order as they ran

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:56:03 AM 12/24/2006

+ Scan result:

C:\Program Files\Common Files\Motive\InstallHelper.exe -> Heuristic.Win32.Dialer : Cleaned.
C:\System Volume Information\_restore{A85EC1FF-58D4-4723-A09B-E5784A945816}\RP251\A0036709.exe -> Not-A-Virus.Monitor.Win32.Ardamax.k : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned.

::Report end

Incident Status Location

Adware:adware/dollarrevenue Not disinfected c:\windows\drsmartloadb1.dat
Adware:adware/webattaker Not disinfected c:\windows\uniq
Adware:adware/cws Not disinfected C:\Documents and Settings\Compaq_Owner\Favorites\Health
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Registry Cleaner
Adware:adware/commad Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Possible Virus. Not disinfected C:\avenger\backup.zip[avenger/awtsp.dll]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][3].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\[email protected][2].txt
Possible Virus. Not disinfected C:\Documents and Settings\Compaq_Owner\Desktop\Spyware\backups\backup-20060810-163941-710.dll
Potentially unwanted tool:Application/ServUBased.A Not disinfected C:\Documents and Settings\Compaq_Owner\My Documents\My Downloads\Super Mah Jong\setup.exe[WindowsUpdate.exe]
Hacktool:HackTool/DiskInfo.A Not disinfected C:\Documents and Settings\Compaq_Owner\My Documents\My Downloads\Super Mah Jong\setup.exe[DiskInfo.EXE]
Potentially unwanted tool:Application/Firedaemon.B Not disinfected C:\Documents and Settings\Compaq_Owner\My Documents\My Downloads\Super Mah Jong\setup.exe[mssvchost.exe]
Potentially unwanted tool:Application/Iroffer.A Not disinfected C:\Documents and Settings\Compaq_Owner\My Documents\My Downloads\Super Mah Jong\setup.exe[smss.exe]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Possible Virus. Not disinfected C:\VundoFix Backups\awtsp.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:41:51 AM, on 12/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ConWare\InterChat3\IC3.exe
C:\Documents and Settings\Compaq_Owner\Desktop\Spyware\abc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: InterChat3.lnk = C:\Program Files\ConWare\InterChat3\IC3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126447465562
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://h30155.www3.hp.com/helpandsupport/SysQuery.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - SlySoft, Inc. - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Maybe I should have mentioned that my system restore does not work also, not sure if it is related
Thanks again to all!
 

·
Administrator
Joined
·
123,532 Posts
Go here to download AlcanShorty_en.exe and save it to your desktop.
  • Double click the alcanShorty.exe file and follow prompts.
  • It will make a folder on desktop called Alcan Shorty
  • Open the Alcan Shorty folder & double click the run.bat file to run it.
  • This will download a file called BFU.exe and a BFU script.
  • If your firewall asks for permission to connect to the Internet you must allow it.
  • A message box will pop up saying "complete".
  • Be patient and wait for the message box to appear as it may take some time.
  • Press OK then BFU.exe will open.
  • Select the option to "Show log after script ends"
  • Execute the script by clicking the Execute button.
  • Note that you should see a progress bar while the script is being executed.
  • When the script has finished press "copy" and that will make a copy of the report in your clipboard.
  • Paste the log into Notepad and save it to your desktop in case it's needed later.
Note: If you have any questions about the use of BFU please read here.

Download ComboFix to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
 

·
Registered
Joined
·
148 Posts
Discussion Starter · #15 ·
Alcan Shorty
Combo Fix
Hijack This

BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 2:37:52 PM, on 12/24/2006

Option Unload Explorer: Yes
Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
Failed: DllUnregister \asappsrv.dll|1 (file not found)
Failed: DllUnregister \MyToolBar.dll|1 (file not found)
Failed: DllUnregister \888Bar.dll|1 (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKCU\software\microsoft\windows\currentversion\policies\explorer\run|{84c4d3ae-0bb0-1033-0729-050001} (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\MyToolBar.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\MyToolBar.dll (operation failed)
Failed: FolderDelete C:\Program Files\toolbar888 (folder not found)
Failed: FolderDelete C:\Program Files\e-mailpaysu toolbar (folder not found)
Failed: FolderDelete C:\Program Files\EMUSIC TOOLBAR (folder not found)
Failed: FolderDelete C:\Program Files\find dvd toolbar (folder not found)
Failed: FolderDelete C:\Program Files\GULESIDER VERKTøYLINJE (folder not found)
Failed: FolderDelete C:\Program Files\sesam-p4 toolbar (folder not found)
Failed: FolderDelete C:\Program Files\slownik ling (folder not found)
Failed: FolderDelete C:\Program Files\MediaPipe (folder not found)
Failed: FolderDelete C:\Program Files\p2pnetworks (folder not found)
Failed: FileDelete C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\WCESLog.log (operation failed)
Failed: FileDelete C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF2073.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF8914.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFBA50.tmp (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\Perflib_Perfdata_618.dat (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\PSCastor (folder not found)
Failed: FolderDelete C:\Program Files\CMIntex (folder not found)
Failed: FolderDelete C:\Program Files\PadsysAssistant (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\Snowball Wars (folder not found)
Failed: FolderDelete C:\Program Files\folder.js (folder not found)
Failed: FolderDelete C:\Program Files\ini.ini (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\crunner (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FolderDelete C:\Program Files\PSHope (folder not found)
Failed: FolderDelete C:\Program Files\Batty (folder not found)
Failed: FolderDelete C:\Program Files\Batty2 (folder not found)
Failed: FolderDelete C:\Program Files\AXFibula (folder not found)
Failed: FolderDelete C:\Program Files\CMFibula (folder not found)
Failed: FolderDelete C:\Program Files\PSLister (folder not found)
Failed: FolderDelete C:\Program Files\PSCloner (folder not found)
Failed: FolderDelete C:\Program Files\PSDream (folder not found)
Failed: FolderDelete C:\Program Files\cmapp (folder not found)
Failed: FolderDelete C:\Program Files\cmman (folder not found)
Failed: FolderDelete C:\Program Files\cmsystem (folder not found)
Failed: FolderDelete C:\Program Files\fcengine (folder not found)
Failed: FolderDelete C:\Program Files\wincmapp (folder not found)
Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found)
Failed: FolderDelete C:\Program Files\popupwithcast (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\cloader (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.


Had to put other report on next posting
 

·
Registered
Joined
·
148 Posts
Discussion Starter · #16 ·
1st part of combi fix
split because of size

Combi Fix C:\INSTALL.LOG
Files Created from 2006-11-24 to 2006-12-24

2006-12-24 14:37 d-------- C:\bintheredunthat
2006-12-24 09:04 d-------- C:\WINDOWS\system32\ActiveScan
2006-12-24 09:04 d-------- C:\WINDOWS\LastGood
2006-12-23 14:37 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-23 14:37 d-------- C:\Program Files\Grisoft
2006-12-20 19:51 dr-h----- C:\Documents and Settings\Compaq_Owner\Recent
2006-12-20 02:26 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Elaborate Bytes
2006-12-20 02:09 d-------- C:\MAGICDVDCOPY_TEMP
2006-12-15 12:21 d-------- C:\Documents and Settings\Compaq_Owner\pnlinks
2006-12-15 11:53 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Registry Cleaner
2006-12-15 09:32 d-------- C:\Program Files\ConWare
2006-12-15 09:02 128,608 --a------ C:\UNWISE.EXE
2006-12-14 01:34 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2006-12-14 01:27 d-------- C:\Program Files\MSBuild
2006-12-14 01:15 d-------- C:\Program Files\Microsoft Visual Studio 8
2006-12-14 01:13 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2006-12-12 23:54 d-------- C:\Program Files\IM2001
2006-12-09 02:10 d-------- C:\Program Files\Digital Camera Plus Manager
2006-12-09 01:06 69,632 --a------ C:\WINDOWS\system32\stv680sl.dll
2006-12-09 01:06 618,496 --a------ C:\WINDOWS\system32\stvcol.dll
2006-12-09 01:06 49,152 --a------ C:\WINDOWS\system32\stvscale.dll
2006-12-09 01:06 49,152 --a------ C:\WINDOWS\system32\stv680tg.dll
2006-12-09 01:06 245,760 --a------ C:\WINDOWS\system32\stv680u.dll
2006-12-09 01:06 105,292 --------- C:\WINDOWS\restart.exe
2006-12-09 01:06 d-------- C:\Program Files\AIPTEK
2006-12-08 23:51 d-------- C:\Program Files\OEM
2006-12-08 16:02 11,520 -ra------ C:\WINDOWS\system32\drivers\WDMSTUB.sys
2006-12-08 16:00 7,296 -ra------ C:\WINDOWS\system32\drivers\grmnusb.sys
2006-12-08 16:00 17,024 -ra------ C:\WINDOWS\system32\drivers\grmngen.sys
2006-12-08 15:40 d-------- C:\Garmin
2006-12-08 13:29 d-------- C:\Program Files\PowerISO
2006-12-08 11:37 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2006-12-08 11:37 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2006-12-08 11:37 d-------- C:\Program Files\Common Files\Motive
2006-12-08 09:25 630,784 --a------ C:\Documents and Settings\Compaq_Owner\GoToAssist_chat2way__317_en.exe
2006-12-07 00:22 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-12-07 00:22 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-12-07 00:22 d-------- C:\Program Files\illiminable
2006-12-07 00:21 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo
2006-12-07 00:20 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2006-12-01 16:11 d-------- C:\Program Files\NETGEAR
2006-11-30 00:22 d-------- C:\Program Files\Windows Media Connect 2
2006-11-28 21:55 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SlySoft
2006-11-28 15:40 d-------- C:\Program Files\SlySoft
2006-11-28 15:40 d-------- C:\Program Files\Elaborate Bytes
2006-11-27 09:45 d-------- C:\Program Files\Citrix
2006-11-27 09:45 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\ICAClient
2006-11-25 23:57 d-------- C:\Program Files\Hewlett Packard
2006-11-25 23:56 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-11-25 23:42 d-------- C:\Program Files\HP Photosmart M22-M23
2006-11-25 23:39 d-------- C:\Program Files\M22

Find3M Report
2006-12-24 10:05 -------- d-------- C:\Program Files\Symantec
2006-12-24 09:57 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-12-24 09:55 -------- d-------- C:\Program Files\Internet Explorer
2006-12-24 09:52 -------- d-------- C:\Program Files\Google
2006-12-24 09:50 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-24 09:48 -------- d-------- C:\Program Files\Common Files\Pure Networks Shared
2006-12-22 18:40 -------- d-------- C:\Program Files\Eusing Free Registry Cleaner
2006-12-22 15:51 -------- d-------- C:\Program Files\WinZip
2006-12-22 15:51 -------- d-------- C:\Program Files\WinRAR
2006-12-22 15:40 -------- d-------- C:\Program Files\Matroska Pack
2006-12-22 15:40 -------- d-------- C:\Program Files\MagicISO
2006-12-22 15:28 -------- d-------- C:\Program Files\Allok Video Joiner
2006-12-22 14:35 -------- d-------- C:\Program Files\7-Zip
2006-12-22 14:33 -------- d-------- C:\Program Files\BitLord
2006-12-20 02:26 83 ---hs---- C:\Documents and Settings\Compaq_Owner\Application Data\.zreglib
2006-12-16 03:02 -------- d-------- C:\Program Files\Outlook Express
2006-12-16 03:02 -------- d-------- C:\Program Files\Common Files\System
2006-12-16 01:23 14084 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-12-15 12:04 -------- d-------- C:\Program Files\Common Files\Adobe
2006-12-15 12:03 -------- d-------- C:\Program Files\No1 DVD Ripper
2006-12-14 02:14 -------- d---s---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2006-12-14 01:28 -------- d-------- C:\Program Files\Microsoft Works
2006-12-14 01:28 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-14 01:27 -------- d-------- C:\Program Files\Microsoft Office
2006-12-14 01:21 -------- d-------- C:\Program Files\Common Files
2006-12-12 23:39 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-12 11:56 -------- d-------- C:\Program Files\Hewlett-Packard
2006-12-12 11:52 -------- d-------- C:\Program Files\HP
2006-12-11 02:59 -------- d-------- C:\Program Files\MagicDVDCopier
2006-12-09 03:57 -------- d-------- C:\Program Files\Windows Media Player
2006-12-08 11:57 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Motive
2006-12-08 11:38 -------- d-------- C:\Program Files\Verizon
2006-12-07 00:23 -------- d-------- C:\Program Files\Yahoo!
2006-12-07 00:22 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-11-30 14:03 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\ATI MMC
2006-11-28 21:52 96256 --a------ C:\WINDOWS\system32\drivers\sptd9645.sys
2006-11-19 12:12 -------- d-------- C:\Program Files\Plato DVD Copy
2006-11-19 03:14 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-19 01:22 -------- d-------- C:\Program Files\DIFX
2006-11-16 12:22 4 --a------ C:\WINDOWS\system32\mlcrs0ft.dll
2006-11-16 02:48 47360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-11-16 02:43 -------- d-------- C:\Program Files\1Click DVD Ripper
2006-11-16 01:42 -------- d-------- C:\Program Files\Ahead
2006-11-16 01:35 -------- d-------- C:\Program Files\XviD
2006-11-14 13:20 -------- d-------- C:\Program Files\Microsoft Student
2006-11-14 13:15 -------- d-------- C:\Program Files\Learning Essentials
2006-11-14 12:00 -------- d-------- C:\Program Files\Common Files\ODBC
2006-11-14 11:15 -------- d-------- C:\Program Files\Undisker
2006-11-12 03:17 305342 --a------ C:\165.exe
2006-11-11 08:23 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\DivX
2006-11-09 01:38 26944 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2006-11-09 01:38 25792 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 16:09 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-04 20:25 1321744 --a------ C:\WINDOWS\system32\msxml6.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 04:27 -------- d-------- C:\Program Files\QuickTime
2006-11-04 04:27 -------- d-------- C:\Program Files\OfficeUpdate11
2006-11-04 04:26 -------- d-------- C:\Program Files\Common Files\Real
2006-11-04 04:26 -------- d-------- C:\Program Files\Audacity 1.3 Beta
2006-11-04 04:26 -------- d-------- C:\Program Files\Adobe
2006-11-04 04:24 -------- d-------- C:\Program Files\NetPumper
2006-11-04 04:14 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\NetPumper
2006-11-01 16:47 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-26 14:10 33088 --a------ C:\WINDOWS\system32\FM20ENU.DLL
2006-10-26 14:10 1190688 --a------ C:\WINDOWS\system32\FM20.DLL
2006-10-26 13:45 293376 --a------ C:\WINDOWS\system32\WISPTIS.EXE
2006-10-26 13:45 207360 --a------ C:\WINDOWS\system32\INKED.DLL
2006-10-25 08:24 -------- d-------- C:\Program Files\TomTom HOME
2006-10-25 08:23 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\InstallShield
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --a------ C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --a------ C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --a------ C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --a------ C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --a------ C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --a------ C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --a------ C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --a------ C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --a------ C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --a------ C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --a------ C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --a------ C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --a------ C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --a------ C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --a------ C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --a------ C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --a------ C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --a------ C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --a------ C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-03 12:21 115880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-03 12:21 114856 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-10-02 15:28 312128 --a------ C:\WINDOWS\system32\msdelta.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-28 20:13 95344 --a------ C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --a------ C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --a------ C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --a------ C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --a------ C:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe

(((((((( Reg Loading Points )))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WinMem"="C:\\Program Files\\WinCleaner Memory Optimizer\\WinMemOpt.exe"
"ATI Scheduler"="C:\\Program Files\\ATI Multimedia\\main\\ATISched.EXE"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nmapp"="\"C:\\Program Files\\Pure Networks\\Network Magic\\nmapp.exe\" -autorun -nosplash"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
"WizmaxBackup_NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
"NoDriveTypeAutoRun"=dword:000000ff
"WizmaxBackup_NoDriveTypeAutoRun"=dword:00000000
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
"backup"="C:\\WINDOWS\\pss\\ATI CATALYST System Tray.lnkCommon Startup"
"location"="Common Startup"
"item"="ATI CATALYST System Tray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cenlpdstatus.exe]
"backup"="C:\\WINDOWS\\pss\\Cenlpdstatus.exeCommon Startup"
"location"="Common Startup"
"item"="Cenlpdstatus"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~1\\11514~1.275\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ymetray.lnk"
"backup"="C:\\WINDOWS\\pss\\ymetray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Yahoo!\\YAHOO!~1\\ymetray.exe C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe -preload"
"item"="ymetray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Registration-Studio 8 SE.lnk]
"backup"="C:\\WINDOWS\\pss\\Registration-Studio 8 SE.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Pinnacle\\STUDIO~1\\Register\\RegTool.exe Studio 8 SE,ST8SEE,register,US,0,serial=2848324006"
"item"="Registration-Studio 8 SE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCHButton"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\HELPAN~1\\Presario\\XPHWWRF4Duet\\plugin\\bin\\PCHButton.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCXMNTR"
"hkey"="HKLM"
"command"="ALCXMNTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APL"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ACT\\ACT for Win 7\\APL.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATISched"
"hkey"="HKCU"
"command"="C:\\Program Files\\ATI Multimedia\\main\\ATISched.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardScan AutoSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CSyncCfg"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Corex\\CardScan\\System\\CSyncCfg.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="taskswitch"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gimmygames]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gimmygames10"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wcescomm"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\windows\\system\\hpsysdrv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KovpRVj2V]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nbtgui46"
"hkey"="HKCU"
"command"="nbtgui46.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_393828]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EDICT"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Student\\Microsoft Student with Encarta Premium 2007 DVD\\EDICT.EXE\" -m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_8376296]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EDICT"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Student\\Microsoft Student with Encarta Premium 2007 DVD\\EDICT.EXE\" -m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_95051796]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EDICT"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Student\\Microsoft Student with Encarta Premium 2007 DVD\\EDICT.EXE\" -m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\loadadv64]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="loadadv64"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcspy.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcspy"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Verizon\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\omow]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="omowm"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mssysmgr"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\Ahead\\NEROPH~2\\data\\xtras\\mssysmgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps2"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

Split in Half because of size
 

·
Registered
Joined
·
148 Posts
Discussion Starter · #17 ·
1st part of combi fix
split because of size

Combi Fix C:\INSTALL.LOG
Files Created from 2006-11-24 to 2006-12-24

2006-12-24 14:37 d-------- C:\bintheredunthat
2006-12-24 09:04 d-------- C:\WINDOWS\system32\ActiveScan
2006-12-24 09:04 d-------- C:\WINDOWS\LastGood
2006-12-23 14:37 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-23 14:37 d-------- C:\Program Files\Grisoft
2006-12-20 19:51 dr-h----- C:\Documents and Settings\Compaq_Owner\Recent
2006-12-20 02:26 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Elaborate Bytes
2006-12-20 02:09 d-------- C:\MAGICDVDCOPY_TEMP
2006-12-15 12:21 d-------- C:\Documents and Settings\Compaq_Owner\pnlinks
2006-12-15 11:53 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Registry Cleaner
2006-12-15 09:32 d-------- C:\Program Files\ConWare
2006-12-15 09:02 128,608 --a------ C:\UNWISE.EXE
2006-12-14 01:34 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2006-12-14 01:27 d-------- C:\Program Files\MSBuild
2006-12-14 01:15 d-------- C:\Program Files\Microsoft Visual Studio 8
2006-12-14 01:13 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2006-12-12 23:54 d-------- C:\Program Files\IM2001
2006-12-09 02:10 d-------- C:\Program Files\Digital Camera Plus Manager
2006-12-09 01:06 69,632 --a------ C:\WINDOWS\system32\stv680sl.dll
2006-12-09 01:06 618,496 --a------ C:\WINDOWS\system32\stvcol.dll
2006-12-09 01:06 49,152 --a------ C:\WINDOWS\system32\stvscale.dll
2006-12-09 01:06 49,152 --a------ C:\WINDOWS\system32\stv680tg.dll
2006-12-09 01:06 245,760 --a------ C:\WINDOWS\system32\stv680u.dll
2006-12-09 01:06 105,292 --------- C:\WINDOWS\restart.exe
2006-12-09 01:06 d-------- C:\Program Files\AIPTEK
2006-12-08 23:51 d-------- C:\Program Files\OEM
2006-12-08 16:02 11,520 -ra------ C:\WINDOWS\system32\drivers\WDMSTUB.sys
2006-12-08 16:00 7,296 -ra------ C:\WINDOWS\system32\drivers\grmnusb.sys
2006-12-08 16:00 17,024 -ra------ C:\WINDOWS\system32\drivers\grmngen.sys
2006-12-08 15:40 d-------- C:\Garmin
2006-12-08 13:29 d-------- C:\Program Files\PowerISO
2006-12-08 11:37 69,632 --a------ C:\WINDOWS\system32\MCCDevice.dll
2006-12-08 11:37 6,048 --a------ C:\WINDOWS\system32\MCC16.dll
2006-12-08 11:37 d-------- C:\Program Files\Common Files\Motive
2006-12-08 09:25 630,784 --a------ C:\Documents and Settings\Compaq_Owner\GoToAssist_chat2way__317_en.exe
2006-12-07 00:22 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-12-07 00:22 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-12-07 00:22 d-------- C:\Program Files\illiminable
2006-12-07 00:21 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo
2006-12-07 00:20 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2006-12-01 16:11 d-------- C:\Program Files\NETGEAR
2006-11-30 00:22 d-------- C:\Program Files\Windows Media Connect 2
2006-11-28 21:55 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SlySoft
2006-11-28 15:40 d-------- C:\Program Files\SlySoft
2006-11-28 15:40 d-------- C:\Program Files\Elaborate Bytes
2006-11-27 09:45 d-------- C:\Program Files\Citrix
2006-11-27 09:45 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\ICAClient
2006-11-25 23:57 d-------- C:\Program Files\Hewlett Packard
2006-11-25 23:56 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-11-25 23:42 d-------- C:\Program Files\HP Photosmart M22-M23
2006-11-25 23:39 d-------- C:\Program Files\M22

Find3M Report
2006-12-24 10:05 -------- d-------- C:\Program Files\Symantec
2006-12-24 09:57 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-12-24 09:55 -------- d-------- C:\Program Files\Internet Explorer
2006-12-24 09:52 -------- d-------- C:\Program Files\Google
2006-12-24 09:50 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-24 09:48 -------- d-------- C:\Program Files\Common Files\Pure Networks Shared
2006-12-22 18:40 -------- d-------- C:\Program Files\Eusing Free Registry Cleaner
2006-12-22 15:51 -------- d-------- C:\Program Files\WinZip
2006-12-22 15:51 -------- d-------- C:\Program Files\WinRAR
2006-12-22 15:40 -------- d-------- C:\Program Files\Matroska Pack
2006-12-22 15:40 -------- d-------- C:\Program Files\MagicISO
2006-12-22 15:28 -------- d-------- C:\Program Files\Allok Video Joiner
2006-12-22 14:35 -------- d-------- C:\Program Files\7-Zip
2006-12-22 14:33 -------- d-------- C:\Program Files\BitLord
2006-12-20 02:26 83 ---hs---- C:\Documents and Settings\Compaq_Owner\Application Data\.zreglib
2006-12-16 03:02 -------- d-------- C:\Program Files\Outlook Express
2006-12-16 03:02 -------- d-------- C:\Program Files\Common Files\System
2006-12-16 01:23 14084 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-12-15 12:04 -------- d-------- C:\Program Files\Common Files\Adobe
2006-12-15 12:03 -------- d-------- C:\Program Files\No1 DVD Ripper
2006-12-14 02:14 -------- d---s---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2006-12-14 01:28 -------- d-------- C:\Program Files\Microsoft Works
2006-12-14 01:28 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-14 01:27 -------- d-------- C:\Program Files\Microsoft Office
2006-12-14 01:21 -------- d-------- C:\Program Files\Common Files
2006-12-12 23:39 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-12 11:56 -------- d-------- C:\Program Files\Hewlett-Packard
2006-12-12 11:52 -------- d-------- C:\Program Files\HP
2006-12-11 02:59 -------- d-------- C:\Program Files\MagicDVDCopier
2006-12-09 03:57 -------- d-------- C:\Program Files\Windows Media Player
2006-12-08 11:57 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Motive
2006-12-08 11:38 -------- d-------- C:\Program Files\Verizon
2006-12-07 00:23 -------- d-------- C:\Program Files\Yahoo!
2006-12-07 00:22 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-11-30 14:03 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\ATI MMC
2006-11-28 21:52 96256 --a------ C:\WINDOWS\system32\drivers\sptd9645.sys
2006-11-19 12:12 -------- d-------- C:\Program Files\Plato DVD Copy
2006-11-19 03:14 -------- d-------- C:\Program Files\MSXML 4.0
2006-11-19 01:22 -------- d-------- C:\Program Files\DIFX
2006-11-16 12:22 4 --a------ C:\WINDOWS\system32\mlcrs0ft.dll
2006-11-16 02:48 47360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-11-16 02:43 -------- d-------- C:\Program Files\1Click DVD Ripper
2006-11-16 01:42 -------- d-------- C:\Program Files\Ahead
2006-11-16 01:35 -------- d-------- C:\Program Files\XviD
2006-11-14 13:20 -------- d-------- C:\Program Files\Microsoft Student
2006-11-14 13:15 -------- d-------- C:\Program Files\Learning Essentials
2006-11-14 12:00 -------- d-------- C:\Program Files\Common Files\ODBC
2006-11-14 11:15 -------- d-------- C:\Program Files\Undisker
2006-11-12 03:17 305342 --a------ C:\165.exe
2006-11-11 08:23 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\DivX
2006-11-09 01:38 26944 --a------ C:\WINDOWS\system32\drivers\purendis.sys
2006-11-09 01:38 25792 --a------ C:\WINDOWS\system32\drivers\pnarp.sys
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 16:09 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-04 20:25 1321744 --a------ C:\WINDOWS\system32\msxml6.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 04:27 -------- d-------- C:\Program Files\QuickTime
2006-11-04 04:27 -------- d-------- C:\Program Files\OfficeUpdate11
2006-11-04 04:26 -------- d-------- C:\Program Files\Common Files\Real
2006-11-04 04:26 -------- d-------- C:\Program Files\Audacity 1.3 Beta
2006-11-04 04:26 -------- d-------- C:\Program Files\Adobe
2006-11-04 04:24 -------- d-------- C:\Program Files\NetPumper
2006-11-04 04:14 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\NetPumper
2006-11-01 16:47 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-26 14:10 33088 --a------ C:\WINDOWS\system32\FM20ENU.DLL
2006-10-26 14:10 1190688 --a------ C:\WINDOWS\system32\FM20.DLL
2006-10-26 13:45 293376 --a------ C:\WINDOWS\system32\WISPTIS.EXE
2006-10-26 13:45 207360 --a------ C:\WINDOWS\system32\INKED.DLL
2006-10-25 08:24 -------- d-------- C:\Program Files\TomTom HOME
2006-10-25 08:23 -------- d-------- C:\Documents and Settings\Compaq_Owner\Application Data\InstallShield
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --a------ C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --a------ C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --a------ C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --a------ C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --a------ C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --a------ C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --a------ C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --a------ C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --a------ C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --a------ C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --a------ C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --a------ C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --a------ C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --a------ C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --a------ C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --a------ C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --a------ C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --a------ C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --a------ C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-03 12:21 115880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-03 12:21 114856 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-10-02 15:28 312128 --a------ C:\WINDOWS\system32\msdelta.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-28 20:13 95344 --a------ C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --a------ C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --a------ C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --a------ C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --a------ C:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe

(((((((( Reg Loading Points )))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WinMem"="C:\\Program Files\\WinCleaner Memory Optimizer\\WinMemOpt.exe"
"ATI Scheduler"="C:\\Program Files\\ATI Multimedia\\main\\ATISched.EXE"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nmapp"="\"C:\\Program Files\\Pure Networks\\Network Magic\\nmapp.exe\" -autorun -nosplash"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
"WizmaxBackup_NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
"NoDriveTypeAutoRun"=dword:000000ff
"WizmaxBackup_NoDriveTypeAutoRun"=dword:00000000
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
"backup"="C:\\WINDOWS\\pss\\ATI CATALYST System Tray.lnkCommon Startup"
"location"="Common Startup"
"item"="ATI CATALYST System Tray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cenlpdstatus.exe]
"backup"="C:\\WINDOWS\\pss\\Cenlpdstatus.exeCommon Startup"
"location"="Common Startup"
"item"="Cenlpdstatus"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~1\\11514~1.275\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ymetray.lnk"
"backup"="C:\\WINDOWS\\pss\\ymetray.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Yahoo!\\YAHOO!~1\\ymetray.exe C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe -preload"
"item"="ymetray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Registration-Studio 8 SE.lnk]
"backup"="C:\\WINDOWS\\pss\\Registration-Studio 8 SE.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Pinnacle\\STUDIO~1\\Register\\RegTool.exe Studio 8 SE,ST8SEE,register,US,0,serial=2848324006"
"item"="Registration-Studio 8 SE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCHButton"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\HELPAN~1\\Presario\\XPHWWRF4Duet\\plugin\\bin\\PCHButton.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCXMNTR"
"hkey"="HKLM"
"command"="ALCXMNTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APL"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ACT\\ACT for Win 7\\APL.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ATISched"
"hkey"="HKCU"
"command"="C:\\Program Files\\ATI Multimedia\\main\\ATISched.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardScan AutoSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CSyncCfg"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Corex\\CardScan\\System\\CSyncCfg.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="taskswitch"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gimmygames]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gimmygames10"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wcescomm"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\windows\\system\\hpsysdrv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KovpRVj2V]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nbtgui46"
"hkey"="HKCU"
"command"="nbtgui46.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_393828]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EDICT"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Student\\Microsoft Student with Encarta Premium 2007 DVD\\EDICT.EXE\" -m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_8376296]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EDICT"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Student\\Microsoft Student with Encarta Premium 2007 DVD\\EDICT.EXE\" -m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_95051796]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EDICT"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Student\\Microsoft Student with Encarta Premium 2007 DVD\\EDICT.EXE\" -m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\loadadv64]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="loadadv64"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcspy.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcspy"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Verizon\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\omow]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="omowm"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mssysmgr"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\Ahead\\NEROPH~2\\data\\xtras\\mssysmgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps2"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

Split in Half because of size
 

·
Registered
Joined
·
148 Posts
Discussion Starter · #18 ·
combi part 2
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSC00"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TomTomHOME"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\TomTom HOME\\TomTomHOME.exe\" -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="type32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTTimer"
"hkey"="HKLM"
"command"="VTTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wahm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eee2"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\win32095-66380356]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="win32095-66380356"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsysban]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winsysban10"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winsysupd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winsysupd10"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wrapperouter.exeg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wrapperouter"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\wrapperouter.exeg"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SamsungMediaStudioAgent"
"hkey"="HKLM"
"command"="C:\\Program Files\\Samsung\\Samsung Media Studio\\SamsungMediaStudioAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - Compaq_Owner.job

Completion time: 06-12-24 17:41:09.23
C:\ComboFix.txt ... 06-12-24 17:41
 

·
Registered
Joined
·
148 Posts
Discussion Starter · #19 ·
Hijack this

Sorry about the multiple reports, they were huge!

Logfile of HijackThis v1.99.1
Scan saved at 5:51:26 PM, on 12/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ConWare\InterChat3\IC3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Compaq_Owner\Desktop\Spyware\abc.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: InterChat3.lnk = C:\Program Files\ConWare\InterChat3\IC3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126447465562
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://h30155.www3.hp.com/helpandsupport/SysQuery.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - SlySoft, Inc. - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thank you
 

·
Administrator
Joined
·
123,532 Posts
You've got a lot of nasty stuff disabled via msconfig and it's easier to remove it when it's showing in the log so please go to msconfig and put a check mark beside everyhing that's there. Then run the Alcan Shorty fix again.

Then post a new HijackThis log with everything still enabled.
 
1 - 20 of 122 Posts
Status
Not open for further replies.
Top