Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old January 22nd, 2008, 07:47 PM
leelfelr leelfelr is offline
Senior Member
 
Join Date: May 2004
Posts: 144
"My Computer", "Task Manager" vanished, worm problem

Hi,
Here's the thing. My Pc has been infected with a virus called "blune w32". It originated from one of the flash disk that was inserted in the cpu.

Here's the description of the virus:
Quote:
Characteristics -

W32/Blune is a worm which spreads via removable devices and it's payload is to overwrite executables on infected systems with a copy of itself.

Upon execution worm does following changes to user's system:

Copies of itself to following folders as shown below:
  • %Windows%\Media\svchost.exe
  • %Windows%\winhelp32.exe.exe
  • %Program Files%\Common Files\System\winlogon.exe
Adds following registry entries to get executed on each reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
"ServiceHost" C:\WINDOWS\Media\svchost.exe
"Windows Logon" C:\Program Files\Common Files\System\winlogon.exe
Adds following registry entries to disable Registry tools and Task manger.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System "DisableChangePassword"
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System "DisableRegistryTools"
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System "DisableTaskMgr"
Folder iconed Worm modifies below registry key to hide it's extension.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced
"HideFileExt"
Symptoms

Symptoms -

Executables on the infected system are overwritten with a copy of the worm. Overwritten files usually have the icon of a folder.
Method of Infection

Method of Infection -

W32/Blune propogates via removable devices.
Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Additional Windows ME/XP removal considerations
Here's what I observed:
- There are several .exe copies of several programs and folders around 168kb each.
- The exe's have a folder icon.
- My pc's "My Computer" does not display on the desktop or on windows explorer. Control Panel is gone too.
- Pressing windows+E(win explorer shortcut) displays a msg "The operation has been cancelled due to restrictions in effect of this computer".
- Bringing up the task manager via ctrl+alt+del displays "Task Manager has been disabled by your administrator". (This windows account is the administrator)
- I can access programs via ctrl+r(Run), or by going to Recycle Bin, thereby accessing windows explorer. However, there is no My Computer displayed. Hence, no drive letters. To navigate to different directories or programs, I have to enter the directory manually in the address bar.
- To know which folder is the true folder and not the exe copy, I view it on "detailed" view.

- I just did a scan of the computer but it had problems with svchost,winlogon, GoogleToolbarNotifier exe's.
- I can't boot in safemode. I tried, but it displays the blue screen.


What would be your advice?

Thanks and All the best.

P.S.
Btw, My system is winxp pro.
Reply With Quote
  #2  
Old January 23rd, 2008, 05:38 AM
leelfelr leelfelr is offline
Senior Member
 
Join Date: May 2004
Posts: 144
Hi,

So basically I have been researching, and from that I gathered that I need to access
regedit to make some changes since the worm made changes.
But the thing is I can't access regedit.
I searched over the net and found a couple of sol'ns:
- doing the gpedit.msc
- downloading a vbs file.
- making a vbs file
- running REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

But still, the same error msg displays when I access regedit:"Registry editing has been disabled by your administrator".

Any ideas?
Thanks you.

btw, can't access safemode..
Reply With Quote
  #3  
Old January 25th, 2008, 01:13 PM
Morfeasss Morfeasss is offline
CTH Subscriber
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: Greece
Posts: 5,140
Hello leelfelr,

Let's see what's running in the system.

Please download HijackThis from here. Click on the downloaded file to run it and select "Do a system scan and save a logfile". Use copy/paste and post back here the log it creates for review. Do not do any changes on your own!
~~~~~~~~~~~

I would also like to see another kind of scan, go here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your AV queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here.

Please post back the HijackThis log and the Silent Runners log.
Reply With Quote
  #4  
Old February 14th, 2008, 09:16 AM
leelfelr leelfelr is offline
Senior Member
 
Join Date: May 2004
Posts: 144
Hi,
Sorry I wasn't able to check this thread after my last reply.
Although this dates back weeks ago, I somehow got around the issue already.

Basically what happened was I couldn't run regedit and do tweaks on a solution site.
So what I did was download ProcessExplorer, run it and killed winlogon(user).
Then was able to run regedit.
Then I followed instructions on http://www.trendmicro.com/vinfo/viru...A%2DO&VSect=Sn

After that, the folders started appearing back in the start menu, i was able to access regedit, etc.

But maybe I messed up some things?
If need be here's my current hijackthis log and silent runners.
===========================
Hijackthis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:25 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Notepad++\notepad++.exe
E:\Downloads\hijackthis.exe

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch_1.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: (no name) - {B8D60EBB-5565-4392-957B-7164BA087AD4} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Instant Bu&zz - {7475D3FD-5D85-49DB-8B9B-6968467B2D80} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to AMV Convert Tool... - E:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - E:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All Files by HiDownload - E:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - E:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com...n/preview.html
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - E:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\Program Files\xampp\apache\bin\apache.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)

--
End of file - 10849 bytes
Reply With Quote
  #5  
Old February 14th, 2008, 09:18 AM
leelfelr leelfelr is offline
Senior Member
 
Join Date: May 2004
Posts: 144
==============================================
Silent Runners Log:
"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"NVIDIA nTune" = ""E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear" ["NVIDIA"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"EasyTuneV" = "C:\Program Files\Gigabyte\ET5\GUI.exe" [empty string]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot" ["RealNetworks, Inc."]
"iTunesHelper" = ""E:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"PCSuiteTrayApplication" = "E:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [empty string]
"Adobe Reader Speed Launcher" = ""E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"AVP" = ""E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]
"QuickTime Task" = ""E:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{000123B4-9B42-4900-B3F7-F4B073EFC214}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Octh Class"
\InProcServer32\(Default) = "E:\Program Files\Orbitdownloader\orbitcth.dll" ["Orbitdownloader.com"]
{00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "HelperObject Class"
\InProcServer32\(Default) = "E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll" ["TechSmith Corporation"]
{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}\(Default) = "Ask Search Assistant BHO"
-> {HKLM...CLSID} = "Ask Search Assistant BHO"
\InProcServer32\(Default) = "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" ["Ask.com"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"
-> {HKLM...CLSID} = "FGCatchUrl"
\InProcServer32\(Default) = "E:\Program Files\FlashGet\jccatch_1.dll" ["www.flashget.com"]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\(Default) = (no title provided)
-> {HKLM...CLSID} = "GetRight IE Download Helper"
\InProcServer32\(Default) = "E:\Program Files\GetRight\xx2gr.dll" ["Headlight Software, Inc."]
{724d43a9-0d85-11d4-9908-00400523e39a}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI RoboForm\roboform.dll" ["Siber Systems"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll" ["Google Inc."]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FlashGet GetFlash Class"
\InProcServer32\(Default) = "E:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "E:\Program Files\Real\RealOne Player\rpplugins\ierpplug.dll" ["RealNetworks"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "E:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{51A64D28-F937-4045-A420-065CEFBD8A76}" = "ARAR Context Menu Shell Extension"
-> {HKLM...CLSID} = "ARARCtxMenu Class"
\InProcServer32\(Default) = "E:\Program Files\ARAR\ARARSHL.dll" ["DataNumen, Inc."]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "E:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {HKLM...CLSID} = "Contact View"
\InProcServer32\(Default) = "E:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {HKLM...CLSID} = "Message View"
\InProcServer32\(Default) = "E:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt"
-> {HKLM...CLSID} = "SnagIt"
\InProcServer32\(Default) = "E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll" ["TechSmith Corporation"]
"{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "E:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Copy Hook"
-> {HKLM...CLSID} = "SmartFTP Copy Hook"
\InProcServer32\(Default) = "E:\Program Files\SmartFTP Client\smarthook.dll" ["SmartSoft Ltd."]
"{39DD67E0-73B6-4a11-AF55-49E1EBBF72BE}" = "SmartFTP Favorites Namespace"
-> {HKLM...CLSID} = "FavoritesShellFolder Class"
\InProcServer32\(Default) = "E:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll" ["SmartSoft Ltd."]
"{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}" = "SmartFTP ContextMenu"
-> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
"{40FDFA48-5F4E-4627-A78E-6A49A3D4492F}" = "SmartFTP ShellDropHandler"
-> {HKLM...CLSID} = "SmartFTP ShellDropHandler Class"
\InProcServer32\(Default) = "E:\Program Files\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
"{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}" = "SmartFTP Drop ShellIconOverlayHandler"
-> {HKLM...CLSID} = "SmartFTP Drop ShellIconOverlayHandler"
\InProcServer32\(Default) = "E:\Program Files\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus statistics"
-> {HKLM...CLSID} = "Web Anti-Virus statistics"
\InProcServer32\(Default) = "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
"0aMCPClient" = "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
-> {HKLM...CLSID} = "MCPShellInstantiator Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\stardock\MCPCore.dll" ["Stardock"]
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
<<!>> MCPClient\DLLName = "C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll" ["Stardock"]
<<!>> WBSrv\DLLName = "E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv. dll" ["Stardock"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandler s\
{448f4a40-2602-11d1-b4c0-080000051171}\(Default) = "MP3Ext Column Handler"
-> {HKLM...CLSID} = "MP3Ext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\MP3ext.dll" ["Michael Mutschler"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandler s\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
Notepad++\(Default) = "{120B94B5-2E6A-4F13-94D0-414BCB64FA0F}"
-> {HKLM...CLSID} = "Notepad++"
\InProcServer32\(Default) = "E:\Program Files\Notepad++\nppcm.dll" ["Burgaud.com"]
SmartFTP\(Default) = "{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}"
-> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "E:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"]
VIDEOTRANS\(Default) = "{C8CA0A66-AF32-4D5E-879E-F0809ACEDC55}"
-> {HKLM...CLSID} = "AmvTransform Class"
\InProcServer32\(Default) = "E:\Program Files\MP3 Player Utilities 4.00\AMVConverter\AmvTransform.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMen uHandlers\
SmartFTP\(Default) = "{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}"
-> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "E:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHa ndlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]


Default executables:
--------------------

HKLM\SOFTWARE\Classes\.scr\(Default) = "scrfile"
<<!>> HKLM\SOFTWARE\Classes\scrfile\shell\open\command\( Default) = ""%1" %*" [file not found]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"NoChangeStartMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Loca l Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\farees\Application Data\Mozilla\Firefox\Desktop Background.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS]
Reply With Quote
  #6  
Old February 14th, 2008, 12:49 PM
Morfeasss Morfeasss is offline
CTH Subscriber
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: Greece
Posts: 5,140
Hello leelfelr,

It seems that you did quite a few changes on your own. Since you request for help here please from now on don't do any more changes on your own. If you do so and problems arise it may be difficult to assess them and reverse changes. I would like to see another type of logs before starting with repairs.

Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, Under Main Log, uncheck the following:

System Restore
Temp Cleanup


Then under Options, place a check next to the following:

Backup Registry Hives

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a the second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)
~~~~~~~~~~~~~~~~~~~~

Please post back both logs from DSS and a fresh Silent Runners report. (Your last Silent Runners report is incomplete, please let it notify you it has finished scanning.)
~~~~~~~~~~~~~~~~~~~~~~~

Quote:
But maybe I messed up some things?
What kind of problems do you have currently?
Reply With Quote
  #7  
Old February 14th, 2008, 03:51 PM
leelfelr leelfelr is offline
Senior Member
 
Join Date: May 2004
Posts: 144
Deckard's System Scanner v20071014.68
Run by farees on 2008-02-14 22:39:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.



-- HijackThis (run as farees.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:29 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\farees\desktop\dss.exe
E:\DOWNLO~1\farees.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimglobalinc.com/
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch_1.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: (no name) - {B8D60EBB-5565-4392-957B-7164BA087AD4} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Instant Bu&zz - {7475D3FD-5D85-49DB-8B9B-6968467B2D80} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to AMV Convert Tool... - E:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - E:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All Files by HiDownload - E:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - E:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com...n/preview.html
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - E:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - E:\Program Files\xampp\apache\bin\apache.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)

--
End of file - 10807 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "E:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys <Not Verified; JMicron; SCSI Port upper filter driver>
R0 JRAID - c:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JR036X RAID Driver>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 ET5Drv - c:\windows\system32\drivers\et5drv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 RivaTuner32 - e:\program files\rivatuner v2.0 rc 16\rivatuner32.sys (file missing)
S3 usb2vcom (USB Data Cable) - c:\windows\system32\drivers\usb2vcom.sys <Not Verified; USB World; USB Data Cable>
S3 ZSMC303 (A4 TECH PC Camera H) - c:\windows\system32\drivers\usbvm303.sys <Not Verified; Vimicro Corporation; >
S4 gdrv - c:\windows\gdrv.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 ##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 nTuneService (nTune Service) - e:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

S2 Apache2.2 - "e:\program files\xampp\apache\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
S2 UleadBurningHelper (Ulead Burning Helper) - c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
Reply With Quote
  #8  
Old February 14th, 2008, 03:54 PM
leelfelr leelfelr is offline
Senior Member
 
Join Date: May 2004
Posts: 144
Continuation of Maint.txt:

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-19 19:54:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-14 and 2008-02-14 -----------------------------

2008-02-14 15:22:19 4716 --a------ C:\WINDOWS\gdrv.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-02-08 10:53:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-06 02:40:00 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-06 02:40:00 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-06 02:39:22 103200 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-06 02:39:22 23817504 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-03 15:27:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-02 15:20:37 233472 --a------ C:\WINDOWS\system32\Ilda32.dll <Not Verified; Creative Development LTD; >
2008-02-02 15:20:37 18944 --a------ C:\WINDOWS\system32\BORLNDMM.DLL <Not Verified; Inprise Corporation; Borland Memory Manager>
2008-02-02 14:44:05 0 d-------- C:\Documents and Settings\farees\Application Data\KompoZer
2008-01-30 22:40:34 0 d-------- C:\videooutput
2008-01-27 21:37:59 0 d-------- C:\Documents and Settings\farees\Application Data\Nvu
2008-01-25 21:43:11 0 d-------- C:\Documents and Settings\z\Application Data\Google
2008-01-25 21:41:48 0 d-------- C:\Documents and Settings\z\ChikkaDefault
2008-01-24 17:39:26 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-01-24 17:39:16 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-24 12:16:02 0 d-------- C:\Program Files\uTorrent
2008-01-23 21:35:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-01-23 18:02:00 0 d-------- C:\!KillBox
2008-01-23 17:52:15 53248 --a------ C:\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-01-23 12:07:24 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-23 12:00:44 313 --a------ C:\RESTORE.VBS
2008-01-22 12:25:09 0 d-------- C:\5068.0
2008-01-22 12:13:17 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-21 17:54:15 0 d-------- C:\Documents and Settings\z\Application Data\Adobe
2008-01-21 14:44:47 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-01-21 11:20:15 0 d-------- C:\Documents and Settings\z\Application Data\vlc
2008-01-21 11:13:26 0 d-------- C:\Documents and Settings\z\Application Data\Ulead Systems
2008-01-19 20:52:30 0 d-------- C:\WINDOWS\nview
2008-01-17 21:02:03 0 d-------- C:\Documents and Settings\z\Application Data\Macromedia
2008-01-17 21:01:34 0 d-------- C:\Documents and Settings\z\Application Data\Talkback
2008-01-17 21:01:18 0 d-------- C:\Documents and Settings\z\Application Data\Mozilla


-- Find3M Report ---------------------------------------------------------------

2008-02-14 22:38:07 0 d-------- C:\Documents and Settings\farees\Application Data\Orbit
2008-02-14 02:15:12 0 d-------- C:\Documents and Settings\farees\Application Data\Adobe
2008-02-11 01:52:40 0 d-------- C:\Documents and Settings\farees\Application Data\Lavasoft
2008-02-08 10:53:35 0 d-------- C:\Program Files\Apple Software Update
2008-02-06 02:21:21 0 d-------- C:\Program Files\Common Files
2008-02-04 08:43:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-25 15:08:46 0 d-------- C:\Program Files\TryMedia
2008-01-25 15:08:41 0 d-------- C:\Program Files\TRW conferencing
2008-01-25 15:08:37 0 d-------- C:\Program Files\themexp
2008-01-25 15:08:33 0 d-------- C:\Program Files\TechSmith
2008-01-25 15:08:30 0 d-------- C:\Program Files\Styler
2008-01-25 15:08:25 0 d-------- C:\Program Files\Stardock
2008-01-25 15:08:20 0 d-------- C:\Program Files\SmartSound Software
2008-01-25 15:08:18 0 d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-01-25 15:07:56 0 d-------- C:\Program Files\Simpleology
2008-01-25 15:07:47 0 d-------- C:\Program Files\Siber Systems
2008-01-25 15:07:41 0 d-------- C:\Program Files\ReflexiveArcade
2008-01-25 15:07:35 0 d-------- C:\Program Files\Realtek
2008-01-25 15:07:19 0 d-------- C:\Program Files\Punch! Home Design - AS4000
2008-01-25 15:07:12 0 d-------- C:\Program Files\Online Services
2008-01-25 15:07:10 0 d-------- C:\Program Files\Nokia
2008-01-25 15:07:06 0 d-------- C:\Program Files\MSXML 4.0
2008-01-25 15:07:03 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-25 15:06:48 0 d-------- C:\Program Files\MP3ext
2008-01-25 15:06:26 0 d-------- C:\Program Files\MP3 Player Utilities 4.15
2008-01-25 15:06:11 0 d-------- C:\Program Files\Movie Maker
2008-01-25 15:06:03 0 d-------- C:\Program Files\microsoft frontpage
2008-01-25 15:06:01 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-25 15:05:59 0 d-------- C:\Program Files\Messenger
2008-01-25 15:04:51 0 d-------- C:\Program Files\Macromedia
2008-01-25 15:04:46 0 d-------- C:\Program Files\Kaspersky Lab
2008-01-25 14:59:43 0 d-------- C:\Program Files\Java
2008-01-25 14:59:34 0 d-------- C:\Program Files\iPod
2008-01-25 14:59:19 0 d-------- C:\Program Files\Intel
2008-01-25 14:59:17 0 d-------- C:\Program Files\Instant Buzz
2008-01-25 14:57:45 0 d-------- C:\Program Files\Hewlett-Packard
2008-01-25 14:57:36 0 d-------- C:\Program Files\Google
2008-01-25 14:57:23 0 d-------- C:\Program Files\GIGABYTE
2008-01-25 14:57:15 0 d-------- C:\Program Files\GameHouse
2008-01-25 14:57:13 0 d-------- C:\Program Files\Domain Tools
2008-01-25 14:57:05 0 d-------- C:\Program Files\DivX
2008-01-25 14:57:02 0 d-------- C:\Program Files\CyberLink
2008-01-25 14:57:01 0 d-------- C:\Program Files\coolpro2
2008-01-25 14:56:58 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-25 14:56:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 14:56:47 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-01-25 14:56:24 0 d-------- C:\Program Files\Common Files\stardock
2008-01-25 14:56:22 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-25 14:56:20 0 d-------- C:\Program Files\Common Files\SBSolutions
2008-01-25 14:56:11 0 d-------- C:\Program Files\Common Files\Real
2008-01-25 14:55:57 0 d-------- C:\Program Files\Common Files\PCSuite
2008-01-25 14:55:51 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-25 14:55:46 0 d-------- C:\Program Files\Common Files\Nokia
2008-01-25 14:55:43 0 d-------- C:\Program Files\Common Files\Nero
2008-01-25 14:55:41 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-25 14:54:37 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-25 14:54:35 0 d-------- C:\Program Files\Common Files\Macromedia
2008-01-25 14:54:22 0 d-------- C:\Program Files\Common Files\Java
2008-01-25 14:54:14 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-25 14:54:04 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-25 14:54:01 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-25 14:48:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-25 14:48:29 0 d-------- C:\Program Files\Bonjour
2008-01-25 14:48:27 0 d-------- C:\Program Files\AviSynth 2.5
2008-01-25 14:48:20 0 d-------- C:\Program Files\AskSBar
2008-01-25 14:47:43 0 d-------- C:\Program Files\Advanced Sound Recorder2
2008-01-24 12:20:09 0 d-------- C:\Documents and Settings\farees\Application Data\uTorrent
2008-01-22 14:06:09 0 d-------- C:\Program Files\Yahoo!
2008-01-22 14:06:05 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-22 14:06:00 0 d-------- C:\Program Files\Windows NT
2008-01-22 14:05:49 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-22 14:05:48 0 d-------- C:\Program Files\Windows Media Components
2008-01-22 14:05:46 0 d-------- C:\Program Files\Winamp
2008-01-22 14:05:44 0 d-------- C:\Program Files\Web Publish
2008-01-22 14:05:29 0 d-------- C:\Program Files\vp-eYE
2008-01-22 14:05:16 0 d-------- C:\Program Files\VideoLAN
2008-01-09 22:42:17 0 d-------- C:\Documents and Settings\farees\Application Data\dvdcss
2008-01-09 10:24:38 0 d-------- C:\Documents and Settings\farees\Application Data\gtk-2.0
2008-01-04 11:06:49 0 d-------- C:\Documents and Settings\farees\Application Data\Good Keywords v2
2008-01-03 10:32:07 0 d-------- C:\Documents and Settings\farees\Application Data\LimeWire
2007-12-26 19:38:52 37208 --a------ C:\Documents and Settings\farees\Application Data\GDIPFONTCACHEV1.DAT
2007-12-26 10:52:41 205 --a------ C:\WINDOWS\HTML Brander
2007-12-05 01:41:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-05 01:41:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-12-05 01:41:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 01:41:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-12-05 01:41:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-12-05 01:41:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 01:41:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-05 01:41:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-11-27 09:27:00 25147 --a------ C:\WINDOWS\svchosts.exe
2007-11-19 01:21:10 32 --a------ C:\Documents and Settings\farees\Application Data\ntl.ini
2007-11-19 00:18:43 1599 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
09/25/2007 10:27 AM 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8D60EBB-5565-4392-957B-7164BA087AD4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [05/27/2006 10:47 AM C:\WINDOWS\RTHDCPL.exe]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [06/14/2004 11:54 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [07/09/2001 10:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [04/15/2007 07:09 PM]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [03/14/2007 07:05 PM]
"PCSuiteTrayApplication"="E:\PROGRA~1\Nokia\NOKIAP ~1\TRAYAP~1.EXE" [09/15/2004 03:36 PM]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [12/05/2007 01:41 AM]
"AVP"="E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [01/29/2007 11:02 PM]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [01/31/2008 11:13 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/14/2004 12:24 AM]
"NVIDIA nTune"="E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [07/03/2007 12:32 PM]

C:\Documents and Settings\farees\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/26/2006 7:24:40 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [9/26/2006 7:24:40 PM]
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoChangeStartMenu"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 01/31/2005 03:13 PM 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 12/20/2005 10:57 PM 176128 E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5d16098a-4c95-11db-99af-0016e65c1918}]
AutoRun\command- jay.exe
explore\Command- jay.exe
open\Command- jay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d736b0f4-cdff-11dc-b8e0-0016b65bb31d}]
AutoRun\command- F:\SCVHOST.exe
Open\command- F:\SCVHOST.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f003d504-79e7-11db-beec-0016e65c1918}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
é_†™\command- F:\NETSVCS.EXE




-- End of Deckard's System Scanner: finished at 2008-02-14 22:41:28 ------------
Reply With Quote
  #9  
Old February 14th, 2008, 03:56 PM
leelfelr leelfelr is offline
Senior Member
 
Join Date: May 2004
Posts: 144
Extra.txt :

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
CPU 1: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 1023.48 MiB / 628.35 MiB
Pagefile Memory (total/avail): 2461.49 MiB / 2177.45 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939 MiB

C: is Fixed (NTFS) - 58.59 GiB total, 15.76 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 94.78 GiB total, 2.94 GiB free.
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ExcelStor Technology J8160S - 153.25 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 58.59 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 94.78 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: Kaspersky Anti-Virus v6.0.2.614 ()

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Games\\RPG\\Neverwinter Nights 2\\nwn2main.exe"="E:\\Games\\RPG\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"E:\\Games\\RPG\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="E:\\Games\\RPG\\Neverwinte r Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"E:\\Games\\RPG\\Neverwinter Nights 2\\nwupdate.exe"="E:\\Games\\RPG\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"E:\\Games\\RPG\\Neverwinter Nights 2\\nwn2server.exe"="E:\\Games\\RPG\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"E:\\Program Files\\uTorrent\\utorrent.exe"="E:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"E:\\Program Files\\BitComet\\BitComet.exe"="E:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"E:\\Games\\CabalTemp\\ESTdnheadless.exe"="E:\\Gam es\\CabalTemp\\ESTdnheadless.exe:*:Enabled:EST! download engine"
"E:\\Games\\Online\\Cabal\\CabalTemp\\ESTdnheadles s.exe"="E:\\Games\\Online\\Cabal\\CabalTemp\\ESTdn headless.exe:*:Enabled:EST! download engine"
"C:\\Cabaltorsetup\\CabalTemp\\CabalTemp\\ESTdnhea dless.exe"="C:\\Cabaltorsetup\\CabalTemp\\CabalTem p\\ESTdnheadless.exe:*:Enabled:EST! download engine"
"E:\\Games\\Online\\Cabal_GSP\\update\\ESTdnheadle ss.exe"="E:\\Games\\Online\\Cabal_GSP\\update\\EST dnheadless.exe:*:Enabled:EST! download engine"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"E:\\Program Files\\Mozilla Firefox\\firefox.exe"="E:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"E:\\Program Files\\Trillian\\trillian.exe"="E:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"E:\\Program Files\\LimeWire\\LimeWire.exe"="E:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="E:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"E:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="E:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"E:\\Games\\Strategy\\Supreme Commander\\GPGNet\\GPG.Multiplayer.Client.exe"="E: \\Games\\Strategy\\Supreme Commander\\GPGNet\\GPG.Multiplayer.Client.exe:*:En abled:GPGNet - Supreme Commander"
"E:\\Games\\Strategy\\Warcraft III\\Warcraft III.exe"="E:\\Games\\Strategy\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"E:\\Games\\Game Utilities\\GG E-Sports Platform\\GGclient.exe"="E:\\Games\\Game Utilities\\GG E-Sports Platform\\GGclient.exe:*:Enabled:GG E-Sports Platform Client"
"E:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"="E:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"E:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="E:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"E:\\Program Files\\xampp\\apache\\bin\\apache.exe"="E:\\Progra m Files\\xampp\\apache\\bin\\apache.exe:*:Enabled:Ap ache HTTP Server"
"E:\\Program Files\\xampp\\mysql\\bin\\mysqld.exe"="E:\\Program Files\\xampp\\mysql\\bin\\mysqld.exe:*:Enabled:mys qld"
"E:\\Program Files\\\\Conference.dll"="E:\\Program Files\\\\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
"E:\\Program Files\\Fireball Conf\\\\Conference.dll"="E:\\Program Files\\Fireball Conf\\\\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
"E:\\Program Files\\xampp\\xampp\\apache\\bin\\apache.exe"="E:\ \Program Files\\xampp\\xampp\\apache\\bin\\apache.exe:*:Ena bled:Apache HTTP Server"
"E:\\Program Files\\xampp\\xampp\\mysql\\bin\\mysqld.exe"="E:\\ Program Files\\xampp\\xampp\\mysql\\bin\\mysqld.exe:*:Enab led:mysqld"
"E:\\Program Files\\Real\\RealOne Player\\realplay.exe"="E:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS \\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS \\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"E:\\Program Files\\PDF Editor\\PDFEdit.exe"="E:\\Program Files\\PDF Editor\\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files!"
"E:\\Program Files\\eMule\\emule.exe"="E:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"E:\\Program Files\\Free Music Zilla\\FMZilla.exe"="E:\\Program Files\\Free Music Zilla\\FMZilla.exe:*:Enabled:FMZilla Module"
"E:\\Program Files\\FrostWire\\FrostWire.exe"="E:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"E:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="E:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabledreamweaver 8"
"E:\\Program Files\\FlashGet\\FlashGet.exe"="E:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"E:\\Games\\Strategy\\Company of Heroes\\BugReport\\BugReport.exe"="E:\\Games\\Stra tegy\\Company of Heroes\\BugReport\\BugReport.exe:*:Enabled:BugRepo rt"
"C:\\games\\HellGate London\\Launcher.exe"="C:\\games\\HellGate London\\Launcher.exe:*:Enabled:Hellgate: London"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS \\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS \\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\\Program Files\\Orbitdownloader\\orbitdm.exe"="E:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbi t"
"E:\\Program Files\\Orbitdownloader\\orbitnet.exe"="E:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orb it"
"E:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="E:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"E:\\Program Files\\iTunes\\iTunes.exe"="E:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="E:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\farees\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JODEX
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HellgateEnv=C:\games\Hellgate London\
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\farees
LOGONSERVER=\\JODEX
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;E:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\farees\LOCALS~1\Temp
TMP=C:\DOCUME~1\farees\LOCALS~1\Temp
USERDOMAIN=JODEX
USERNAME=farees
USERPROFILE=C:\Documents and Settings\farees
windir=C:\WINDOWS
Reply With Quote
  #10  
Old February 14th, 2008, 04:01 PM
leelfelr leelfelr is offline
Senior Member
 
Join Date: May 2004
Posts: 144
Continuation Extra.txt:

-- User Profiles ---------------------------------------------------------------

farees (admin)
temp (admin)
z (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> E:\Program Files\Ahead\nero\nero\uninstall\UNNERO.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
#1 DVD Ripper 5.2 --> E:\Program Files\No1 DVD Ripper\uninst.exe
@BIOS B06.0601.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
µTorrent --> "E:\Program Files\uTorrent\uninstall.exe"
Absolute Sound Recorder version 3.3.0 --> "E:\Program Files\Absolute Sound Recorder1\unins000.exe"
Ad-Aware SE Professional --> E:\Utilites\SECURI~1\ADSAZA~1\Ad-Aware\AD-AWA~1\UNWISE.EXE E:\Utilites\SECURI~1\ADSAZA~1\Ad-Aware\AD-AWA~1\INSTALL.LOG
Adobe After Effects CS3 --> C:\Program Files\Common Files\Adobe\Installers\5d83aea83f5009a0d267d337e3f 55fe\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Third Party Content --> MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6 ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Creative Suite --> C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e 225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{2274624C-5B38-41AD-AD27-CEC0924EB628}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Setup --> MsiExec.exe /I{F1C9C7F7-0D56-40B2-A276-152762D39BCA}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> C:\Program Files\Common Files\Adobe\Installers\cbb2ea61da9c780bd7e47a5230a 9ed7\Setup.exe
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Advanced Sound Recorder v6.0 --> "C:\Program Files\Advanced Sound Recorder2\unins000.exe"
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Anno 1701 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2433A63-5F5D-40E5-B529-9123C2B3E734}\Setup.exe" -l0x9 -removeonly
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AuctionYen --> "C:\WINDOWS\AuctionYen\uninstall.exe" "/U:E:\Program Files\AuctionYen\Uninstall\uninstall.xml"
Audacity 1.2.6 --> "E:\Program Files\Audacity\unins000.exe"
Audio/Video Conference 4.2+ --> E:\Program Files\Conference\Conference.exe /UNINSTALL
AutoHotkey 1.0.47.03 --> E:\Program Files\AutoHotkey\uninst.exe
AVIConverter 3.0 --> E:\Program Files\AVIConverter\uninst.exe
Blog Buzz --> "E:\Program Files\im\Blog Buzz\unins000.exe"
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch --> C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
CamStudio --> E:\Program Files\CamStudio\uninstall.exe
CDisplay 1.8 --> "E:\Program Files\CDisplay\unins000.exe"
Chikka Messenger V4 --> E:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\UNWISE.EXE E:\PROGRA~1\CHIKKA~1\CHIKKA~1.4\INSTALL.LOG
CoffeeCup Free HTML Editor --> E:\PROGRA~1\COFFEE~1\UNWISE.EXE E:\PROGRA~1\COFFEE~1\INSTALL.LOG
Color Cop 5.4.3 --> "E:\Program Files\Color_Cop\unins000.exe"
Cool Edit Pro 2.0 --> E:\Program Files\coolpro2\cep2unin.exe
CureROM Pro 1.3.1 --> E:\Program Files\CureROM\uninst.exe
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD-lab PRO 1.53 --> "E:\Program Files\DVDlabPro\unins000.exe"
DVD Ripper Platinum 4 --> E:\Program Files\Xilisoft\DVD Ripper Platinum 4\Uninstall.exe
EasyStudio PIM & File Manager --> MsiExec.exe /I{2FA333E9-845C-4292-870E-7E41F38443CA}
EasyTune5 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5\uninstdrv.dll"
ETC B06.0614.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D281E4E0-91DC-4EB7-946D-7C5BAC1C0BD2}\setup.exe" -l0x9 -removeonly
eWriter pro --> C:\Program Files\InstallShield Installation Information\{3D5D06E0-C425-4B69-A936-7AE8E3706F97}\setup.exe -runfromtemp -l0x0409
ExplorerXP (remove only) --> E:\Program Files\ExplorerXP\Uninst.exe
FileZilla Client 3.0.1 --> E:\Program Files\FileZilla Client\uninstall.exe
FlashGet 1.9.6.1073 --> E:\Program Files\FlashGet\uninst.exe
FlashGet(Jetcar) 1.80 --> E:\PROGRA~1\FlashGet\_UNWISE.EXE
FLV Player 1.3.3 --> "E:\Program Files\FLVPlayer\uninstall.exe"
Forum Buzz --> "E:\Program Files\Forum Buzz\unins000.exe"
Forum Submitter Pro Full --> MsiExec.exe /I{50349CC6-93AF-4E38-BA37-AE5E34FC4AAC}
Foxit Editor --> MsiExec.exe /I{0B143533-B58A-48D6-B972-1187F398FC63}
Fraps (remove only) --> "E:\Program Files\Fraps\uninstall.exe"
FreeCommander 2007.10a --> "E:\Program Files\FreeCommander\unins000.exe"
Freez FLV to AVI/MPEG/WMV Converter --> "E:\Program Files\Freez FLV to AVI MPEG WMV Converter\unins000.exe"
FrostWire 4.13.3 --> E:\Program Files\FrostWire\Uninstall.exe
getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
GetRight --> E:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL
GG E-Sports Platform --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\Setup.exe"
Gigabyte Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x9 -removeonly
GIMP 2.4.1 --> "E:\Program Files\GIMP-2.0\setup\unins000.exe"
Good Keywords v2.01.100107 --> "E:\Program Files\Good Keywords v2.01\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Video Player --> "E:\Program Files\Google\Google Video Player\Uninstall.exe"
HD Tach version 3 --> "E:\Program Files\HD Tach\unins000.exe"
Hellgate: London --> MsiExec.exe /X{A2B4455D-1046-4732-BFBC-0821BEFC07BC}
HiDownload --> "E:\Program Files\HiDownload\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\s puninst.exe"
HijackThis 1.99.1 --> E:\Program Files\HijackThis\Uninstal.exe
HijackThis 2.0.2 --> "E:\Downloads\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
hp deskjet 3320 series --> rundll32 hpzcon07.dll,VendorJettison hp deskjet 3320 series
HTML-Kit --> "E:\Program Files\HTML-Kit\unins000.exe"
i-Cool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GIGABYTE\i-Cool\Uninst.isu"
Icon Constructor 3 --> "E:\Program Files\Icon Constructor 3\unins000.exe"
Impact Web Audio Light --> "E:\Program Files\Impact Web Audio\unins000.exe"
IrfanView (remove only) --> E:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
KB Piano v.1.2.2 --> E:\Program Files\KB Piano\uninstall.exe
KeyNote 1.6.5 --> "E:\Program Files\KeyNote\unins000.exe"
Keyword Niche Miner --> "E:\Program Files\Keyword Niche Miner\unins000.exe"
KoolMoves 6.1.2 --> "E:\Program Files\KoolMoves\unins000.exe"
LimeWire PRO 4.13.0 --> "E:\Program Files\LimeWire\uninstall.exe"
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
MediaCoder 0.6.0 --> E:\Program Files\MediaCoder\uninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection
Reply With Quote
  #11  
Old February 14th, 2008, 04:02 PM
leelfelr leelfelr is offline
Senior Member
 
Join Date: May 2004
Posts: 144
Continuation Exta.txt:

C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Mind Stereo 1.0.5 --> "E:\Program Files\Mind Stereo\unins000.exe"
Mozilla Firefox (2.0.0.12) --> E:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.6) --> E:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MP3-Info extension V3.4.23 --> "C:\Program Files\MP3ext\unins000.exe"
MP3 Player Utilities 4.00 --> MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MP3 Player Utilities 4.15 --> MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
My Free Web Site Builder --> "E:\Program Files\My Free Web Site Builder\unins000.exe"
My Notes Keeper 1.6.2 --> "E:\Program Files\MyNotesKeeper\unins000.exe"
MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Next Generation Visualisations --> MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
Nokia Connectivity Cable Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{3ECED7D1-E469-4BC6-8A93-5CB0FFE5EBF5}
Nokia PC Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{55F84D06-02A4-4F16-A551-31757EC8E60F}
Notepad++ --> E:\Program Files\Notepad++\uninstall.exe
NoteTab Light (Remove only) --> "E:\Program Files\NoteTab Light\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
Nvu 1.0 --> "E:\Program Files\Nvu\unins000.exe"
Orbit Downloader --> "E:\Program Files\Orbitdownloader\unins000.exe"
particleIllusion 3.0 --> C:\WINDOWS\IsUninst.exe -f"E:\Program Files\particleIllusion_3\Uninst.isu"
PC Wizard 2005.1.65 --> "E:\Program Files\PC Wizard 2005\unins000.exe"
pdfFactory Pro --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppinst 3.exe /uninstall
Piano Professor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6AC0C509-EA99-4985-910A-AE37C0EED497}\Setup.exe" -l0x9 UNINSTALL
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PremiumSoft Navicat MySQL 7.2 --> "E:\Program Files\PremiumSoft\Navicat MySQL\unins000.exe"
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:E:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
RegVac Registry Cleaner 4.02 (Registered Version) --> "E:\Program Files\RegVac Registry Cleaner\unins000.exe"
Remove DivX Codec --> C:\WINDOWS\unvise32.exe E:\Program Files\DivX\DivX Codec\UninstalDivXCodec.log
Riva FLV Encoder 2.0 --> "E:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
RivaTuner v2.0 RC 16 --> "E:\Program Files\RivaTuner v2.0 RC 16\uninstall.exe"
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung\SS_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
simpleology BrowserBodyguard 1.2 --> MsiExec.exe /I{C153ABD3-0A1E-4F70-A1AA-339F43CCA02A}
simpleology DesktopCockpit 1.2 --> MsiExec.exe /I{BA98EC5B-5B4C-2A54-4A50-72F932CF7DEF}
simpleology Wimiki --> MsiExec.exe /I{578082DB-B171-48D3-B22E-5B1662181051}
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.5 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SnagIt 7 --> MsiExec.exe /I{4360BB46-507E-4361-8DCB-4FF9BDC9907B}
Subtitle Workshop 2.51 --> "E:\Program Files\Subtitle Workshop\uninstall.exe"
SUPER © Version 2007.bld.23 (July 4, 2007) --> E:\PROGRA~1\SUPER\Setup.exe /remove /q0
Swiff Player 1.1 --> "E:\Program Files\Swiff Player\unins000.exe"
TheDowser Free Edition v5.3.0 --> "E:\Program Files\TheDowser Free Edition v530\unins000.exe"
Trillian --> E:\Program Files\Trillian\trillian.exe /uninstall
TRW conferencing --> iwexec.exe /R {E23E9487-2B6B-42CA-AE8D-E2369563AB02}
Ulead GIF Animator 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
Ulead VideoStudio 9.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88F92798-59AB-474F-B40D-1EC5F782F7EE}\setup.exe" -l0x9
Useful File Utilities (remove only) --> E:\Program Files\UFU\UninstUFU.exe
VideoLAN VLC media player 0.8.6d --> E:\Program Files\VideoLAN\VLC\uninstall.exe
vixy converter uninstall --> "E:\Program Files\vixy.net\unins000.exe"
VP-EYE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC17B2BE-BA6F-4696-8E5D-ED2A62981CDA}\setup.exe" -l0x9
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Web Audio Plus --> "C:\WINDOWS\Web Audio Plus\uninstall.exe" "/U:E:\Program Files\Web Audio Plus\Uninstall\uninstall.xml"
Winamp (remove only) --> "E:\Program Files\Winamp\UninstWA.exe"
WindowBlinds --> E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
WinOrganizer --> "E:\Program Files\WinOrganizer\uninstall.exe"
WinRAR archiver --> E:\Program Files\WinRAR\uninstall.exe
WinZip --> "E:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WM Recorder 11.0 --> E:\Program Files\WMR11\Uninstal.exe
WYSIWYG Web Builder 4.0 --> C:\WINDOWS\iun6002.exe "E:\Program Files\WYSIWYG Web Builder 4.0\irunin.ini"
XAMPP 1.6.0a --> "E:\Program Files\xampp\xampp\uninstall.exe"
xplorer˛ lite --> "E:\Program Files\zabkat\xplorer2_lite\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1932 / Error
Event Submitted/Written: 02/14/2008 00:00:12 PM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> apache.exe: Could not open configuration file E:/Program Files/xampp/apache/conf/httpd.conf: The system cannot find the path specified. .

Event Record #/Type1913 / Error
Event Submitted/Written: 02/13/2008 02:38:34 AM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> apache.exe: Could not open configuration file E:/Program Files/xampp/apache/conf/httpd.conf: The system cannot find the path specified. .

Event Record #/Type1909 / Error
Event Submitted/Written: 02/13/2008 02:20:59 AM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> apache.exe: Could not open configuration file E:/Program Files/xampp/apache/conf/httpd.conf: The system cannot find the path specified. .

Event Record #/Type1898 / Error
Event Submitted/Written: 02/12/2008 11:58:44 AM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> apache.exe: Could not open configuration file E:/Program Files/xampp/apache/conf/httpd.conf: The system cannot find the path specified. .

Event Record #/Type1882 / Error
Event Submitted/Written: 02/10/2008 03:59:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application photoshop.exe, version 8.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [photoshop.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12952 / Warning
Event Submitted/Written: 02/14/2008 07:08:13 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\SJA-ZO2RHCX4QIL on the network \Device\NetBT_Tcpip_{67B3128F-88C8-45BF-85A7-9A5D8280A099}.
The data is the error code.

Event Record #/Type12895 / Error
Event Submitted/Written: 02/14/2008 00:00:26 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Ulead Burning Helper service failed to start due to the following error:
%%2

Event Record #/Type12894 / Error
Event Submitted/Written: 02/14/2008 00:00:26 PM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Apache2.2 service terminated with service-specific error 1 (0x1).

Event Record #/Type12863 / Error
Event Submitted/Written: 02/14/2008 03:11:54 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Ulead Burning Helper service failed to start due to the following error:
%%2

Event Record #/Type12862 / Error
Event Submitted/Written: 02/14/2008 03:11:54 AM
Event ID/Source: 7024 / Service Control Manager
Event Description:
The Apache2.2 service terminated with service-specific error 1 (0x1).



-- End of Deckard's System Scanner: finished at 2008-02-14 22:41:28 ------------
Reply With Quote
  #12  
Old February 14th, 2008, 04:03 PM
leelfelr leelfelr is offline
Senior Member
 
Join Date: May 2004
Posts: 144
Silent Runners:

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"NVIDIA nTune" = ""E:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear" ["NVIDIA"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"EasyTuneV" = "C:\Program Files\Gigabyte\ET5\GUI.exe" [empty string]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot" ["RealNetworks, Inc."]
"iTunesHelper" = ""E:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"PCSuiteTrayApplication" = "E:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [empty string]
"Adobe Reader Speed Launcher" = ""E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"AVP" = ""E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]
"QuickTime Task" = ""E:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{000123B4-9B42-4900-B3F7-F4B073EFC214}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Octh Class"
\InProcServer32\(Default) = "E:\Program Files\Orbitdownloader\orbitcth.dll" ["Orbitdownloader.com"]
{00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "HelperObject Class"
\InProcServer32\(Default) = "E:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll" ["TechSmith Corporation"]
{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}\(Default) = "Ask Search Assistant BHO"
-> {HKLM...CLSID} = "Ask Search Assistant BHO"
\InProcServer32\(Default) = "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" ["Ask.com"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"
-> {HKLM...CLSID} = "FGCatchUrl"
\InProcServer32\(Default) = "E:\Program Files\FlashGet\jccatch_1.dll" ["www.flashget.com"]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\(Default) = (no title provided)
-> {HKLM...CLSID} = "GetRight IE Download Helper"
\InProcServer32\(Default) = "E:\Program Files\GetRight\xx2gr.dll" ["Headlight Software, Inc."]
{724d43a9-0d85-11d4-9908-00400523e39a}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI RoboForm\roboform.dll" ["Siber Systems"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll" ["Google Inc."]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FlashGet GetFlash Class"
\InProcServer32\(Default) = "E:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "E:\Program Files\Real\RealOne Player\rpplugins\ierpplug.dll" ["RealNetworks"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "E:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{51A64D28-F937-4045-A420-065CEFBD8A76}" = "ARAR Context Menu Shell Extension"
-> {HKLM...CLSID} = "ARARCtxMenu Class"
\InProcServer32\(Default) = "E:\Program Files\ARAR\ARARSHL.dll" ["DataNumen, Inc."]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "E:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {HKLM...CLSID} = "Contact View"
\InProcServer32\(Default) = "E:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {HKLM...CLSID} = "Message View"
\InProcServer32\(Default) = "E:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "SnagIt"
-> {HKLM...CLSID} = "SnagIt"
\InProcServer32\(Default) = "E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll" ["TechSmith Corporation"]
"{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "E:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Copy Hook"
-> {HKLM...CLSID} = "SmartFTP Copy Hook"
\InProcServer32\(Default) = "E:\Program Files\SmartFTP Client\smarthook.dll" ["SmartSoft Ltd."]
"{39DD67E0-73B6-4a11-AF55-49E1EBBF72BE}" = "SmartFTP Favorites Namespace"
-> {HKLM...CLSID} = "FavoritesShellFolder Class"
\InProcServer32\(Default) = "E:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll" ["SmartSoft Ltd."]
"{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}" = "SmartFTP ContextMenu"
-> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
"{40FDFA48-5F4E-4627-A78E-6A49A3D4492F}" = "SmartFTP ShellDropHandler"
-> {HKLM...CLSID} = "SmartFTP ShellDropHandler Class"
\InProcServer32\(Default) = "E:\Program Files\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
"{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}" = "SmartFTP Drop ShellIconOverlayHandler"
-> {HKLM...CLSID} = "SmartFTP Drop ShellIconOverlayHandler"
\InProcServer32\(Default) = "E:\Program Files\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus statistics"
-> {HKLM...CLSID} = "Web Anti-Virus statistics"
\InProcServer32\(Default) = "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
"0aMCPClient" = "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
-> {HKLM...CLSID} = "MCPShellInstantiator Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\stardock\MCPCore.dll" ["Stardock"]
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
<<!>> MCPClient\DLLName = "C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll" ["Stardock"]
<<!>> WBSrv\DLLName = "E:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv. dll" ["Stardock"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandler s\
{448f4a40-2602-11d1-b4c0-080000051171}\(Default) = "MP3Ext Column Handler"
-> {HKLM...CLSID} = "MP3Ext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\MP3ext.dll" ["Michael Mutschler"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandler s\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
Notepad++\(Default) = "{120B94B5-2E6A-4F13-94D0-414BCB64FA0F}"
-> {HKLM...CLSID} = "Notepad++"
\InProcServer32\(Default) = "E:\Program Files\Notepad++\nppcm.dll" ["Burgaud.com"]
SmartFTP\(Default) = "{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}"
-> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "E:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"]
VIDEOTRANS\(Default) = "{C8CA0A66-AF32-4D5E-879E-F0809ACEDC55}"
-> {HKLM...CLSID} = "AmvTransform Class"
\InProcServer32\(Default) = "E:\Program Files\MP3 Player Utilities 4.00\AMVConverter\AmvTransform.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMen uHandlers\
SmartFTP\(Default) = "{F87DED31-303F-4ED1-9BCE-D360FBC74E0A}"
-> {HKLM...CLSID} = "SmartFTP ContextMenu Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\SmartFTP Client\sfShellTools.dll" ["SmartSoft Ltd"]
SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "E:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll" ["TechSmith Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHa ndlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]


Default executables:
--------------------

HKLM\SOFTWARE\Classes\.scr\(Default) = "scrfile"
<<!>> HKLM\SOFTWARE\Classes\scrfile\shell\open\command\( Default) = ""%1" %*" [file not found]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"NoChangeStartMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Reply With Quote
  #13  
Old February 14th, 2008, 04:05 PM
leelfelr leelfelr is offline
Senior Member
 
Join Date: May 2004
Posts: 144
Continuation Silent Runners:


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Loca l Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\farees\Application Data\Mozilla\Firefox\Desktop Background.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS]


Startup items in "farees" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\farees\Start Menu\Programs\Startup
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Microsoft Office" -> shortcut to: "E:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{724D43A0-0D85-11D4-9908-00400523E39A}"
-> {HKLM...CLSID} = "&RoboForm"
\InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI RoboForm\roboform.dll" ["Siber Systems"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{724D43A0-0D85-11D4-9908-00400523E39A}"
-> {HKLM...CLSID} = "&RoboForm"
\InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI RoboForm\roboform.dll" ["Siber Systems"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet"
-> {HKLM...CLSID} = "FlashGet"
\InProcServer32\(Default) = "E:\Program Files\FlashGet\fgiebar.dll" ["Amaze Soft"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
"{724D43A0-0D85-11D4-9908-00400523E39A}" = (no title provided)
-> {HKLM...CLSID} = "&RoboForm"
\InProcServer32\(Default) = "C:\Program Files\Siber Systems\AI RoboForm\roboform.dll" ["Siber Systems"]
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = (no title provided)
-> {HKLM...CLSID} = "SnagIt"
\InProcServer32\(Default) = "E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll" ["TechSmith Corporation"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web Anti-Virus statistics"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\(Default) = "simpleology BrowserBodyguard"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "mscoree.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{066040F0-5018-4E15-8AA0-81D36136D989}\
"ButtonText" = "Instant Buzz"

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Web Anti-Virus statistics"

{320AF880-6646-11D3-ABEE-C5DBF3571F46}\
"ButtonText" = "Fill Forms"
"MenuText" = "Fill Forms"
"Script" = "file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html" [file not found]

{320AF880-6646-11D3-ABEE-C5DBF3571F49}\
"ButtonText" = "Save"
"MenuText" = "Save Forms"
"Script" = "file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html" [file not found]

{724D43AA-0D85-11D4-9908-00400523E39A}\
"ButtonText" = "RoboForm"
"MenuText" = "RoboForm Toolbar"
"Script" = "file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html" [file not found]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "FlashGet"
"Exec" = "E:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"]

{F4FBA929-A891-492C-A0F6-5C79CC4F1742}\
"ButtonText" = "HiDownload"
"Exec" = "E:\Program Files\HiDownload\hidownload.exe" ["HiDownload Software"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" ["Ask.com"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# #, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
Kaspersky Anti-Virus 6.0, AVP, ""E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r" ["Kaspersky Lab"]
nTune Service, nTuneService, "E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService" ["NVIDIA"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs\
FPP3:\Driver = "fppmon3.dll" ["FinePrint Software, LLC"]
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]
PrimoMon\Driver = "Primomonnt.dll" [null data]


---------- (launch time: 2008-02-14 22:45:21)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 33 seconds, including 13 seconds for message boxes)
Reply With Quote
  #14  
Old February 14th, 2008, 04:10 PM
leelfelr leelfelr is offline
Senior Member
 
Join Date: May 2004
Posts: 144
Somethings I noticed on my system:
- No drag and drop ability. (no ghost Icon appears when I try to move an icon on the desktop, also in win explorer.)
- Can't boot in safe mode.
- My mouse cursor occasionally stops, then resumes. But I can see that it is still functioning when it stops because I can "mouse over" buttons when I try to move the mouse, but the mouse cursor doesn't follow.
- Also, not really sure but it seems that the loading time for the winxp loading screen during boot takes longer now..

Thanks for any help.
Reply With Quote
  #15  
Old February 14th, 2008, 07:30 PM
Morfeasss Morfeasss is offline
CTH Subscriber
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: Greece
Posts: 5,140
Infection is showing in your logs, let's begin with this tool.

Plug in your removable drive/-s.

Step 1:

Download

Combofix.exe and save it to your desktop.

Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix.
When the scan completes it will open a text window. Please copy/paste that log back here together with a new HijackThis log.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
~~~~~~~~~~~~~~

Step 2:


Download and run SafeBootKeyRepair from here.

It will take only a moment for it to run.
A log will be produced at C:\SafeBoot_Repair.txt. Please post that in your next reply
~~~~~~~~~~~~~~~~~~~~

Step 3:

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

System Restore
Temp Cleanup


Then under Extra Log, uncheck all the boxes.

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

Please post back the Combofix report, along with main.txt from DSS and the report from C:\SafeBoot_Repair.txt.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
cannot find "modems" and "wireless communication devices" in device manager bhargava Windows XP 0 November 16th, 2007 07:14 AM
Task Manager Wont Open "Being Used by Another Program": Moved from XP by Murray TazK Malware Removal 3 January 6th, 2007 05:14 PM
Missing "run" And "task Manager" Gus Windows XP 3 June 7th, 2006 12:30 AM
reformatting hard drive - format "c:\", "d:\", and "e:\" or just "c:\" ssb2004 Windows 98 4 November 1st, 2004 05:25 PM


All times are GMT +1. The time now is 02:06 AM.