computer problems plz help

Logfile of HijackThis v1.99.1
Scan saved at 6:46:24 PM, on 10/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1159844513\ee\AOLSoftware.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\John\Desktop\HijackThis_v1.99.1.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SoftwareDistribution\Download\fde4a5af73d5aee9b5faba71cbff1d6c\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159844513\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159216013454
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159215978798
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: File Security Kernel Anti-Spyware Driver (ikhfile) - Unknown owner - C:\Documents and Settings\John\Desktop\Spyware Doctor\ikhfile.sys (file missing)
O23 - Service: Kernel Anti-Spyware Driver (ikhlayer) - Unknown owner - C:\Documents and Settings\John\Desktop\Spyware Doctor\ikhlayer.sys (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Documents and Settings\John\Desktop\Spyware Doctor\SDhelper.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

still not running well

 

I'm assuming this "update" running is not good.

Go to Jotti's malware scan.
Copy/Paste this file into "File to upload and scan".
[bold]C:\WINDOWS\SoftwareDistribution\Download\fde4a5af73d5aee9b5faba71cbff1d6c\update\update.exe[/bold]
Click Submit.
Post the resutls in your next reply.

 

AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

 

Guess not.

Go here and download Spybot Search and Destroy.

Run in safe mode.
Click "Check for Updates".
Click "Search for Updates".
Select all and click "Download Updates".
After updating, click "Search and Destroy".
Click "Check for Problems".
When it finishes, click "Fix selected problems".
Right click and select "Copy results" (not full report)
Paste them in your next reply if anything was found.

 

CoolWWWSearch.Compstuic: Data (File, fixed)
C:\WINDOWS\gsc307.ggs

Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

AstaKiller: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\MezziaCodec.Chl

AstaKiller: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}

SeachToolbarCorp.ToolbarVision: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2540899815-763274292-1888576114-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{821F87FF-8245-4972-9E28-732E92EC2F51}

SeachToolbarCorp.ToolbarVision: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2540899815-763274292-1888576114-1005\Software\Search Toolbar Corp

SeachToolbarCorp.ToolbarVision: Program directory (Directory, fixed)
C:\Documents and Settings\John\Application Data\SearchToolbarCorp\

SeachToolbarCorp.ToolbarVision: Program directory (Directory, fixed)
C:\Documents and Settings\John\Application Data\SearchToolbarCorp\Toolbar Vision\

SeachToolbarCorp.ToolbarVision: Text file (File, fixed)
C:\Documents and Settings\John\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt

SeachToolbarCorp.ToolbarVision: Text file (File, fixed)
C:\Documents and Settings\John\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt

CasaleMedia: Tracking cookie (Internet Explorer: John) (Cookie, fixed)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, fixed)


Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: default) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: default) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: default) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-10-10 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-06 Includes\Cookies.sbi (*)
2006-10-06 Includes\Dialer.sbi (*)
2006-10-06 Includes\Hijackers.sbi (*)
2006-10-06 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-06 Includes\Malware.sbi (*)
2006-10-06 Includes\PUPS.sbi (*)
2006-10-06 Includes\Revision.sbi (*)
2006-10-06 Includes\Security.sbi (*)
2006-10-06 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-10-06 Includes\Trojans.sbi (*)

hope thats it

 

CoolWWWSearch.Compstuic: Data (File, fixed)
C:\WINDOWS\gsc307.ggs

Ah ha!
Spybot may have gotten it all...maybe not.

Go here and download CWShredder.
Open cwshredder.exe
Click "Scan only".
Click Next or Fix, pending if something is found.
Exit CWShredder.

Fix these with hijackThis.

[bold]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file) [/bold]

Restart.

How are things now?

 

sorry to say but nope

 

No what? Did it find anything? Please explain what's going on...how are things running?

 

After all those scans and there is still a problem. It may be a Windows Problem. I would suggest back up everything, then a format and reinstall.

 

i stll cant watch a movie without it soundingt and looking like it has a million sctatches. the start up i faster than before, guess we fi that problem. cpu still shooots up for small things like open and closings windows. the sound when shut down and start up is the same problem for playing movies also when you minimize and restore a window

 

i stll cant watch a movie without it soundingt and looking like it has a million sctatches on it. the start up is faster than before the cpu still shooots up for small things like open and closings windows. the sound when shut down and start up is the same problem for playing movies also when you minimize and restore a window

 

Think back before this started. Did you install anything before noticing the problems? Could be conflicts between programs.

What player are you using to watch movies?

The sound problem may be a hardware problem, soundcard maybe?

Or as EricCarr said, it could be just a Windows problem, but I wouldn't recommend reformatting just yet. Try repairing Windows with your recovery disc first.

 

windows media player
cant rember anything that i installed it just happed 1 day
also thats another problem i dont have the dics to repare or restore windows i f**k up when it i was making them on the laptop by restarting windows whille it was creating dics so i cant make any new ones.
and my laptop it only about 3 months old and i hope theres nothing wrong inside all ready

wow i dient even know i doubled posted last time sry

 

I don't like to do this 'cause I don't like having to look over the logs, but I'm out of ideas.

Download WinPFind2

-Extract the files to a folder (C:\WinPFind2).
-Open WinPFind2.exe to start the program.
-Under File Options click the [bold]Select All[/bold] button.
-Click the [bold]Run all Scans[/bold] button.
-When its finished scanning you will see Scans Complete! at the bottom left of the program.
-Click the [bold]Simple Report[/bold] button.
-Notepad will open with the log.
-Post the log in your next reply.

 

Logfile created on: 10/13/2006 08:45
WinPFind2 by OldTimer - Version 1.0.10 Folder = C:\Documents and Settings\John\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5450.4)


< Processes (Non-Microsoft Only) >
c:\program files\common files\aol\1159844513\ee\aolsoftware.exe - (America Online, Inc. )
c:\windows\system32\ati2evxx.exe - (ATI Technologies Inc. )
c:\windows\system32\ati2evxx.exe - (ATI Technologies Inc. )
c:\program files\ati technologies\ati control panel\atiptaxx.exe - (ATI Technologies, Inc. )
c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe - (Anti-Malware Development a.s. )
c:\progra~1\widcomm\blueto~1\btstac~1.exe - (Broadcom Corporation. )
c:\program files\widcomm\bluetooth software\bttray.exe - (Broadcom Corporation. )
c:\program files\widcomm\bluetooth software\bin\btwdins.exe - (Broadcom Corporation. )
c:\program files\hpq\quick launch buttons\eabservr.exe - (Hewlett-Packard )
c:\program files\mozilla firefox\firefox.exe - (Mozilla Corporation )
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe - (Anti-Malware Development a.s. )
c:\program files\hpq\hp wireless assistant\hp wireless assistant.exe - (Hewlett-Packard Development Company, L.P. )
c:\program files\hp\digital imaging\bin\hpqimzone.exe - (Hewlett-Packard Development Company, L.P. )
c:\progra~1\hpq\shared\hpqtoa~1.exe - ( )
c:\program files\hewlett-packard\shared\hpqwmiex.exe - (Hewlett-Packard Development Company, L.P. )
c:\program files\hp\hp software update\hpwuschd2.exe - (Hewlett-Packard Co. )
c:\program files\java\jre1.5.0_06\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\program files\lclock\lclock.exe - ( )
c:\program files\common files\lightscribe\lssrvc.exe - (Hewlett-Packard Company )
c:\program files\psphost\files\nethostfs.exe - ( )
c:\program files\hp\quickplay\qpservice.exe - (CyberLink Corp. )
c:\program files\common files\real\update_ob\realsched.exe - (RealNetworks, Inc. )
c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe - (Rocket Division Software )
c:\program files\synaptics\syntp\syntpenh.exe - (Synaptics, Inc. )
c:\documents and settings\john\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )
c:\program files\tuneup utilities 2006\winstylerthemesvc.exe - (TuneUp Software GmbH )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM->Main\\Search Bar - http://search.msn.com/spbasic.htm
HKLM->Main\\Search Page - http://go.microsoft.com/fwlink/?LinkId=54896
HKLM->Main\\Default_Page_URL - http://go.microsoft.com/fwlink/?LinkId=54729
HKLM->Main\\Default_Search_URL - http://go.microsoft.com/fwlink/?LinkId=54896
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page - http://securityresponse.symantec.com/avcenter/fix_homepage
HKCU->Main\\Search Bar - http://search.msn.com/spbasic.htm
HKCU->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU->Main\\Local Page - C:\WINDOWS\system32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM->Search\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU->Search\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0

[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. )
{B56A7D7D-6927-48C8-A975-17DF180C71AC} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer ToolBars]

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 - Reg Data missing or invalid
{CCA281CA-C863-46ef-9331-5C8D4460577F} - 8194 - Reg Data missing or invalid
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 - Reg Data missing or invalid
NextId - 8195

[HKLM-> Internet Explorer Extensions]
{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = Reg Data missing or invalid (File not found))

[HKCU-> Internet Explorer Menu Extensions]
&Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html (File not found))
&Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html (File not found))
Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html (File not found))
Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html (File not found))
Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ( )
Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html (File not found))
Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html (File not found))

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
- = Reg Data missing or invalid (File not found))
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} - TuneUp Shredder Shell Context Menu Extension = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH )
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data missing or invalid (File not found))
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found))
{2F603045-309F-11CF-9774-0020AFD0CFF6} - Synaptics Control Panel = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics, Inc. )
{32020A01-506E-484D-A2A8-BE3CF17601C3} - AlcoholShellEx = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll (Alcohol Soft Development Team )
{42042206-2D85-11D3-8CFF-005004838597} - Microsoft Office HTML Icon Handler = Reg Data missing or invalid (File not found))
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = Reg Data missing or invalid (File not found))
{6af09ec9-b429-11d4-a1fb-0090960218cb} - My Bluetooth Places = C:\WINDOWS\system32\btneighborhood.dll (Broadcom Corporation. )
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found))
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found))
{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG )
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} - ShellViewRTF = C:\WINDOWS\system32\ShellvRTF.dll (XSS )
{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3} - ABBYYPDFContextMenuExtension = Reg Data missing or invalid (File not found))
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found))
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc. )
{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc. )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
* - TuneUp Shredder - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = C:\Program Files\TuneUp Utilities 2006\sdshelex.dll (TuneUp Software GmbH )
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
* - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
Directory - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
Directory - TuneUp Shredder - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = C:\Program Files\TuneUp Utilities 2006\sdshelex.dll (TuneUp Software GmbH )
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Directory - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]
Folder - {7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalColumnHandler Class = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG )

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\system32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - jsfile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\ - (File not found))
HKLM->Run\\!AVG Anti-Spyware - "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized (Anti-Malware Development a.s. )
HKLM->Run\\ATIPTA - "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc. )
HKLM->Run\\Cpqset - C:\Program Files\HPQ\Default Settings\cpqset.exe ( )
HKLM->Run\\D_V_T - C:\\dvt.exe /S \C:\\d_v_t.reg\ (File not found))
HKLM->Run\\eabconfg.cpl - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
HKLM->Run\\ehTray - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation )
HKLM->Run\\HostManager - C:\Program Files\Common Files\AOL\1159844513\ee\AOLSoftware.exe (America Online, Inc. )
HKLM->Run\\HP Software Update - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co. )
HKLM->Run\\hpWirelessAssistant - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P. )
HKLM->Run\\IPHSend - C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc. )
HKLM->Run\\LClock - C:\Program Files\LClock\LClock.exe ( )
HKLM->Run\\QPService - "C:\Program Files\HP\QuickPlay\QPService.exe" (CyberLink Corp. )
HKLM->Run\\RecGuard - C:\Windows\SMINST\RecGuard.exe ( )
HKLM->Run\\SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc. )
HKLM->Run\\SynTPEnh - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc. )
HKLM->Run\\TkBellExe - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc. )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation )

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]
AppInit_DLL - (File not found))

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation )
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation )

[Shell Execute Hooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s. )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]
{259BA022-2005-45E9-A965-10EDB9C00605} - Reg Data missing or invalid = Reg Data missing or invalid (File not found))
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{553858A7-4922-4e7e-B1C1-97140C1C16EF} - IE Component Categories cache daemon = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;

[PendingFileRenameOperations]

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]

[>> User Agent Post Platform <<]

[>> Winlogon <<]
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found))
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\AtiExtEvent - Ati2evxx.dll (ATI Technologies Inc. )
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{0BDDE666-05EF-444F-9312-A62A7D9C71B3} - ()
{183FE067-D09D-40EB-A03D-349807D3E1B1} - (Broadcom 802.11a/b/g WLAN)
{A2D104B0-7B4E-4C3A-B0D8-D7E2415DA65E} - (1394 Net Adapter)
{CF27CA4E-2E8F-4856-B4FF-E8B6D2D0E9D6} - ()
{F75FF5AA-2CEE-4818-B71F-E1CF49D50491} - (Realtek RTL8139/810x Family Fast Ethernet NIC)

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found))
msdaipp - (File not found))

[>> Protocol Filters (Non-Microsoft only) <<]

< Services (Non-Microsoft Only) >
Ati HotKey Poller (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc. ) [Automatic - Running - Win32, running in it's own process]
AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
Bluetooth Service (btwdins) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation. ) [Automatic - Running - Win32, running in it's own process]
hpqwmiex (hpqwmiex) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P. ) [Automatic - Running - Win32, running in it's own process]
LightScribeService Direct Disc Labeling Service (LightScribeService) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (Hewlett-Packard Company ) [Automatic - Running - Win32, running in it's own process]
StarWind iSCSI Service (StarWindService) - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software ) [Automatic - Running - Win32, running in it's own process]
TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - "C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe" (TuneUp Software GmbH ) [Automatic - Running - Win32, running in it's own process]

< Files >

%SystemDrive%

%ProgramFilesDir%

%WinDir%

%System%
C:\WINDOWS\SYSTEM32\atl71.pdb - PEC2 ( [Ver = | Size = 2052096 bytes | Date = 03/18/2003 20:05 | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_25.dll - aspack (Microsoft Corporation [Ver = 9.06.168.0000 | Size = 2337488 bytes | Date = 03/18/2005 20:19 | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_26.dll - aspack (Microsoft Corporation [Ver = 9.07.239.0000 | Size = 2297552 bytes | Date = 05/26/2005 18:34 | Attr = ])
C:\WINDOWS\SYSTEM32\d3dx9_27.dll - aspack (Microsoft Corporation [Ver = 9.08.299.0000 | Size = 2319568 bytes | Date = 07/22/2005 19:59 | Attr = ])
C:\WINDOWS\SYSTEM32\dfrg.msc - PEC2 ( [Ver = | Size = 41397 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\DivX.dll - PEC2 (DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Date = 09/18/2006 14:11 | Attr = ])
C:\WINDOWS\SYSTEM32\DivX.dll - PECompact2 (DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Date = 09/18/2006 14:11 | Attr = ])
C:\WINDOWS\SYSTEM32\LegitCheckControl.dll - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 571184 bytes | Date = 06/19/2006 16:19 | Attr = ])
C:\WINDOWS\SYSTEM32\mfc71.pdb - PEC2 ( [Ver = | Size = 10357760 bytes | Date = 03/18/2003 22:20 | Attr = ])
C:\WINDOWS\SYSTEM32\MFC71d.pdb - PEC2 ( [Ver = | Size = 8252416 bytes | Date = 03/18/2003 21:28 | Attr = ])
C:\WINDOWS\SYSTEM32\mfc71u.pdb - PEC2 ( [Ver = | Size = 10333184 bytes | Date = 03/18/2003 22:12 | Attr = ])
C:\WINDOWS\SYSTEM32\mfc71ud.pdb - PEC2 ( [Ver = | Size = 8293376 bytes | Date = 03/18/2003 21:31 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - PECompact2 (Microsoft Corporation [Ver = 1.21.1628.0 | Size = 9639336 bytes | Date = 10/04/2006 16:03 | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.21.1628.0 | Size = 9639336 bytes | Date = 10/04/2006 16:03 | Attr = ])
C:\WINDOWS\SYSTEM32\MSBIND.DLL - UPX! (Microsoft Corporation [Ver = 6.00.8169 | Size = 33792 bytes | Date = 06/18/1998 | Attr = ])
C:\WINDOWS\SYSTEM32\MSREPL35.DLL - UPX! (Microsoft Corporation [Ver = 3.51.0623.0 | Size = 155136 bytes | Date = 04/24/1998 | Attr = ])
C:\WINDOWS\SYSTEM32\ntbackup.exe - WSUD (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1200128 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\ntdll.dll - aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\rasdlg.dll - Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\Uharc.exe - UPX! ( [Ver = | Size = 111104 bytes | Date = 12/19/2004 23:00 | Attr = ])
C:\WINDOWS\SYSTEM32\VBAME.DLL - UPX! (Microsoft Corporation [Ver = 2.2.4 | Size = 24576 bytes | Date = 05/06/1998 | Attr = ])
C:\WINDOWS\SYSTEM32\VBAR332.DLL - UPX! (Microsoft Corporation [Ver = 3.0.6908 | Size = 190464 bytes | Date = 04/24/1998 | Attr = ])
C:\WINDOWS\SYSTEM32\VundoFixSVC.exe - UPX! (Atribune.org [Ver = 1.00 | Size = 9216 bytes | Date = 10/07/2006 13:03 | Attr = ])
C:\WINDOWS\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\WgaTray.exe - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 06/19/2006 16:19 | Attr = ])
C:\WINDOWS\SYSTEM32\wmploc.dll - PEC2 (Microsoft Corporation [Ver = 11.0.5705.5043 (WMP_11.060824-1905) | Size = 8337920 bytes | Date = 08/24/2006 22:30 | Attr = ])
C:\WINDOWS\SYSTEM32\wmploc.dll - WSUD (Microsoft Corporation [Ver = 11.0.5705.5043 (WMP_11.060824-1905) | Size = 8337920 bytes | Date = 08/24/2006 22:30 | Attr = ])

%System%\Drivers folder and sub-folders

%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\bootstat.dat - ( [Ver = | Size = 2048 bytes | Date = 10/12/2006 10:29 | Attr = S])
C:\WINDOWS\QTFont.qfn - ( [Ver = | Size = 54156 bytes | Date = 10/12/2006 11:56 | Attr = H ])
C:\WINDOWS\wininf.dat - ( [Ver = | Size = 314 bytes | Date = 10/06/2006 19:45 | Attr = H ])
C:\WINDOWS\winshell.dat - ( [Ver = | Size = 95 bytes | Date = 10/06/2006 19:13 | Attr = H ])
C:\WINDOWS\CSC\00000001 - ( [Ver = | Size = 64 bytes | Date = 10/11/2006 00:30 | Attr = S])
C:\WINDOWS\CSC\00000002 - ( [Ver = | Size = 64 bytes | Date = 10/07/2006 13:39 | Attr = S])
C:\WINDOWS\inf\oem32.inf - ( [Ver = | Size = 0 bytes | Date = 09/25/2006 16:33 | Attr = H ])
C:\WINDOWS\inf\oem33.inf - ( [Ver = | Size = 0 bytes | Date = 09/25/2006 20:08 | Attr = H ])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat - ( [Ver = | Size = 11749 bytes | Date = 08/21/2006 09:00 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922819.cat - ( [Ver = | Size = 14901 bytes | Date = 08/16/2006 08:30 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923191.cat - ( [Ver = | Size = 13285 bytes | Date = 08/25/2006 13:06 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923414.cat - ( [Ver = | Size = 10925 bytes | Date = 08/14/2006 11:19 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924191.cat - ( [Ver = | Size = 9435 bytes | Date = 09/13/2006 01:23 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924496.cat - ( [Ver = | Size = 11223 bytes | Date = 09/04/2006 02:38 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFDist11.cat - ( [Ver = | Size = 26948 bytes | Date = 08/24/2006 22:46 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wmp11.cat - ( [Ver = | Size = 27852 bytes | Date = 08/24/2006 23:11 | Attr = S])
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Wudf01000.cat - ( [Ver = | Size = 10741 bytes | Date = 08/24/2006 20:43 | Attr = S])
C:\WINDOWS\system32\config\default.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/13/2006 04:26 | Attr = H ])
C:\WINDOWS\system32\config\default_TU_13590.LOG - ( [Ver = | Size = 0 bytes | Date = 10/11/2006 20:56 | Attr = H ])
C:\WINDOWS\system32\config\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/12/2006 10:30 | Attr = H ])
C:\WINDOWS\system32\config\SAM_TU_99380.LOG - ( [Ver = | Size = 0 bytes | Date = 10/11/2006 20:56 | Attr = H ])
C:\WINDOWS\system32\config\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/13/2006 05:33 | Attr = H ])
C:\WINDOWS\system32\config\SECURITY_TU_10447.LOG - ( [Ver = | Size = 0 bytes | Date = 10/11/2006 20:56 | Attr = H ])
C:\WINDOWS\system32\config\software.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/13/2006 08:36 | Attr = H ])
C:\WINDOWS\system32\config\software_TU_66017.LOG - ( [Ver = | Size = 0 bytes | Date = 10/11/2006 20:56 | Attr = H ])
C:\WINDOWS\system32\config\system.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/13/2006 08:18 | Attr = H ])
C:\WINDOWS\system32\config\system_TU_42756.LOG - ( [Ver = | Size = 0 bytes | Date = 10/11/2006 20:56 | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG - ( [Ver = | Size = 1024 bytes | Date = 10/10/2006 18:43 | Attr = H ])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 - ( [Ver = | Size = 688 bytes | Date = 09/15/2006 18:46 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7C8A03C4580C6B04FDF34357F3474EDC - ( [Ver = | Size = 1047 bytes | Date = 10/06/2006 04:26 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 - ( [Ver = | Size = 37155 bytes | Date = 09/15/2006 18:46 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB - ( [Ver = | Size = 1370 bytes | Date = 10/06/2006 04:26 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 - ( [Ver = | Size = 558 bytes | Date = 09/15/2006 18:46 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 - ( [Ver = | Size = 94 bytes | Date = 09/15/2006 18:46 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7C8A03C4580C6B04FDF34357F3474EDC - ( [Ver = | Size = 126 bytes | Date = 10/06/2006 04:26 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 - ( [Ver = | Size = 124 bytes | Date = 09/15/2006 18:46 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB - ( [Ver = | Size = 194 bytes | Date = 10/06/2006 04:26 | Attr = S])
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 - ( [Ver = | Size = 144 bytes | Date = 09/15/2006 18:46 | Attr = S])
C:\WINDOWS\system32\DirectX\Dinput\Thumbs.db - ( [Ver = | Size = 171008 bytes | Date = 10/08/2006 01:26 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\9aa1b040-8b75-4acd-ab61-7b1e98ad195b - ( [Ver = | Size = 388 bytes | Date = 09/25/2006 18:32 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred - ( [Ver = | Size = 24 bytes | Date = 09/25/2006 18:32 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\8f357821-c1a0-4aa1-8c70-d6c90503e815 - ( [Ver = | Size = 388 bytes | Date = 09/21/2006 22:11 | Attr = HS])
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred - ( [Ver = | Size = 24 bytes | Date = 09/21/2006 22:11 | Attr = HS])
C:\WINDOWS\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 10/12/2006 10:30 | Attr = H ])
CPL files -
C:\WINDOWS\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\btcpl.cpl - (Broadcom Corporation. [Ver = 4.0.1.2601 | Size = 274491 bytes | Date = 08/16/2005 14:55 | Attr = ])
C:\WINDOWS\SYSTEM32\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 7.00.5450.4 (winmain(wmbla).060623-0309) | Size = 1402368 bytes | Date = 06/23/2006 08:41 | Attr = ])
C:\WINDOWS\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 49265 bytes | Date = 11/10/2005 17:03 | Attr = ])
C:\WINDOWS\SYSTEM32\LClock.cpl - ( [Ver = | Size = 172032 bytes | Date = 09/04/2004 06:45 | Attr = ])
C:\WINDOWS\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 261632 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\nwc.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 328704 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95232 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\WACntlPnl.cpl - (Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 2, 2 | Size = 47104 bytes | Date = 12/07/2005 13:35 | Attr = ])
C:\WINDOWS\SYSTEM32\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 04:16 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 261632 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 328704 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95232 bytes | Date = 08/10/2004 11:00 | Attr = ])
C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05/26/2005 04:16 | Attr = ])

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation. [Ver = 4.0.1.2601 | Size = 577597 bytes | Date = 08/16/2005 14:56 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 08/17/2005 12:59 | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P. [Ver = 060.000.155.000 | Size = 73728 bytes | Date = 09/24/2005 05:39 | Attr = ])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\John\Start Menu\Programs\Startup
C:\Documents and Settings\John\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 08/17/2005 12:59 | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Wininit.ini: Line 1 - [Rename]
Wininit.ini: Line 2 - NUL=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VIES0DA2
Config.nt: Line 1 - REM Windows MS-DOS Startup File
Config.nt: Line 2 - REM
Config.nt: Line 3 - REM CONFIG.SYS vs CONFIG.NT
Config.nt: Line 4 - REM CONFIG.SYS is not used to initialize the MS-DOS environment.
Config.nt: Line 5 - REM CONFIG.NT is used to initialize the MS-DOS environment unless a
Config.nt: Line 6 - REM different startup file is specified in an application's PIF.
Config.nt: Line 7 - REM
Config.nt: Line 8 - REM ECHOCONFIG
Config.nt: Line 9 - REM By default, no information is displayed when the MS-DOS environment
Config.nt: Line 10 - REM is initialized. To display CONFIG.NT/AUTOEXEC.NT information, add
Config.nt: Line 11 - REM the command echoconfig to CONFIG.NT or other startup file.
Config.nt: Line 12 - REM
Config.nt: Line 13 - REM NTCMDPROMPT
Config.nt: Line 14 - REM When you return to the command prompt from a TSR or while running an
Config.nt: Line 15 - REM MS-DOS-based application, Windows runs COMMAND.COM. This allows the
Config.nt: Line 16 - REM TSR to remain active. To run CMD.EXE, the Windows command prompt,
Config.nt: Line 17 - REM rather than COMMAND.COM, add the command ntcmdprompt to CONFIG.NT or
Config.nt: Line 18 - REM other startup file.
Config.nt: Line 19 - REM
Config.nt: Line 20 - REM DOSONLY
Config.nt: Line 21 - REM By default, you can start any type of application when running
Config.nt: Line 22 - REM COMMAND.COM. If you start an application other than an MS-DOS-based
Config.nt: Line 23 - REM application, any running TSR may be disrupted. To ensure that only
Config.nt: Line 24 - REM MS-DOS-based applications can be started, add the command dosonly to
Config.nt: Line 25 - REM CONFIG.NT or other startup file.
Config.nt: Line 26 - REM
Config.nt: Line 27 - REM EMM
Config.nt: Line 28 - REM You can use EMM command line to configure EMM(Expanded Memory Manager).
Config.nt: Line 29 - REM The syntax is:
Config.nt: Line 30 - REM
Config.nt: Line 31 - REM EMM = [A=AltRegSets] [B=BaseSegment] [RAM]
Config.nt: Line 32 - REM
Config.nt: Line 33 - REM AltRegSets
Config.nt: Line 34 - REM specifies the total Alternative Mapping Register Sets you
Config.nt: Line 35 - REM want the system to support. 1 <= AltRegSets <= 255. The
Config.nt: Line 36 - REM default value is 8.
Config.nt: Line 37 - REM BaseSegment
Config.nt: Line 38 - REM specifies the starting segment address in the Dos conventional
Config.nt: Line 39 - REM memory you want the system to allocate for EMM page frames.
Config.nt: Line 40 - REM The value must be given in Hexdecimal.
Config.nt: Line 41 - REM 0x1000 <= BaseSegment <= 0x4000. The value is rounded down to
Config.nt: Line 42 - REM 16KB boundary. The default value is 0x4000
Config.nt: Line 43 - REM RAM
Config.nt: Line 44 - REM specifies that the system should only allocate 64Kb address
Config.nt: Line 45 - REM space from the Upper Memory Block(UMB) area for EMM page frames
Config.nt: Line 46 - REM and leave the rests(if available) to be used by DOS to support
Config.nt: Line 47 - REM loadhigh and devicehigh commands. The system, by default, would
Config.nt: Line 48 - REM allocate all possible and available UMB for page frames.
Config.nt: Line 49 - REM
Config.nt: Line 50 - REM The EMM size is determined by pif file(either the one associated
Config.nt: Line 51 - REM with your application or _default.pif). If the size from PIF file
Config.nt: Line 52 - REM is zero, EMM will be disabled and the EMM line will be ignored.
Config.nt: Line 53 - REM
Config.nt: Line 54 - dos=high, umb
Config.nt: Line 55 - device=%SystemRoot%\system32\himem.sys
Config.nt: Line 56 - files=40
AutoExec.nt: Line 1 - @echo off
AutoExec.nt: Line 3 - REM AUTOEXEC.BAT is not used to initialize the MS-DOS environment.
AutoExec.nt: Line 4 - REM AUTOEXEC.NT is used to initialize the MS-DOS environment unless a
AutoExec.nt: Line 5 - REM different startup file is specified in an application's PIF.
AutoExec.nt: Line 7 - REM Install CD ROM extensions
AutoExec.nt: Line 8 - lh %SystemRoot%\system32\mscdexnt.exe
AutoExec.nt: Line 10 - REM Install network redirector (load before dosx.exe)
AutoExec.nt: Line 11 - lh %SystemRoot%\system32\redir
AutoExec.nt: Line 13 - REM Install DPMI support
AutoExec.nt: Line 14 - lh %SystemRoot%\system32\dosx
AutoExec.nt: Line 16 - REM The following line enables Sound Blaster 2.0 support on NTVDM.
AutoExec.nt: Line 17 - REM The command for setting the BLASTER environment is as follows:
AutoExec.nt: Line 18 - REM SET BLASTER=A220 I5 D1 P330
AutoExec.nt: Line 19 - REM where:
AutoExec.nt: Line 20 - REM A specifies the sound blaster's base I/O port
AutoExec.nt: Line 21 - REM I specifies the interrupt request line
AutoExec.nt: Line 22 - REM D specifies the 8-bit DMA channel
AutoExec.nt: Line 23 - REM P specifies the MPU-401 base I/O port
AutoExec.nt: Line 24 - REM T specifies the type of sound blaster card
AutoExec.nt: Line 25 - REM 1 - Sound Blaster 1.5
AutoExec.nt: Line 26 - REM 2 - Sound Blaster Pro I
AutoExec.nt: Line 27 - REM 3 - Sound Blaster 2.0
AutoExec.nt: Line 28 - REM 4 - Sound Blaster Pro II
AutoExec.nt: Line 29 - REM 6 - SOund Blaster 16/AWE 32/32/64
AutoExec.nt: Line 30 - REM
AutoExec.nt: Line 31 - REM The default value is A220 I5 D1 T3 and P330. If any of the switches is
AutoExec.nt: Line 32 - REM left unspecified, the default value will be used. (NOTE, since all the
AutoExec.nt: Line 33 - REM ports are virtualized, the information provided here does not have to
AutoExec.nt: Line 34 - REM match the real hardware setting.) NTVDM supports Sound Blaster 2.0 only.
AutoExec.nt: Line 35 - REM The T switch must be set to 3, if specified.
AutoExec.nt: Line 36 - SET BLASTER=A220 I5 D1 P330 T3
AutoExec.nt: Line 38 - REM To disable the sound blaster 2.0 support on NTVDM, specify an invalid
AutoExec.nt: Line 39 - REM SB base I/O port address. For example:
AutoExec.nt: Line 40 - REM SET BLASTER=A0

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 08/17/2005 05:45 | Attr = HS])
C:\Documents and Settings\All Users\Application Data\hpzinstall.log - ( [Ver = | Size = 373 bytes | Date = 02/17/2006 04:13 | Attr = ])
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache - ( [Ver = | Size = 1357 bytes | Date = 09/17/2006 01:42 | Attr = ])

CurrentUser ApplicationData Folder
C:\Documents and Settings\John\Application Data\dach100.dll - ( [Ver = | Size = 64512 bytes | Date = 10/06/2006 19:13 | Attr = H ])
C:\Documents and Settings\John\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 08/17/2005 05:45 | Attr = HS])
C:\Documents and Settings\John\Application Data\G-Force Prefs (WindowsMediaPlayer).txt - ( [Ver = | Size = 187 bytes | Date = 08/13/2006 19:16 | Attr = ])
C:\Documents and Settings\John\Application Data\pcouffin.cat - ( [Ver = | Size = 7176 bytes | Date = 09/02/2006 22:35 | Attr = ])
C:\Documents and Settings\John\Application Data\pcouffin.inf - ( [Ver = | Size = 1144 bytes | Date = 09/02/2006 22:35 | Attr = ])
C:\Documents and Settings\John\Application Data\pcouffin.log - ( [Ver = | Size = 34 bytes | Date = 09/02/2006 22:36 | Attr = ])
C:\Documents and Settings\John\Application Data\pcouffin.sys - (VSO Software [Ver = 1.36 | Size = 47360 bytes | Date = 09/02/2006 22:35 | Attr = ])

Program Files Folder

Common Files Folder

DPF files
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159216013454
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159215978798
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Microsoft XML Parser for Java - - CodeBase = file:///C:/WINDOWS/Java/classes/xmldso.cab

Hosts file = 734 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright (c) 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -

< End of report >

 

Well, that doesn't help alot. Got one more idea, if this doesn't help us and that's checking for a rootkit.

Go to Jotti's malware scan.
Copy/Paste this file into "File to upload and scan".
[bold]C:\Documents and Settings\John\Application Data\dach100.dll[/bold]

I see something else suspicious, but I think they are harmless.

Download SmitfraudFix.zip to the desktop from here
* Extract the files to the desktop.
* Open the newly created folder SmitfaudFix.
* Double-click smitfraudfix.cmd
* Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt.

Post back with the results from Jotti and the contents of rapport.txt.

 

File: dach100.dll_
Status:
OK
MD5 d11004fbef96a301c2bd2c350fddc6d6
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing





SmitFraudFix v2.109

Scan done at 11:01:12.71, Sat 10/14/2006
Run from C:\Documents and Settings\John\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Download F-Secure Blacklight (blbeta.exe) to the desktop from here.

Open it and click Accept Agreement.
Click "Scan".
After the scan is complete, click "Next", then "Exit".
It will create a log on the desktop named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan)
Post that log in your next reply.

 

10/14/06 16:31:17 [Info]: BlackLight Engine 1.0.47 initialized
10/14/06 16:31:17 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/14/06 16:31:20 [Note]: 7019 4
10/14/06 16:31:20 [Note]: 7005 0
10/14/06 16:31:23 [Note]: 7006 0
10/14/06 16:31:23 [Note]: 7011 3440
10/14/06 16:31:23 [Note]: 7026 0
10/14/06 16:31:23 [Note]: 7026 0
10/14/06 16:31:37 [Note]: FSRAW library version 1.7.1020
10/14/06 18:18:07 [Note]: 7007 0

 

Well, that offically rules out any malware remaining. You computer is clean.

Defragment your HD in safe mode.

Other than that, WMP may need to be reinstalled. And the CPU usage spikes, well I don't know.