Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager Disabled!


  • Please log in to reply
3 replies to this topic

#1 mosie125

mosie125

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 07 December 2006 - 02:35 PM

hello.
i am new to this site, but am very interested in how you help everyone. i am in need of help myself. i am only a beginner when it comes to computers so any help would be much appriciated.

the problem is when i press Ctrl+Alt and Delete to bring up task manager.

its says it has been disabled by my administrator.

i am the only person who uses the computer and there is only my user on the machine. i am running XP service pack 2.

can you help?

cheers mousie!

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:40 AM

Posted 07 December 2006 - 04:09 PM

Hello mosie125 and welcome to the BC HijackThis forum. I am going to use you as a test subject if that is Ok.

WinPFind3u - Report

I would like you to download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 mosie125

mosie125
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 07 December 2006 - 04:16 PM

nopWinPFind3 logfile created on: 07/12/2006 21:09:22
WinPFind3U by OldTimer - Beta 2 Folder = C:\Documents and Settings\MOUSIE\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


[Processes - Non-Microsoft Only]
agrsmmsg.exe -> C:\WINDOWS\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Date = 29/06/2004 17:06:38 | Attr = ]
alcxmntr.exe -> C:\WINDOWS\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Date = 07/09/2004 20:47:52 | Attr = ]
aolacsd.exe -> C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.UK.223 | Size = 1135728 bytes | Date = 08/04/2004 08:38:26 | Attr = ]
aoldial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> America Online, Inc [Ver = 2.0.20.1.UK.223 | Size = 496752 bytes | Date = 08/04/2004 08:38:28 | Attr = ]
application launcher.exe -> C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> Sony Ericsson Mobile Communications AB [Ver = 1.1.1.3 | Size = 159744 bytes | Date = 26/10/2005 16:17:24 | Attr = R ]
avgamsvr.exe -> C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,365 | Size = 336896 bytes | Date = 20/06/2006 16:51:40 | Attr = ]
avgcc.exe -> C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,406 | Size = 369664 bytes | Date = 29/09/2006 15:00:52 | Attr = ]
avgemc.exe -> C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,400 | Size = 281088 bytes | Date = 14/09/2006 20:37:34 | Attr = ]
avgupsvc.exe -> C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,349 | Size = 84480 bytes | Date = 20/06/2006 16:51:44 | Attr = ]
calcheck.exe -> C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe -> Ulead Systems, Inc. [Ver = 4, 0, 0, 0 | Size = 57344 bytes | Date = 27/11/2000 20:14:44 | Attr = ]
capabilitymanager.exe -> C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe -> Teleca Software Solutions AB [Ver = 0.0.1.48 | Size = 278528 bytes | Date = 08/06/2005 16:45:04 | Attr = ]
dragdiag.exe -> C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Date = 26/01/2004 10:38:38 | Attr = ]
e_fati9be.exe -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 98304 bytes | Date = 04/03/2004 03:00:00 | Attr = ]
epmworker.exe -> C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe -> Sony Ericsson Mobile Communications AB [Ver = 1, 2, 0,1184 | Size = 872448 bytes | Date = 16/03/2006 08:43:28 | Attr = R ]
generic.exe -> C:\Program Files\Common Files\Teleca Shared\Generic.exe -> Teleca Software Solutions [Ver = 1, 0, 3, 2 | Size = 385024 bytes | Date = 10/08/2005 07:54:34 | Attr = R ]
hphmon06.exe -> C:\WINDOWS\system32\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Date = 07/06/2004 18:42:30 | Attr = ]
hpqtra08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Date = 05/11/2004 02:28:24 | Attr = ]
hpsysdrv.exe -> C:\windows\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Date = 07/05/1998 16:04:38 | Attr = ]
hpzipm12.exe -> C:\WINDOWS\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Date = 29/09/2004 19:14:36 | Attr = ]
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Date = 30/10/2006 09:36:32 | Attr = ]
itunes.exe -> C:\Program Files\iTunes\iTunes.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 15338560 bytes | Date = 30/10/2006 09:36:32 | Attr = ]
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Date = 30/10/2006 09:36:36 | Attr = ]
jusched.exe -> C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Date = 10/11/2005 13:03:52 | Attr = ]
kbd.exe -> C:\HP\KBD\KBD.EXE -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Date = 02/02/2005 22:44:24 | Attr = ]
limewire.exe -> C:\Program Files\LimeWire\LimeWire.exe -> [Ver = | Size = 159744 bytes | Date = 19/08/2006 22:58:52 | Attr = ]
nvsvc32.exe -> C:\WINDOWS\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 127043 bytes | Date = 24/02/2005 14:32:00 | Attr = ]
pg2.exe -> C:\Program Files\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Date = 18/09/2005 18:40:42 | Attr = ]
qttask.exe -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Date = 25/10/2006 18:58:18 | Attr = ]
realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Date = 02/01/2005 01:40:36 | Attr = ]
spysweeper.exe -> C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3.5.0.189 | Size = 3545088 bytes | Date = 09/12/2004 18:34:00 | Attr = ]
vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Date = 23/08/2006 22:38:26 | Attr = ]
watch.exe -> C:\Program Files\DV Series\Console\Watch.exe -> [Ver = 1, 0, 0, 1 | Size = 217088 bytes | Date = 11/12/2002 14:49:24 | Attr = ]
winpfind3u.exe -> C:\Documents and Settings\MOUSIE\Desktop\WinPFind3u\WinPFind3U.exe -> [Ver = | Size = 288256 bytes | Date = 06/12/2006 21:17:30 | Attr = ]
ytbsdk.exe -> C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe -> Symantec Corporation [Ver = 2006.0.0.13 | Size = 214704 bytes | Date = 28/06/2006 11:34:34 | Attr = ]
zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Date = 23/08/2006 22:38:28 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.UK.223 | Size = 1135728 bytes | Date = 08/04/2004 08:38:26 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,365 | Size = 336896 bytes | Date = 20/06/2006 16:51:40 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,349 | Size = 84480 bytes | Date = 20/06/2006 16:51:44 | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,400 | Size = 281088 bytes | Date = 14/09/2006 20:37:34 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Date = 04/08/2004 12:00:00 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Date = 03/04/2005 23:41:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Date = 30/10/2006 09:36:32 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 127043 bytes | Date = 24/02/2005 14:32:00 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Date = 29/09/2004 19:14:36 | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Date = 05/04/2005 11:17:22 | Attr = ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Date = 23/08/2006 22:38:26 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
Adobe Photo Downloader -> C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> File not found
AGRSMMSG -> C:\WINDOWS\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Date = 29/06/2004 17:06:38 | Attr = ]
AlcxMonitor -> C:\WINDOWS\ALCXMNTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Date = 07/09/2004 20:47:52 | Attr = ]
AOLDialer -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> America Online, Inc [Ver = 2.0.20.1.UK.223 | Size = 496752 bytes | Date = 08/04/2004 08:38:28 | Attr = ]
AVG7_CC -> C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7,1,0,406 | Size = 369664 bytes | Date = 29/09/2006 15:00:52 | Attr = ]
EPSON Stylus CX3600 Series -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 98304 bytes | Date = 04/03/2004 03:00:00 | Attr = ]
eTrustPPAP -> C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe -> File not found
HPHmon06 -> C:\WINDOWS\system32\hphmon06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 659456 bytes | Date = 07/06/2004 18:42:30 | Attr = ]
HPHUPD06 -> c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe -> Hewlett-Packard [Ver = 6,0,72 | Size = 49152 bytes | Date = 07/06/2004 18:53:26 | Attr = ]
hpsysdrv -> c:\windows\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Date = 07/05/1998 16:04:38 | Attr = ]
iTunesHelper -> C:\Program Files\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Date = 30/10/2006 09:36:36 | Attr = ]
KBD -> C:\HP\KBD\KBD.EXE -> Hewlett-Packard Company [Ver = 1.0.2.2.20205 | Size = 61440 bytes | Date = 02/02/2005 22:44:24 | Attr = ]
LSBWatcher -> c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe -> Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Date = 14/10/2004 20:54:32 | Attr = ]
NvCplDaemon -> RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll -> File not found
nwiz -> C:\WINDOWS\SYSTEM32\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.10035 | Size = 1495040 bytes | Date = 24/02/2005 14:32:00 | Attr = ]
PS2 -> C:\WINDOWS\system32\ps2.exe -> Hewlett-Packard Company [Ver = 1.0.2.2.112404 | Size = 90112 bytes | Date = 25/10/2004 21:17:56 | Attr = ]
QuickTime Task -> C:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Date = 25/10/2006 18:58:18 | Attr = ]
Recguard -> C:\WINDOWS\SMINST\RECGUARD.EXE -> [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Date = 14/04/2004 20:43:46 | Attr = ]
Sony Ericsson PC Suite -> C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe -> Sony Ericsson Mobile Communications AB [Ver = 1.1.1.3 | Size = 159744 bytes | Date = 26/10/2005 16:17:24 | Attr = R ]
SpeedTouch USB Diagnostics -> C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Date = 26/01/2004 10:38:38 | Attr = ]
SunJavaUpdateSched -> C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Date = 10/11/2005 13:03:52 | Attr = ]
Symantec NetDriver Monitor -> C:\PROGRA~1\SYMNET~1\SNDMon.exe -> Symantec Corporation [Ver = 5.4.2.17 | Size = 111840 bytes | Date = 23/11/2005 17:28:02 | Attr = ]
TkBellExe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Date = 02/01/2005 01:40:36 | Attr = ]
Zone Labs Client -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Date = 23/08/2006 22:38:28 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus CX3600 Series -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 98304 bytes | Date = 04/03/2004 03:00:00 | Attr = ]
irwm -> C:\PROGRA~1\COMMON~1\irwm\irwmm.exe -> File not found
PeerGuardian -> C:\Program Files\PeerGuardian2\pg2.exe -> Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Date = 18/09/2005 18:40:42 | Attr = ]
SpySweeper -> C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3.5.0.189 | Size = 3545088 bytes | Date = 09/12/2004 18:34:00 | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
winspool.dll -> winspool.dll -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
vtutq -> C:\WINDOWS\system32\vtutq.dll -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\WinUpdate.exe -> C:\Program Files\Windows\WinUpdate.exe ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit -> 0 ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< Internet Explorer Settings > ->
HKLM: Start Page -> http://www.yahoo.com ->
HKLM: Default_Page_URL -> http://www.yahoo.com ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm ->
HKLM: Search Bar -> http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: CustomizeSearch -> http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm ->
HKCU: SearchAssistant -> http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm ->
HKCU: Search Bar -> ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
URLSearchHooks {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Date = 29/09/2006 11:53:18 | Attr = ]
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> <local> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Date = 29/09/2006 11:53:18 | Attr = ]
{56CBC9FA-FD23-4497-A789-6E43F46E87C6} [HKLM] -> C:\WINDOWS\system32\vtutq.dll [Reg Data - Value does not exist] -> File not found
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
[HKLM] -> Reg Data - Key not found [Reg Data - Value does not exist] -> File not found
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> c:\program files\google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 3, 0, 128, 1 | Size = 1164800 bytes | Date = 08/11/2005 18:43:56 | Attr = R ]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Date = 21/11/2003 12:26:28 | Attr = ]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Date = 10/02/2004 13:08:58 | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Date = 29/09/2006 11:53:18 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Date = 21/11/2003 12:26:28 | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> c:\program files\google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 3, 0, 128, 1 | Size = 1164800 bytes | Date = 08/11/2005 18:43:56 | Attr = R ]
WebBrowser\\{A1C18A7B-55E9-4DA3-A880-D112C791A9D8} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKLM] -> c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [HP view] -> Hewlett-Packard Company [Ver = 1.0.0.7 | Size = 98304 bytes | Date = 21/11/2003 12:26:28 | Attr = ]
WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Date = 10/02/2004 13:08:58 | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Date = 29/09/2006 11:53:18 | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Sun Java Console ->
{6715FB17-6DC8-4ff8-8CED-9BEFC28E2704} -> 8196 - Reg Data - Key not found ->
{A48E50C6-0669-4E99-A346-F1C3967AD062} -> 8195 - Reg Data - Key not found ->
{BB15D76F-6189-4c89-A9F8-CED4F9D01328} -> 8197 - Reg Data - Key not found ->
{E2D4D26B-0180-43a4-B05F-462D6D54C789} -> 8192 - Connection Help ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Windows Messenger ->
NextId -> 8198 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Date = 10/11/2005 13:22:10 | Attr = ]
{E2D4D26B-0180-43a4-B05F-462D6D54C789} -> C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [ButtonText: Connection Help] -> [Ver = | Size = 735 bytes | Date = 04/03/2006 17:13:12 | Attr = ]
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] ->
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Google Search -> c:\program files\google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 128, 1 | Size = 1164800 bytes | Date = 08/11/2005 18:43:56 | Attr = R ]
&Translate English Word -> c:\program files\google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 128, 1 | Size = 1164800 bytes | Date = 08/11/2005 18:43:56 | Attr = R ]
Backward Links -> c:\program files\google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 128, 1 | Size = 1164800 bytes | Date = 08/11/2005 18:43:56 | Attr = R ]
Cached Snapshot of Page -> c:\program files\google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 128, 1 | Size = 1164800 bytes | Date = 08/11/2005 18:43:56 | Attr = R ]
Similar Pages -> c:\program files\google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 128, 1 | Size = 1164800 bytes | Date = 08/11/2005 18:43:56 | Attr = R ]
Translate Page into English -> c:\program files\google\GoogleToolbar2.dll -> Google Inc. [Ver = 3, 0, 128, 1 | Size = 1164800 bytes | Date = 08/11/2005 18:43:56 | Attr = R ]
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Date = 30/01/2001 12:56:24 | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}[HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{066A468B-9674-4B6D-83FA-A87ECBF759F2}[HKLM] -> Reg Data - Key not found [] -> File not found
{0863693C-4986-4829-AEFB-8A9B61BEE633}[HKLM] -> Reg Data - Key not found [] -> File not found
{0A1FE6A0-2DA3-4349-B19A-ECD0D0F9E09B}[HKLM] -> Reg Data - Key not found [] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1}[HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D}[HKLM] -> C:\WINDOWS\system32\nvshell.dll [Desktop Explorer] -> NVIDIA Corporation [Ver = 6.14.10.10035 | Size = 466944 bytes | Date = 24/02/2005 14:32:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47}[HKLM] -> C:\WINDOWS\system32\nvshell.dll [Desktop Explorer Menu] -> NVIDIA Corporation [Ver = 6.14.10.10035 | Size = 466944 bytes | Date = 24/02/2005 14:32:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48}[HKLM] -> C:\WINDOWS\system32\nvshell.dll [nView Desktop Context Menu] -> NVIDIA Corporation [Ver = 6.14.10.10035 | Size = 466944 bytes | Date = 24/02/2005 14:32:00 | Attr = ]
{266E32F9-58A2-45EF-9A98-BDABACC272E4}[HKLM] -> Reg Data - Key not found [] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3}[HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{4289FB75-4109-4424-B28E-7B89B22043C0}[HKLM] -> Reg Data - Key not found [] -> File not found
{45AC2688-0253-4ED8-97DE-B5370FA7D48A}[HKLM] -> Reg Data - Key not found [Shell Extension for Malware scanning] -> File not found
{5464D816-CF16-4784-B9F3-75C0DB52B499}[HKLM] -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 11, 23, 1 | Size = 180848 bytes | Date = 23/11/2004 09:59:58 | Attr = ]
{69BB090C-9681-4DF3-9CEB-B1D0159D72D5}[HKLM] -> Reg Data - Key not found [] -> File not found
{764BF0E1-F219-11ce-972D-00AA00A14F56}[HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153}[HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{7C9D5882-CB4A-4090-96C8-430BFE8B795B}[HKLM] -> C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll [Webroot Spy Sweeper Context Menu Integration] -> Webroot Software, Inc. [Ver = 3.5.0.189 | Size = 86016 bytes | Date = 09/12/2004 18:33:52 | Attr = ]
{7F67036B-66F1-411A-AD85-759FB9C5B0DB}[HKLM] -> C:\WINDOWS\system32\ShellvRTF.dll [SampleView] -> XSS [Ver = 1, 0, 0, 1 | Size = 122880 bytes | Date = 20/09/2002 21:42:28 | Attr = ]
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}[HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8}[HKLM] -> C:\WINDOWS\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 04/08/2004 12:00:00 | Attr = ]
{8BB96AFE-41C2-441C-A39B-20764A93C297}[HKLM] -> Reg Data - Key not found [] -> File not found
{8E4D6FB5-711B-4D79-B028-95247B82B2F8}[HKLM] -> Reg Data - Key not found [] -> File not found
{96991FD4-2287-4970-A266-982DD1E6BE4A}[HKLM] -> C:\WINDOWS\system32\myvcrt20.dll [] -> File not found
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}[HKLM] -> C:\Program Files\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Date = 20/06/2006 16:51:42 | Attr = ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}[HKLM] -> C:\Program Files\Grisoft\AVG Free\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Date = 20/06/2006 16:51:42 | Attr = ]
{A37C860D-F287-48FC-A50E-3822BC894BEF}[HKLM] -> Reg Data - Key not found [] -> File not found
{A5110426-177D-4e08-AB3F-785F10B4439C}[HKLM] -> C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll [Sony Ericsson File Manager] -> Sony Ericsson Mobile Communications AB [Ver = 1, 3, 11, 0 | Size = 397312 bytes | Date = 14/03/2006 15:23:00 | Attr = R ]
{A70C977A-BF00-412C-90B7-034C51DA2439}[HKLM] -> C:\WINDOWS\system32\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 5537792 bytes | Date = 24/02/2005 14:32:00 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA}[HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR shell extension] -> [Ver = | Size = 125440 bytes | Date = 07/10/2005 15:05:32 | Attr = ]
{B5809C5D-ACBA-43AC-B592-66A03C46B2A9}[HKLM] -> Reg Data - Key not found [] -> File not found
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}[HKLM] -> C:\Program Files\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Date = 30/10/2006 09:36:36 | Attr = ]
{BA562284-34BB-493F-BE59-34A1AF4ACDC7}[HKLM] -> Reg Data - Key not found [] -> File not found
{BE22F132-43E4-4F19-87EA-6D0546C681F8}[HKLM] -> Reg Data - Key not found [] -> File not found
{C4EB799C-5D40-4D16-A081-91B7E4593F77}[HKLM] -> Reg Data - Key not found [] -> File not found
{C6057FD7-5755-47A7-B0AB-430D2B240D7D}[HKLM] -> Reg Data - Key not found [] -> File not found
{E0D79304-84BE-11CE-9641-444553540000}[HKLM] -> C:\PROGRA~1\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 3.0 (32-bit) | Size = 24644 bytes | Date = 19/04/2000 07:00:00 | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000}[HKLM] -> C:\PROGRA~1\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 3.0 (32-bit) | Size = 24644 bytes | Date = 19/04/2000 07:00:00 | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000}[HKLM] -> C:\PROGRA~1\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 3.0 (32-bit) | Size = 24644 bytes | Date = 19/04/2000 07:00:00 | Attr = ]
{EB32C3EF-76B6-4847-87EE-11117B4CE703}[HKLM] -> Reg Data - Key not found [] -> File not found
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}[HKLM] -> C:\Program Files\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.1946 | Size = 49198 bytes | Date = 02/01/2005 01:40:38 | Attr = ]
{F754208A-05E4-4759-BA43-397597EB8FB3}[HKLM] -> Reg Data - Key not found [] -> File not found
{FFB699E0-306A-11d3-8BD1-00104B6F7516}[HKLM] -> C:\WINDOWS\system32\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 5537792 bytes | Date = 24/02/2005 14:32:00 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> C:\Program Files\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Date = 20/06/2006 16:51:42 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Date = 07/10/2005 15:05:32 | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\PROGRA~1\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 3.0 (32-bit) | Size = 24644 bytes | Date = 19/04/2000 07:00:00 | Attr = ]
{5464D816-CF16-4784-B9F3-75C0DB52B499} [HKLM] -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll [Yahoo! Mail] -> Yahoo! Inc. [Ver = 2004, 11, 23, 1 | Size = 180848 bytes | Date = 23/11/2004 09:59:58 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Date = 07/10/2005 15:05:32 | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\PROGRA~1\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 3.0 (32-bit) | Size = 24644 bytes | Date = 19/04/2000 07:00:00 | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> C:\WINDOWS\system32\nvshell.dll [00nView] -> NVIDIA Corporation [Ver = 6.14.10.10035 | Size = 466944 bytes | Date = 24/02/2005 14:32:00 | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> C:\WINDOWS\system32\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.7184 | Size = 5537792 bytes | Date = 24/02/2005 14:32:00 | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> C:\Program Files\Grisoft\AVG Free\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Date = 20/06/2006 16:51:42 | Attr = ]
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll [SpySweeper] -> Webroot Software, Inc. [Ver = 3.5.0.189 | Size = 86016 bytes | Date = 09/12/2004 18:33:52 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Program Files\WinRAR\rarext.dll [WinRAR] -> [Ver = | Size = 125440 bytes | Date = 07/10/2005 15:05:32 | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> C:\PROGRA~1\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing, Inc. [Ver = 3.0 (32-bit) | Size = 24644 bytes | Date = 19/04/2000 07:00:00 | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Date = 14/12/2004 02:20:02 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
{9DF20E32-388E-2A77-C7F7-91321DF4220D} -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{5DB5FEE6-45C4-40A9-ABDF-ED630A5D2C49} -> (1394 Net Adapter) ->
{5DD4DEC1-EA7B-4DEC-82E5-AB854D392EC7} -> () ->
{6BD30A3A-EFAF-40E4-9D94-FC42AC29FCEB} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found

< End of report >

hello

many thanks for your help, it's fine.

there you go hope i havent missed anything out.

cheers mousie.

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:40 AM

Posted 07 December 2006 - 06:13 PM

Hi mousie. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download CCleaner and install it but do not run it yet.

Step #2

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #3

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> eTrustPPAP -> C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> irwm -> C:\PROGRA~1\COMMON~1\irwm\irwmm.exe
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> winspool.dll -> winspool.dll
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> vtutq -> C:\WINDOWS\system32\vtutq.dll
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YY -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\WinUpdate.exe -> C:\Program Files\Windows\WinUpdate.exe
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {56CBC9FA-FD23-4497-A789-6E43F46E87C6} [HKLM] -> C:\WINDOWS\system32\vtutq.dll [Reg Data - Value does not exist]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[HKLM]
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{A1C18A7B-55E9-4DA3-A880-D112C791A9D8} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}[HKLM] -> Reg Data - Key not found [Autoplay for SlideShow]
YN -> {066A468B-9674-4B6D-83FA-A87ECBF759F2}[HKLM] -> Reg Data - Key not found []
YN -> {0863693C-4986-4829-AEFB-8A9B61BEE633}[HKLM] -> Reg Data - Key not found []
YN -> {0A1FE6A0-2DA3-4349-B19A-ECD0D0F9E09B}[HKLM] -> Reg Data - Key not found []
YN -> {266E32F9-58A2-45EF-9A98-BDABACC272E4}[HKLM] -> Reg Data - Key not found []
YN -> {4289FB75-4109-4424-B28E-7B89B22043C0}[HKLM] -> Reg Data - Key not found []
YN -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A}[HKLM] -> Reg Data - Key not found [Shell Extension for Malware scanning]
YN -> {69BB090C-9681-4DF3-9CEB-B1D0159D72D5}[HKLM] -> Reg Data - Key not found []
YN -> {8BB96AFE-41C2-441C-A39B-20764A93C297}[HKLM] -> Reg Data - Key not found []
YN -> {8E4D6FB5-711B-4D79-B028-95247B82B2F8}[HKLM] -> Reg Data - Key not found []
YN -> {96991FD4-2287-4970-A266-982DD1E6BE4A}[HKLM] -> C:\WINDOWS\system32\myvcrt20.dll []
YN -> {A37C860D-F287-48FC-A50E-3822BC894BEF}[HKLM] -> Reg Data - Key not found []
YN -> {B5809C5D-ACBA-43AC-B592-66A03C46B2A9}[HKLM] -> Reg Data - Key not found []
YN -> {BA562284-34BB-493F-BE59-34A1AF4ACDC7}[HKLM] -> Reg Data - Key not found []
YN -> {BE22F132-43E4-4F19-87EA-6D0546C681F8}[HKLM] -> Reg Data - Key not found []
YN -> {C4EB799C-5D40-4D16-A081-91B7E4593F77}[HKLM] -> Reg Data - Key not found []
YN -> {C6057FD7-5755-47A7-B0AB-430D2B240D7D}[HKLM] -> Reg Data - Key not found []
YN -> {EB32C3EF-76B6-4847-87EE-11117B4CE703}[HKLM] -> Reg Data - Key not found []
YN -> {F754208A-05E4-4759-BA43-397597EB8FB3}[HKLM] -> Reg Data - Key not found []
[Reboot]

The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #5

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #6

Create a new WinPFind3U report and post it back here along with the AVG Anti-Spyware report. I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users