Tech Support Forum - View Single Post

K'nolla · 01-05-2006, 10:45 AM

There are few pop ups that appear,
there is one with a blue screen, where it says download spy ware software.

............ StarDrecks Log......................

StartDreck (build 2.1.7 public stable) - 2005-01-05 @ 17:39:19 (GMT +00:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Kofo at KOFOPC

»Registry
»Run Keys
»Current User
»Run
*PopUpStopperFreeEdition="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
*CPQHotkeys=hotkeysvc.exe
*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
*msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
*Sony Ericsson PC Suite="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
»RunOnce
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE
»RunOnce
»Local Machine
»Run
*IgfxTray=C:\WINDOWS\system32\igfxtray.exe
*HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
*SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
*PCMService="C:\Program Files\Dell\Media Experience\PCMService.exe"
*DVDLauncher="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
*IntelMeM=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
*dla=C:\WINDOWS\system32\dla\tfswctrl.exe
*ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
*ccRegVfy=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*CPQHotkeys=hotkeysvc.exe
*LXBTCATS=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
*Lexmark 5200 series="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
*bcmwltry=bcmwltry.exe
*removecpl=RemoveCpl.exe
*NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
*RecoverFromReboot=C:\WINDOWS\Temp\RecoverFromReboot.exe
*workflow=D:\installs\workflow.exe
*iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*NAV CfgWiz="C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
*CPQHotkeys=hotkeysvc.exe
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
+Fax/{8b15971b-5355-4c82-8c07-7e181ea07608}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
*DriveLetterAccess/{5CA3D70E-1895-11CF-8E15-001234567890}
`InprocServer32=C:\WINDOWS\system32\dla\tfswshx.dll
*Navbho.CNavExtBho.1/{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
`InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program files\google\googletoolbar1.dll
*Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872}
`InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Bar=http://www.google.com/ie
*Search Page=http://www.google.com
*Start Page=http://www.google.co.uk/
+SearchUrl
*provider=gogl
*=http://home.microsoft.com/access/autosearch.asp?p=%s
»Default User
*Default_Page_URL=http://www.dell.co.uk/myway
*First Home Page=http://www.dell.co.uk/myway
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.dell.co.uk/myway
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=about:blank
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://www.google.com/ie
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Kofo\Start Menu\Programs\Startup\Adobe Gamma.lnk
*C:\Documents and Settings\Kofo\Start Menu\Programs\Startup\DESKTOP.INI
»Default User
*C:\Documents and Settings\Kofo\Start Menu\Programs\Startup\Adobe Gamma.lnk
*C:\Documents and Settings\Kofo\Start Menu\Programs\Startup\DESKTOP.INI
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\WINDOWS\wininit.ini
`[Rename]
`NUL=C:\DOCUME~1\Kofo\LOCALS~1\Temp\banner.exe
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\notepad.exe
+C:\WINDOWS\system32\slrundll.exe
*C:\WINDOWS\slrundll.exe
+C:\WINDOWS\system32\TASKMAN.EXE
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\WINHLP32.EXE
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+444=\SystemRoot\System32\smss.exe
+500=\??\C:\WINDOWS\system32\csrss.exe
+524=\??\C:\WINDOWS\system32\winlogon.exe
+872=C:\WINDOWS\system32\services.exe
+884=C:\WINDOWS\system32\lsass.exe
+1064=C:\WINDOWS\system32\svchost.exe
+1132=C:\WINDOWS\system32\svchost.exe
+1184=C:\WINDOWS\System32\svchost.exe
+1328=C:\WINDOWS\System32\svchost.exe
+1360=C:\WINDOWS\System32\svchost.exe
+1576=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
+1628=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
+208=C:\WINDOWS\Explorer.EXE
+592=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
+624=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
+844=C:\WINDOWS\system32\LEXBCES.EXE
+1080=C:\WINDOWS\system32\LEXPPS.EXE
+1088=C:\WINDOWS\system32\spoolsv.exe
+1544=C:\Program Files\ewido anti-malware\ewidoctrl.exe
+1788=C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
+1840=C:\WINDOWS\System32\svchost.exe
+1888=C:\WINDOWS\System32\wdfmgr.exe
+1428=C:\WINDOWS\System32\alg.exe
+2148=C:\WINDOWS\system32\hkcmd.exe
+2320=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
+2416=C:\Program Files\Dell\Media Experience\PCMService.exe
+2424=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
+2432=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
+2440=C:\WINDOWS\system32\dla\tfswctrl.exe
+2496=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
+2524=C:\Program Files\Common Files\Real\Update_OB\realsched.exe
+2672=C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
+2692=C:\WINDOWS\system32\bcmwltry.exe
+2724=C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
+2820=C:\Program Files\iTunes\iTunesHelper.exe
+2828=C:\Program Files\QuickTime\qttask.exe
+2848=C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
+2872=C:\Program Files\Messenger\msmsgs.exe
+2924=C:\Program Files\MSN Messenger\msnmsgr.exe
+2948=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
+2996=C:\Program Files\iPod\bin\iPodService.exe
+3156=C:\WINDOWS\System32\svchost.exe
+3292=C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
+312=C:\Program Files\Common Files\Teleca Shared\Generic.exe
+2168=C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
+3640=C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
+2292=C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
+3968=C:\Program Files\Internet Explorer\iexplore.exe
+3456=C:\Documents and Settings\Kofo\Desktop\StartDreck\StartDreck.exe
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User

................... Unistall List .................................

Adobe After Effects 6.5
Adobe Encore DVD 1.5
Adobe Photoshop CS
Adobe Premiere Pro
Adobe Reader 7.0
Adobe SVG Viewer 3.0
Belkin Wireless Setup utility
Boris Continuum Complete
Broadcom Management Programs
ccCommon
CleanUp!
ContextPlus
Dell Media Experience
Dell Photo Printer 720
Dell Solution Center
Disc2Phone
DivX Player
DivX Pro Trial
DVC305
ewido anti-malware
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
Internet Worm Protection
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky On-line Scanner
Lexmark 5200 Series
LimeWire
LiveReg (Symantec Corporation)
LiveUpdate 2.7 (Symantec Corporation)
Macromedia Contribute
Macromedia Director MX 2004
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX
Macromedia FreeHand MX
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (1.0.7)
MSN Messenger 7.5
MSRedist
NAVShortcut
Nero 6 Ultra Edition
Norton AntiVirus 2004 Professional (Symantec Corporation)
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
PACE System Files
Pop-Up Stopper Free Edition
PowerDVD 5.1
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Sentinel System Driver
Sony Ericsson Communication Center
Sony Ericsson PC Suite 1.10.61
SPBBC
Symantec
SymNet
Themexp.org File
Unitor8 Control 3.0
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver

01-05-2006, 10:45 AM	#13 (permalink)
K'nolla Registered User Join Date: Jun 2005 Posts: 50 OS: XP	There are few pop ups that appear, there is one with a blue screen, where it says download spy ware software. ............ StarDrecks Log...................... StartDreck (build 2.1.7 public stable) - 2005-01-05 @ 17:39:19 (GMT +00:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 2) Internet Explorer: 6.0.2900.2180 Logged in as Kofo at KOFOPC »Registry »Run Keys »Current User »Run PopUpStopperFreeEdition="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" CPQHotkeys=hotkeysvc.exe MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background Sony Ericsson PC Suite="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized »RunOnce »Default User »Run CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE »RunOnce »Local Machine »Run IgfxTray=C:\WINDOWS\system32\igfxtray.exe HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe PCMService="C:\Program Files\Dell\Media Experience\PCMService.exe" DVDLauncher="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" IntelMeM=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe dla=C:\WINDOWS\system32\dla\tfswctrl.exe ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ccRegVfy=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot CPQHotkeys=hotkeysvc.exe LXBTCATS=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 Lexmark 5200 series="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" bcmwltry=bcmwltry.exe removecpl=RemoveCpl.exe NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer RecoverFromReboot=C:\WINDOWS\Temp\RecoverFromReboot.exe workflow=D:\installs\workflow.exe iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe" QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime NAV CfgWiz="C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" +OptionalComponents +MSFS Installed=1 +MAPI Installed=1 NoChange=1 +MAPI Installed=1 NoChange=1 »RunOnce »RunServices CPQHotkeys=hotkeysvc.exe »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat batfile="%1" % +.com comfile="%1" % +.exe exefile="%1" % +.hta htafile=C:\WINDOWS\System32\mshta.exe "%1" % +.htm FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" +.html FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" +.js JSFile=%SystemRoot%\System32\WScript.exe "%1" % +.jse JSEFile=%SystemRoot%\System32\WScript.exe "%1" % +.pif piffile="%1" % +.reg regfile=regedit.exe "%1" +.scr scrfile="%1" /S +.txt txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe VBEFile=%SystemRoot%\System32\WScript.exe "%1" % +.wsh WSHFile=%SystemRoot%\System32\WScript.exe "%1" % +.wsf WSFFile=%SystemRoot%\System32\WScript.exe "%1" % +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c} StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE +Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP +Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE +Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED} StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install +NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B} StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT +Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278} StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf +Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be} StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser +Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6} StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub +Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02} StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install +Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340} StubPath=regsvr32.exe /s /n /i:U shell32.dll +Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383} StubPath=%SystemRoot%\system32\ie4uinit.exe +Fax/{8b15971b-5355-4c82-8c07-7e181ea07608} StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser »Browser Helper Objects (LM) AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll DriveLetterAccess/{5CA3D70E-1895-11CF-8E15-001234567890} `InprocServer32=C:\WINDOWS\system32\dla\tfswshx.dll Navbho.CNavExtBho.1/{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} `InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7} `InprocServer32=c:\program files\google\googletoolbar1.dll Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872} `InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll »Internet Explorer »Current User Local Page=C:\WINDOWS\system32\blank.htm Search Bar=http://www.google.com/ie Search Page=http://www.google.com Start Page=http://www.google.co.uk/ +SearchUrl provider=gogl =http://home.microsoft.com/access/autosearch.asp?p=%s »Default User Default_Page_URL=http://www.dell.co.uk/myway First Home Page=http://www.dell.co.uk/myway Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page=http://www.dell.co.uk/myway »Local Machine Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Local Page=%SystemRoot%\system32\blank.htm Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page=about:blank CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SearchAssistant=http://www.google.com/ie »ShellServiceObjectDelayLoad (LM) PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=%SystemRoot%\System32\webcheck.dll SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153} `InprocServer32=C:\WINDOWS\System32\stobject.dll »Special NT Values »Current User Load= Run= Programs=com exe bat pif cmd SHELL= »Default User Load= Run= Programs=com exe bat pif cmd SHELL= »Local Machine AppInit_DLLs= SHELL=Explorer.exe Userinit=C:\WINDOWS\system32\userinit.exe, »Files »Autostart Folders »Current User C:\Documents and Settings\Kofo\Start Menu\Programs\Startup\Adobe Gamma.lnk C:\Documents and Settings\Kofo\Start Menu\Programs\Startup\DESKTOP.INI »Default User C:\Documents and Settings\Kofo\Start Menu\Programs\Startup\Adobe Gamma.lnk C:\Documents and Settings\Kofo\Start Menu\Programs\Startup\DESKTOP.INI »Local Machine C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI »INI-Files »WIN.INI\[windows] LOAD= RUN= »SYSTEM.INI\[boot] SHELL=Explorer.exe »Text Files C:\boot.ini `[boot loader] `timeout=30 `default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS `[operating systems] `multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn C:\msdos.sys C:\config.sys C:\WINDOWS\system32\config.nt `dos=high, umb `device=%SystemRoot%\system32\himem.sys `files=40 C:\WINDOWS\wininit.ini `[Rename] `NUL=C:\DOCUME~1\Kofo\LOCALS~1\Temp\banner.exe `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= `NUL= C:\WINDOWS\system32\drivers\etc\hosts `127.0.0.1 localhost »Program Files C:\ntldr C:\ntdetect.com C:\io.sys C:\WINDOWS\system32\win.com C:\WINDOWS\explorer.exe »%PATH% Companion Files +C:\WINDOWS\system32\notepad.exe C:\WINDOWS\notepad.exe +C:\WINDOWS\system32\slrundll.exe C:\WINDOWS\slrundll.exe +C:\WINDOWS\system32\TASKMAN.EXE C:\WINDOWS\TASKMAN.EXE +C:\WINDOWS\system32\WINHLP32.EXE C:\WINDOWS\winhlp32.exe »System/Drivers »Running Processes +0=<idle> +4=<system> +444=\SystemRoot\System32\smss.exe +500=\??\C:\WINDOWS\system32\csrss.exe +524=\??\C:\WINDOWS\system32\winlogon.exe +872=C:\WINDOWS\system32\services.exe +884=C:\WINDOWS\system32\lsass.exe +1064=C:\WINDOWS\system32\svchost.exe +1132=C:\WINDOWS\system32\svchost.exe +1184=C:\WINDOWS\System32\svchost.exe +1328=C:\WINDOWS\System32\svchost.exe +1360=C:\WINDOWS\System32\svchost.exe +1576=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe +1628=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe +208=C:\WINDOWS\Explorer.EXE +592=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe +624=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe +844=C:\WINDOWS\system32\LEXBCES.EXE +1080=C:\WINDOWS\system32\LEXPPS.EXE +1088=C:\WINDOWS\system32\spoolsv.exe +1544=C:\Program Files\ewido anti-malware\ewidoctrl.exe +1788=C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe +1840=C:\WINDOWS\System32\svchost.exe +1888=C:\WINDOWS\System32\wdfmgr.exe +1428=C:\WINDOWS\System32\alg.exe +2148=C:\WINDOWS\system32\hkcmd.exe +2320=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe +2416=C:\Program Files\Dell\Media Experience\PCMService.exe +2424=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe +2432=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe +2440=C:\WINDOWS\system32\dla\tfswctrl.exe +2496=C:\Program Files\Common Files\Symantec Shared\ccApp.exe +2524=C:\Program Files\Common Files\Real\Update_OB\realsched.exe +2672=C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe +2692=C:\WINDOWS\system32\bcmwltry.exe +2724=C:\Program Files\Lexmark 5200 series\lxbtbmon.exe +2820=C:\Program Files\iTunes\iTunesHelper.exe +2828=C:\Program Files\QuickTime\qttask.exe +2848=C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe +2872=C:\Program Files\Messenger\msmsgs.exe +2924=C:\Program Files\MSN Messenger\msnmsgr.exe +2948=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe +2996=C:\Program Files\iPod\bin\iPodService.exe +3156=C:\WINDOWS\System32\svchost.exe +3292=C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe +312=C:\Program Files\Common Files\Teleca Shared\Generic.exe +2168=C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe +3640=C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE +2292=C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe +3968=C:\Program Files\Internet Explorer\iexplore.exe +3456=C:\Documents and Settings\Kofo\Desktop\StartDreck\StartDreck.exe »VMM32Files (LM) »%System%\VMM32 »%System%\IOSUBSYS »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User »Default User »Local Machine »ICQ NetDetect »Current User »Default User ................... Unistall List ................................. Adobe After Effects 6.5 Adobe Encore DVD 1.5 Adobe Photoshop CS Adobe Premiere Pro Adobe Reader 7.0 Adobe SVG Viewer 3.0 Belkin Wireless Setup utility Boris Continuum Complete Broadcom Management Programs ccCommon CleanUp! ContextPlus Dell Media Experience Dell Photo Printer 720 Dell Solution Center Disc2Phone DivX Player DivX Pro Trial DVC305 ewido anti-malware Google Toolbar for Internet Explorer HijackThis 1.99.1 Intel(R) 537EP V9x DF PCI Modem Intel(R) Extreme Graphics Driver Internet Explorer Default Page Internet Worm Protection iTunes Java 2 Runtime Environment, SE v1.4.2_03 Kaspersky On-line Scanner Lexmark 5200 Series LimeWire LiveReg (Symantec Corporation) LiveUpdate 2.7 (Symantec Corporation) Macromedia Contribute Macromedia Director MX 2004 Macromedia Dreamweaver MX Macromedia Extension Manager Macromedia Fireworks MX Macromedia Flash MX Macromedia FreeHand MX Macromedia Shockwave Player Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Office Professional Edition 2003 Modem Event Monitor Modem Helper Modem On Hold Mozilla Firefox (1.0.7) MSN Messenger 7.5 MSRedist NAVShortcut Nero 6 Ultra Edition Norton AntiVirus 2004 Professional (Symantec Corporation) Norton AntiVirus 2006 Norton AntiVirus 2006 (Symantec Corporation) Norton AntiVirus Help Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton Protection Center Norton WMI Update PACE System Files Pop-Up Stopper Free Edition PowerDVD 5.1 QuickTime RealPlayer Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Sentinel System Driver Sony Ericsson Communication Center Sony Ericsson PC Suite 1.10.61 SPBBC Symantec SymNet Themexp.org File Unitor8 Control 3.0 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB910437) Viewpoint Media Player Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinRAR archiver