Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
recently i have been having a problem with my internet,,pages can take upto 15 minutes to load and when downloading speeds are dropping to 0,,i called my isp and they said my connection is showing no problems,,so i do a virus scan and nothing shows up,,,i check in task manager in processes and i see there is upto 5 IEXPLORE.exe yet internet explorer isnt open,,,this morning i update my avg anti vuris ( not free edition full version ) and straight away it finds 4 viruses hiding in application data in a folder called PILEMOREBEEP..i move the viruses to vault,restart pc and then run the scan again and nothing shows up,,i check in task manager and the IEXPLORE.exe have all gone but yet when i connect to the internet i still have no speed,im on bt broadband upto 8mb and supplier stated i can get realisticaly upto 4MB on my line so wasnt excepting i cant have a decent speed...the name of the virus found is Downloader.Obfuskated ( or obfuscated as stated on google search )..could someone please help me on what i should do as this is driving me insane...thank you in advance
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
0 
i cannot download smitfraud fix till i go to work in the morning,,on my pc when downloading speeds freeze but i have HJT and here are the results
Logfile of HijackThis v1.99.1
Scan saved at 23:08:21, on 01/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\msnlogm.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\msnlogs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd....
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {30CADB40-6FD7-433F-BF0D-4827CA7B5BDF} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://biengagedsize8mom.spaces.msn...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.c...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/pre...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://32red.microgaming.com/32red/FlashAX.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Unknown owner - C:\WINDOWS\system32\drivers\CDAC11BA.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.exe
0
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe modeDownload and install AVG Anti-Spyware We will need this later in safe mode
Be sure to update AVG Anti- Spyware
Next, please reboot your computer in Safe Mode by doing the following :
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":
If the R0's and R1's are not found remove them in normal mode later.
R1 - HKCU\Software\Microsoft\Internet\xplorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://32red.microgaming.com/32red/FlashAX.cab
Exit Hijack This but remain in safe mode.
Navigate to and delete these files if found:
C:\WINDOWS\msnlogm.exe
C:\WINDOWS\msnlogs.exe
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Post the AVH-Anti-Spyware report please.
0
ok i have done all that here are the reports for fraud fix an avg spyware,,since doing all this tho,,from start up and restart its takin upto 15 minutes for my computer to fully load :|
SMITFRAUD
SmitFraudFix v2.146
Scan done at 12:56:11.73, 02/03/2007
Run from C:\Documents and Settings\wayne\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos FixGenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» EndAVG SPYWARE
AVG Anti-Spyware - Scan Report
+ Created at: 13:33:56 02/03/2007+ Scan result:
Nothing found.
::Report end
0
what would it mean if i accidently forgot to do this :-
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
?
0
Everything we removed was spyware related. Not running the system restore purge would not do anything.
But it does appear that you ran smitfraudfix option #2 in stead of option #1 and that can damage your desktop as stated in response #1 and that can damage the destop files. I'll look for a fix.
Please download Comboscan from this link:
Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next post.
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please attach Supplementary.txt to your post.Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
0
ah yeah i did run number 2,,my fault i forgot about that,an besides the slow system i did notice my wallpaper keep dissapearing..
here are the results------
ComboScan v20070226.18 run by wayne on 2007-03-02 at 22:56:30
Computer is in Normal Mode.
----------------------Successfully created restore point.
Performed disk cleanup.
-- HijackThis (run as wLogfile of HijackThis v1.99.1
Scan saved at 22:56:39, on 02/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\wayne\Local Settings\Temporary Internet Files\Content.IE5\41IJ81UZ\comboscan[1].exe
C:\PROGRA~1\HIJACK~1\wayne.exeO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd....
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {30CADB40-6FD7-433F-BF0D-4827CA7B5BDF} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://biengagedsize8mom.spaces.msn...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.c...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/pre...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Unknown owner - C:\WINDOWS\system32\drivers\CDAC11BA.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.exe
-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) ---------------------backup-20070301-142942-589 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20070301-142942-609 O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
backup-20070301-235959-148 O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
backup-20070301-235959-155 O1 - Hosts: 66.98.148.65 auto.search.msn.es
backup-20070301-235959-163 O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://32red.microgaming.com/32red/FlashAX.cab
backup-20070301-235959-366 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/...
backup-20070301-235959-448 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...
backup-20070301-235959-457 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/...
backup-20070301-235959-486 O1 - Hosts: 66.98.148.65 auto.search.msn.com
backup-20070301-235959-489 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...
backup-20070301-235959-640 O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
backup-20070301-235959-666 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/...
backup-20070301-235959-756 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
backup-20070301-235959-852 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...
backup-20070301-235959-903 O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
backup-20070302-000502-306 O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
backup-20070302-000502-481 O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)-- File Associat-------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.exe %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.exe %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.exe %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys
1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys
1R Avg7RsXP (AVG7 Rezident Driver) - C:\WINDOWS\system32\drivers\avg7rsxp.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
2S CdaC15BA - C:\WINDOWS\system32\drivers\CDAC15BA.SYS (not found)
3S dtscsi - C:\WINDOWS\system32\drivers\dtscsi.sys
3R FETND5BV (VIA Rhine-Family Fast Ethernet Adapter Driver Service) - C:\WINDOWS\system32\drivers\fetnd5bv.sys
3S FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\fetnd5.sys
0R gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - C:\WINDOWS\system32\drivers\GAGP30KX.SYS
3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3S k750bus (Sony Ericsson 750 driver (WDM)) - C:\WINDOWS\system32\drivers\k750bus.sys
3S k750mdfl (Sony Ericsson 750 USB WMC Modem Filter) - C:\WINDOWS\system32\drivers\k750mdfl.sys
3S k750mdm (Sony Ericsson 750 USB WMC Modem Drivers) - C:\WINDOWS\system32\drivers\k750mdm.sys
3S k750mgmt (Sony Ericsson 750 USB WMC Device Management Drivers) - C:\WINDOWS\system32\drivers\k750mgmt.sys
3S k750obex (Sony Ericsson 750 USB WMC OBEX Interface Drivers) - C:\WINDOWS\system32\drivers\k750obex.sys
3S MHNDRV (MHN driver) - C:\WINDOWS\system32\drivers\mhndrv.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - C:\Program Files\Common Files\Motive\MRENDIS5.sys
3S NETMDUSB (Net MD) - C:\WINDOWS\system32\drivers\NETMDUSB.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3S P2k (Motorola USB Device) - C:\WINDOWS\system32\DRIVERS\P2k.sys (not found)
3R Pcouffin (VSO Software pcouffin) - C:\WINDOWS\system32\drivers\pcouffin.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S SANDRA - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\Sandra.sys (not found)
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbser (Motorola USB Modem Driver) - C:\WINDOWS\system32\drivers\usbser.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3R USB_RNDIS (Thomson ST Remote NDIS Device Driver) - C:\WINDOWS\system32\drivers\usb8023.sys
0R viamraid - C:\WINDOWS\system32\drivers\viamraid.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
2R Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
2S C-DillaCdaC11BA - C:\WINDOWS\system32\drivers\CDAC11BA.exe
2R ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe
2R ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe
3S MHN - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
3S SPTISRV (Sony SPTI Service) - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
3S UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3S YPCService - C:\WINDOWS\system32\YPCSER~1.exe
-- Files created between 2007-02-02 and 20----------2007-03-02 19:55:03 0 d-------- C:\Program Files\Motive
2007-03-02 16:14:57 0 d-------- C:\Program Files\BT Broadband Desktop Help<BTBROA~1>
2007-03-02 16:14:56 0 d-------- C:\Program Files\Motive(2)<MOTIVE~1>
2007-03-02 14:18:18 14974976 --a------ C:\Documents and Settings\wayne\ntuser.dat
2007-03-02 12:56:15 2278 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-02 12:55:46 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-02 12:55:46 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-02 12:55:46 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-02 12:55:46 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-02 12:55:46 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-03-02 12:55:46 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-02 12:50:45 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-01 21:03:28 0 d-------- C:\WINDOWS\system32\NtmsData
2007-03-01 11:42:35 0 dr-h----- C:\$VAULT$.AVG
2007-03-01 10:54:14 0 d-------- C:\Program Files\Common Files\Synacast
2007-03-01 06:41:04 385024 --a------ C:\WINDOWS\system32\IKAutoUp.exe
2007-03-01 06:40:53 385024 --a------ C:\WINDOWS\system32\IkAutoUp.dat
2007-03-01 06:40:36 0 d-------- C:\Ikarus
2007-02-27 15:14:26 0 d-------- C:\Program Files\HiJackThis<HIJACK~1>
2007-02-27 14:21:12 0 d-------- C:\Documents and Settings\wayne\Application Data\Lavasoft
2007-02-27 14:20:46 0 d-------- C:\Program Files\Lavasoft
2007-02-27 14:20:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-26 23:50:45 86016 --a------ C:\WINDOWS\system32\YPcservice.exe<YPCSER~1.EXE>
2007-02-26 23:50:45 131072 --a------ C:\WINDOWS\system32\ypclsp.dll
2007-02-26 23:50:25 0 d-------- C:\Documents and Settings\wayne\Application Data\Yahoo!
2007-02-26 23:49:51 24576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-02-26 23:49:40 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-02-26 23:49:08 65536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2007-02-26 23:48:48 0 d-------- C:\Program Files\Yahoo!
2007-02-26 23:46:50 0 d-------- C:\WINDOWS\tmp.0002<TMP~3.000>
2007-02-26 23:39:17 0 d-------- C:\Program Files\btbb_wcm
2007-02-26 23:38:41 0 d-------- C:\Program Files\BT Home Hub<BTHOME~1>
2007-02-26 23:28:04 0 d--h----- C:\WINDOWS\system32\GroupPolicy<GROUPP~1>
2007-02-26 21:57:47 12284657 -----n--- C:\AVG7QT.DAT
2007-02-26 21:28:53 0 d-------- C:\WINDOWS\CSC
2007-02-26 21:27:54 6010878 -r-hs---- C:\AVG7DB_F.DAT
2007-02-26 21:25:58 0 d-------- C:\Documents and Settings\wayne\Application Data\AVG7
2007-02-26 21:25:47 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-02-26 21:25:30 17664 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-26 21:25:28 4928 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-26 21:25:27 348704 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-26 21:25:22 0 d-------- C:\Program Files\Grisoft
2007-02-26 21:25:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-02-26 19:24:52 0 d-------- C:\WINDOWS\cache
2007-02-26 19:24:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-02-26 19:16:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft(3)<GRISOF~2>
2007-02-26 13:04:47 0 d-------- C:\WINDOWS\tmp.0001<TMP~2.000>
2007-02-26 12:56:40 0 d-------- C:\WINDOWS\Drivers
2007-02-26 12:56:39 0 d-------- C:\WINDOWS\tmp.0000<TMP~1.000>
2007-02-15 23:37:47 0 d-------- C:\Program Files\Sony Ericsson<SONYER~1>
2007-02-15 23:37:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson<SONYER~1>
2007-02-15 22:38:41 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-02-15 22:36:50 0 d-------- C:\Program Files\Common Files\Motorola Shared<MOTORO~1>
2007-02-12 04:13:38 356352 --a------ C:\WINDOWS\eSellerateEngine.dll<ESELLE~1.DLL>
2007-02-12 04:13:36 101376 --a------ C:\WINDOWS\extract.exe
2007-02-12 04:13:36 65536 --a------ C:\WINDOWS\CABINET.DLL
2007-02-11 07:16:37 380928 --a------ C:\WINDOWS\system32\srkey.exe
2007-02-08 02:40:15 0 d-------- C:\Program Files\Common Files\DirectX
2007-02-08 02:13:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-02-05 06:30:10 737280 --a------ C:\WINDOWS\iun6002.exe
-- Find3M Re-----------2007-03-02 19:55:03 0 d-------- C:\Program Files\Common Files\Motive
2007-03-01 10:53:58 0 d-------- C:\Program Files\vso
2007-03-01 10:53:49 0 d-------- C:\Documents and Settings\wayne\Application Data\Vso
2007-03-01 10:53:49 33 --a------ C:\Documents and Settings\wayne\Application Data\pcouffin.log
2007-03-01 10:53:49 81920 --a------ C:\Documents and Settings\wayne\Application Data\ezpinst.exe
2007-03-01 10:53:48 47360 --a------ C:\Documents and Settings\wayne\Application Data\pcouffin.sys
2007-03-01 10:53:48 1144 --a------ C:\Documents and Settings\wayne\Application Data\pcouffin.inf
2007-03-01 10:53:48 7176 --a------ C:\Documents and Settings\wayne\Application Data\pcouffin.cat
2007-02-28 10:41:44 0 d-------- C:\Program Files\SopCast
2007-02-27 20:08:43 0 d-------- C:\Program Files\New Folder<NEWFOL~1>
2007-02-27 14:38:20 0 d---s---- C:\Documents and Settings\wayne\Application Data\Microsoft<MICROS~1>
2007-02-27 14:37:59 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-26 22:57:35 0 d-------- C:\Program Files\My Downloads<MYDOWN~1>
2007-02-25 21:09:21 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-15 23:55:42 0 d-------- C:\Program Files\Google
2007-02-15 23:37:53 0 d-------- C:\Program Files\Common Files\Teleca Shared<TELECA~1>
2007-02-15 21:20:53 0 d-------- C:\Program Files\Prolific Publishing, Inc<PROLIF~1>
2007-02-10 17:32:04 0 d-------- C:\Program Files\Common Files\Real
2007-02-08 18:11:10 0 d-------- C:\Program Files\Amadis DVD Ripper<AMADIS~1>
2007-01-27 21:33:52 0 d-------- C:\Documents and Settings\wayne\Application Data\Sony Corporation<SONYCO~1>
2007-01-27 21:29:35 0 d-------- C:\Program Files\Sony
2007-01-27 21:28:35 0 d-------- C:\Program Files\Common Files\Sony Shared<SONYSH~1>
2007-01-24 22:22:55 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-01-23 21:24:21 0 d-------- C:\Program Files\Pegasys Inc<PEGASY~1>
2007-01-23 21:24:12 10752 -----n--- C:\WINDOWS\system32\pxwma.dll
2007-01-23 21:21:39 0 d-------- C:\Program Files\Smart Projects<SMARTP~1>
2007-01-23 14:16:01 0 d-------- C:\Documents and Settings\wayne\Application Data\Seven Zip<SEVENZ~1>
2007-01-19 16:45:54 17920 --a------ C:\WINDOWS\system32\patch.exe
2007-01-19 16:29:57 18432 --a------ C:\WINDOWS\ss3unstl.exe
2007-01-05 14:45:47 576 --a------ C:\Documents and Settings\wayne\Application Data\wklnhst.dat
2006-12-18 16:31:00 307200 -----n--- C:\WINDOWS\Setup1.exe
2006-12-18 16:30:59 73216 --a------ C:\WINDOWS\ST6UNST.exe
-- Registry -----------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.exe "
"item"="Adobe Gamma Loader"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.exe "
"item"="Adobe Reader Speed Launch"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BT Broadband Desktop Help.lnk"
"backup"="C:\\WINDOWS\\pss\\BT Broadband Desktop Help.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BTHOME~1\\Help\\bin\\matcli.exe -boot"
"item"="BT Broadband Desktop Help"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Digimax Viewer 2.1.lnk"
"backup"="C:\\WINDOWS\\pss\\Digimax Viewer 2.1.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Samsung\\Digimax Viewer 2.1\\STImgBrowser.exe /s"
"item"="Digimax Viewer 2.1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office10\\OSA.exe -b -l"
"item"="Microsoft Office"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Winter Fun Wallpaper Changer.lnk"
"backup"="C:\\WINDOWS\\pss\\Winter Fun Wallpaper Changer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{038A524F-58DB-438A-8391-8F7F0CA14B9E}\\Icon038A524F.exe "
"item"="Winter Fun Wallpaper Changer"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.exe "
"item"="WinZip Quick Pick"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aston Villa - Desktop News Alerts]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="launch"
"hkey"="HKCU"
"command"="C:\\Program Files\\Aston Villa - DNA\\launch.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgemc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgemc.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McciTrayApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\btbb_wcm\\McciTrayApp.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccleaner"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BTHelpNotifier"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\BTHOME~1\\Help\\SMARTB~1\\BTHelpNotifier.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="raid_tool"
"hkey"="HKLM"
"command"="C:\\Program Files\\VIA\\RAID\\raid_tool.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe -quiet"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ybrwicon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0-- End of ComboScan: finished at 2007-03-02 at 22:5-
--------------SUPPLEMENTARY-----------------
-- Environment Varia---ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\wayne\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME-42393BAD58
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\wayne
LOGONSERVER=\\HOME-42393BAD58
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Fraunhofer IIS\MP3 Surround
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\wayne\LOCALS~1\Temp
TMP=C:\DOCUME~1\wayne\LOCALS~1\Temp
USERDOMAIN=HOME-42393BAD58
USERNAME=wayne
USERPROFILE=C:\Documents and Settings\wayne
windir=C:\WINDOWS
-- User Prof-----------wayne [I](admin)[/I]
-- Add/Remove Prog------->
-->
--> C:\PROGRA~1\BTHOME~1\Help\Uninstall.exe btbb
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
AMIP (remove only) --> "C:\Program Files\Winamp\Plugins\amip_uninstall.exe"
ArcSoft PhotoImpression 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}\Setup.exe" -l0x9
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Anti-Virus 7.0 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BitLord 1.1 --> C:\Program Files\Bit Lord 1.1\uninst.exe
BT Broadband Desktop Help --> C:\WINDOWS\Motive\btbb\MCCUninst.exe
BT Home Hub --> C:\Program Files\BT Home Hub\Uninstall.exe
BT Wireless Connection Manager --> C:\Program Files\Common Files\Motive\InstallHelper.exe /dir=C:\Program Files\Common Files\Motive /uninstallvendor=btbb_wcm /uninstallkey=BT Wireless Connection Manager
BT Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cda Product Service - shared component --> C:\WINDOWS\CdaC13BA.exe /uninstall
CiD Help --> C:\DOCUME~1\wayne\APPLIC~1\PILEMO~1\memobook.exe -uninstall
CUE Splitter --> MsiExec.exe /I{9D631F25-22DC-4AB2-B700-F94758B7CE9C}
Digimax L50 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5244FA78-794C-4F97-8770-3EA285B29191}\Setup.exe" anything
Digimax Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD67A9A9-B292-43B2-A4F9-59AD62626CAD}\setup.exe" -l0x9
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
HijackThis 1.99.1 --> D:\virus delete\HijackThis.exe /uninstall
Ikarus virus utilities Guard NT --> C:\Ikarus\GuardNT\UNINSTAL.exe /A C:\Ikarus\GuardNT\INSTALL.LOG
Ikarus virus utilities WINDOWS NT --> C:\Ikarus\VuWNT\UNINSTAL.exe /A C:\Ikarus\VuWNT\INSTALL.LOG
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
InZeCue 1.0 --> C:\Program Files\InZeCue\uninst.exe
IsoBuster 1.9.1 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
MAGIX audio cleaning lab 3.0 deLuxe --> C:\MAGIX\aclab_3dlx\unwise.exe C:\MAGIX\aclab_3dlx\INSTALL.LOG
MakeTorrent v2.1 --> "C:\Program Files\Maketorrent 2\uninstall.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Music Visualizer Library 1.4.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\Setup.exe" -l0x9
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C877DA0-5EFF-11D4-9254-0000F460E7A9}\setup.exe" -l0x9 UNINSTALL
OpenMG Limited Patch 3.1-02-10-22-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.1-02-10-22-01\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.1-02-10-22-02 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.1-02-10-22-02\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.1-02-12-04-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.1-02-12-04-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}\setup.exe" -l0x9 UNINSTALL
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
SonicStage 1.5.06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Ericsson PC Suite --> MsiExec.exe /I{C037D08B-4883-491D-9329-DC5ACA90F797}
Sony Net MD Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6BECFE0-74CE-11D5-B8A3-00B0D0D26B88}\setup.exe" UNINSTALL
TallStick TS-AudioToMIDI 3.30 (remove only) --> "C:\Program Files\TallStick\TS-AudioToMIDI 3.30\Uninstall.exe"
TMPGEnc DVD Author 1.6 --> MsiExec.exe /I{9CD89DD7-234A-4801-9D87-3DE352E146A0}
TMPGEnc Plus 2.5 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2A1E27FF-BE53-45B4-950F-060236E98E3D}
Torrent Harvester --> C:\Program Files\Torrent Harvester\uninstall.exe
VCDEasy --> "C:\Program Files\VCDEasy\unins000.exe"
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.exe" /uninstall
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"
-- End of ComboScan: finished at 2007-03-02 at 22:5-
0
This may work. Download and save Cleandesktop to your computer from this link: http://www.thespykiller.co.uk/files/cleandesktop.exe and double click on the cleandesktop.exe
It will automatically extract to c:\desktopclean where it needs to be to run and will automatically run the cleandesktop.vbs script
If it doesn't open then go to c:\desktopclean and double click on the cleandesktop.vbs Do not run any other file from there please unless asked to
If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run. It is not malicious.
If you get a message when you first run it "Can not find script file "blah blah blah" then don't worry just doubleclick the cleandesktop.vbs script again you sometimes get that message when a script blocker blocks the script
It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your normal desktop and context menu functions.
It will restart Explorer.
Once you have performed the big cleanup, each of the other Users on the System needs to be signed in to clean up their desktop and regain the right click.
I have included another vbs to do this. It is named Other Profiles Regfix.vbs
Have each User sign in and run Other Profiles Regfix.vbs
Open C:\ (Go to Start>Run and type C: Press enter) and Open the c:\desktopclean folder. Double click on Other Profiles Regfix.vbsExplorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.
To restore the desktop to whatever picture you normally have right click on a blank part of desktop & select properties/desktop & select your prefered picture press apply & then ok to exit and then press F5
You will need to do this step for every user account.
0
ok i have done that,,i dont know how to enable the admins account unless i do it from safe mode?i did however restart the pc and there wasnt much change in the speed maybe a minute or 2 faster
0
Go to this link http://www.geekstogo.com/forum/page-1-t38725-s0.html
Scroll down to GerryF's second post, download "regfix.zip", extract it, run regfix1.reg then regfix2.reg as he suggest.
Reboot the computer.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
