1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: blank screens for windows opening in external browsers

Discussion in 'Virus & Other Malware Removal' started by ktg35envy, Jun 15, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. ktg35envy

    ktg35envy Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    67
    Hi. i just recently started having this problem in IE6. firefox is perfectly fine. anytime there is a link that opens in a new browser window the window is white/blank. well, sometimes. there is no status bar at the bottom or anything at all. i've just noticed it happening in some programs that i use at work as well that use a java platform. for instance, i would create some content in a wizzywig that our content management software has and then hit the preview button, and it also is blank. another example is when i go to kaspersky online scan page and hit the button to start an online scan....blank. doesn't even let me update my definitions. i dont really want to install IE7 cause i heard it had major interpretation issues when designing web pages, which is what i do at work. can anyone help me out here? i thought maybe there is a virus in my system or my IE was hijacked cause i never changed any cookie or privacy settings ever. here is my hijackthis log.:confused:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:13:22 AM, on 2007-06-15
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\WINDOWS\TEMP\ZRB701.EXE
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\kgarach\My Documents\Back Up\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: IEGrabObj Class - {abc563b0-b745-11d3-a337-00104be2b1cb} - C:\WINDOWS\IEGrab.dll
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [aaTrueAccess] grh501.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [BMMLREF] "C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
    O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
    O4 - HKLM\..\Run: [BLOG] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk.disabled
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk.disabled
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://diweb.grhosp.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/netagent/objects/custappx3.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153970525535
    O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} (NetDirect) - https://ssl.grhosp.on.ca/nortel_cacheable/NetDirect.cab
    O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://ssl.grhosp.on.ca/nortel_cacheable/iewiper.cab
    O16 - DPF: {A7B17C34-D894-11D3-AE37-0050DA39FE5C} (WebClientInstall Class) - http://diweb.grhosp.com/magicweb/bin/WebClientInstall.cab
    O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) - http://grh309:7850/forms90/jinitiator/jinit.exe
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grhosp.com
    O17 - HKLM\Software\..\Telephony: DomainName = grhosp.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grhosp.com
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\VPN\Extranet_serv.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.


    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  3. ktg35envy

    ktg35envy Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    67
    still having the issue. here are the logs...please advise:eek:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/18/2007 at 12:47 PM

    Application Version : 3.8.1002

    Core Rules Database Version : 3256
    Trace Rules Database Version: 1267

    Scan type : Complete Scan
    Total Scan Time : 02:38:04

    Memory items scanned : 612
    Memory threats detected : 0
    Registry items scanned : 8063
    Registry threats detected : 0
    File items scanned : 69889
    File threats detected : 1

    Unclassified.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{70C32064-5E57-4E9B-A6E5-827BC1DFF362}\RP211\A0031391.NFO




    Logfile of HijackThis v1.99.1
    Scan saved at 1:27:01 PM, on 2007-06-18
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\WINDOWS\TEMP\SX112D.EXE
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\kgarach\My Documents\Back Up\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: IEGrabObj Class - {abc563b0-b745-11d3-a337-00104be2b1cb} - C:\WINDOWS\IEGrab.dll
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [aaTrueAccess] grh501.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [BMMLREF] "C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
    O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
    O4 - HKLM\..\Run: [BLOG] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk.disabled
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk.disabled
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://diweb.grhosp.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/netagent/objects/custappx3.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153970525535
    O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} (NetDirect) - https://ssl.grhosp.on.ca/nortel_cacheable/NetDirect.cab
    O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://ssl.grhosp.on.ca/nortel_cacheable/iewiper.cab
    O16 - DPF: {A7B17C34-D894-11D3-AE37-0050DA39FE5C} (WebClientInstall Class) - http://diweb.grhosp.com/magicweb/bin/WebClientInstall.cab
    O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) - http://grh309:7850/forms90/jinitiator/jinit.exe
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grhosp.com
    O17 - HKLM\Software\..\Telephony: DomainName = grhosp.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grhosp.com
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\VPN\Extranet_serv.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: IEGrabObj Class - {abc563b0-b745-11d3-a337-00104be2b1cb} - C:\WINDOWS\IEGrab.dll
    O4 - HKLM\..\Run: [aaTrueAccess] grh501.exe

    Close all applications and browser windows before you click "fix checked".



    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\TEMP\SX112D.EXE

    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
    • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
      • In the Files Created Within group click 30 days
      • In the Files Modified Within group select 30 days
      • In the File String Search group select Non-Microsoft
    • Now click the Run Scan button on the toolbar.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

    Please post the resulting log here as an attachment.
     
  5. ktg35envy

    ktg35envy Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    67
    here is the log. its too long so i had to put it in 2 posts. btw i did not delete grh501.exe because i know it is a work related executable.

    WinPFind3 logfile created on: 2007-06-19 12:23:37 PM
    WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\kgarach\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 6.0.2900.2180)

    510.92 Mb Total Physical Memory | 156.61 Mb Available Physical Memory | 30.65% Memory free
    1.22 Gb Paging File | 0.60 Gb Available in Paging File | 49.12% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.25 Gb Total Space | 12.58 Gb Free Space | 33.78% Space Free
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    Computer Name: ADMN2473
    Current User Name: kgarach
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 2005-05-25 10:56:48 PM | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 2005-05-25 10:56:48 PM | Attr = ]
    ibmpmsvc.exe -> %System32%\ibmpmsvc.exe -> [Ver = | Size = 73782 bytes | Modified Date = 2005-11-11 1:33:00 AM | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 2007-03-14 3:43:44 AM | Attr = ]
    ntrtscan.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\NTRtScan.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 495616 bytes | Modified Date = 2006-02-07 4:49:18 PM | Attr = ]
    ofcpfwsvc.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\OfcPfwSvc.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 233552 bytes | Modified Date = 2006-02-07 5:10:30 PM | Attr = ]
    pccntmon.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\PccNTMon.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 356352 bytes | Modified Date = 2006-02-07 5:16:46 PM | Attr = ]
    sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.1.40 | Size = 1053264 bytes | Modified Date = 2007-06-12 1:19:24 PM | Attr = ]
    stylexp.exe -> %ProgramFiles%\TGTSoft\StyleXP\StyleXP.exe -> [Ver = 0, 30, 9, 0 | Size = 1347584 bytes | Modified Date = 2005-06-09 8:55:12 PM | Attr = ]
    stylexpservice.exe -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> [Ver = 0, 20, 0, 3000 | Size = 339968 bytes | Modified Date = 2005-06-09 8:38:42 PM | Attr = ]
    superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 8, 0, 1002 | Size = 1314816 bytes | Modified Date = 2007-05-23 10:12:46 AM | Attr = ]
    svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.1.22 | Size = 708688 bytes | Modified Date = 2007-06-12 1:27:14 PM | Attr = ]
    swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.1.62 | Size = 1309264 bytes | Modified Date = 2007-06-12 1:27:22 PM | Attr = ]
    syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.2.3.10 24Jun03 | Size = 561152 bytes | Modified Date = 2003-06-24 3:33:04 PM | Attr = ]
    syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.2.3.10 24Jun03 | Size = 126976 bytes | Modified Date = 2003-06-24 3:34:38 PM | Attr = ]
    tmlisten.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\TmListen.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 614488 bytes | Modified Date = 2006-02-07 4:48:52 PM | Attr = ]
    tpshocks.exe -> %System32%\TpShocks.exe -> IBM Corp. [Ver = 1, 0, 0, 1 | Size = 102400 bytes | Modified Date = 2004-03-26 7:16:30 PM | Attr = ]
    unlockerassistant.exe -> %ProgramFiles%\Unlocker\UnlockerAssistant.exe -> [Ver = | Size = 15360 bytes | Modified Date = 2006-09-07 3:58:40 AM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 2007-05-22 6:27:40 PM | Attr = ]
    winvnc.exe -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1, 0, 0, 18 | Size = 630854 bytes | Modified Date = 2004-06-20 8:45:28 PM | Attr = ]
    yt286.exe -> %SystemRoot%\Temp\YT286.EXE -> [Ver = | Size = 172099 bytes | Modified Date = 2006-02-07 5:10:04 PM | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 2005-05-25 10:56:48 PM | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 1:56:50 AM | Attr = ]
    (ExtranetAccess) Contivity VPN Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\VPN\Extranet_serv.exe -> Nortel Networks NA, Inc. [Ver = V04_10.00 | Size = 565248 bytes | Modified Date = 2001-08-09 3:05:12 PM | Attr = ]
    (IBMPMSVC) ThinkPad PM Service [Win32_Own | Auto | Running] -> %System32%\ibmpmsvc.exe -> [Ver = | Size = 73782 bytes | Modified Date = 2005-11-11 1:33:00 AM | Attr = ]
    (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
    (ntrtscan) OfficeScanNT RealTime Scan [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\NTRtScan.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 495616 bytes | Modified Date = 2006-02-07 4:49:18 PM | Attr = ]
    (OfcPfwSvc) OfficeScanNT Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\OfcPfwSvc.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 233552 bytes | Modified Date = 2006-02-07 5:10:30 PM | Attr = ]
    (sdAuxService) Spyware Doctor Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.1.22 | Size = 708688 bytes | Modified Date = 2007-06-12 1:27:14 PM | Attr = ]
    (sdCoreService) Spyware Doctor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.1.62 | Size = 1309264 bytes | Modified Date = 2007-06-12 1:27:22 PM | Attr = ]
    (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 2006-11-06 2:21:10 PM | Attr = ]
    (StyleXPService) StyleXPService [Win32_Own | Auto | Running] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> [Ver = 0, 20, 0, 3000 | Size = 339968 bytes | Modified Date = 2005-06-09 8:38:42 PM | Attr = ]
    (tmlisten) OfficeScanNT Listener [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\TmListen.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 614488 bytes | Modified Date = 2006-02-07 4:48:52 PM | Attr = ]
    (winvnc) VNC Server [Win32_Own | Auto | Running] -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1, 0, 0, 18 | Size = 630854 bytes | Modified Date = 2004-06-20 8:45:28 PM | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    aaTrueAccess -> grh501.exe -> File not found
    BLOG -> %ProgramFiles%\ThinkPad\Utilities\BATLOGEX.DLL ["rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog] -> [Ver = | Size = 208896 bytes | Modified Date = 2005-04-20 1:38:00 AM | Attr = ]
    BMMGAG -> %ProgramFiles%\ThinkPad\Utilities\PWRMONIT.DLL [RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor] -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 110592 bytes | Modified Date = 2005-04-20 1:38:00 AM | Attr = ]
    BMMLREF -> %ProgramFiles%\ThinkPad\Utilities\BMMLREF.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 2005-04-20 1:38:00 AM | Attr = ]
    BMMMONWND -> %ProgramFiles%\ThinkPad\Utilities\BATINFEX.DLL ["rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor] -> [Ver = | Size = 396288 bytes | Modified Date = 2005-04-20 1:38:00 AM | Attr = ]
    OfficeScanNT Monitor -> %ProgramFiles%\Trend Micro\OfficeScan Client\PccNTMon.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 356352 bytes | Modified Date = 2006-02-07 5:16:46 PM | Attr = ]
    SDTray -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.1.40 | Size = 1053264 bytes | Modified Date = 2007-06-12 1:19:24 PM | Attr = ]
    SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 2007-03-14 3:43:44 AM | Attr = ]
    SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.2.3.10 24Jun03 | Size = 561152 bytes | Modified Date = 2003-06-24 3:33:04 PM | Attr = ]
    SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.2.3.10 24Jun03 | Size = 126976 bytes | Modified Date = 2003-06-24 3:34:38 PM | Attr = ]
    TpShocks -> %System32%\TpShocks.exe -> IBM Corp. [Ver = 1, 0, 0, 1 | Size = 102400 bytes | Modified Date = 2004-03-26 7:16:30 PM | Attr = ]
    UnlockerAssistant -> %ProgramFiles%\Unlocker\UnlockerAssistant.exe -> [Ver = | Size = 15360 bytes | Modified Date = 2006-09-07 3:58:40 AM | Attr = ]
    WinVNC -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1, 0, 0, 18 | Size = 630854 bytes | Modified Date = 2004-06-20 8:45:28 PM | Attr = ]
    < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
    IMAIL -> Installed = 1 ->
    MAPI -> Installed = 1 ->
    MSFS -> Installed = 1 ->
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    STYLEXP -> %ProgramFiles%\TGTSoft\StyleXP\StyleXP.exe -> [Ver = 0, 30, 9, 0 | Size = 1347584 bytes | Modified Date = 2005-06-09 8:55:12 PM | Attr = ]
    SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 8, 0, 1002 | Size = 1314816 bytes | Modified Date = 2007-05-23 10:12:46 AM | Attr = ]
    < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    -> %AllUsersStartup%\HP Image Zone Fast Start.lnk -> File not found
    -> %AllUsersStartup%\Microsoft Office OneNote 2003 Quick Launch.lnk -> File not found
    < User Startup > -> C:\Documents and Settings\kgarach\Start Menu\Programs\Startup
    %UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 2005-03-16 8:16:50 PM | Attr = ]
    < AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 2006-12-20 1:55:48 PM | Attr = ]
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 2007-04-19 1:41:36 PM | Attr = ]
    AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 46080 bytes | Modified Date = 2005-05-25 10:56:52 PM | Attr = ]
    WRNotifier -> WRLogonNTF.dll -> File not found
    < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
    < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
    < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
    127.0.0.1 localhost -> ->
    < Internet Explorer Settings > ->
    HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
    HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
    HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Start Page -> http://www.yahoo.com/ ->
    HKCU: ProxyEnable -> 0 ->
    < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    msn.com [ - ] -> ->
    < Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    diweb_grhosp.com [http] -> ->
    diweb_grhosp.com [https] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 2006-12-18 5:16:42 AM | Attr = ]
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 2005-05-31 1:04:00 AM | Attr = ]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 2007-03-14 3:43:40 AM | Attr = ]
    < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 2007-03-14 3:43:42 AM | Attr = ]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 2007-03-14 3:43:40 AM | Attr = ]
    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
    < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
    E&xport to Microsoft Excel -> -> File not found
    Open with Scansoft PDF Converter 3.0 -> %ProgramFiles%\ScanSoft\PDF Professional 3.0\IEShellExt.dll -> ScanSoft, Inc. [Ver = 3.0.5229.1 | Size = 32768 bytes | Modified Date = 2005-04-29 2:58:32 AM | Attr = ]
    < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
    SV1 -> ->
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
    {0BDD3D8A-39D5-43D1-AAA0-167801FB58EE} -> (Intel(R) PRO/1000 MT Mobile Connection) ->
    {0FF686EA-50AA-470B-8D79-81A5F31528AE} -> () ->
    {9A807AC8-7C8B-4BEC-AC77-8B320AF337BC} -> () ->
    {BDBC2630-DCE5-4AB7-8317-E561F4DDA560} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
    {CE2644C7-C317-4139-8C87-D71537C5929B} -> (11b/g Wireless LAN Mini PCI Adapter) ->
    {D50EB22A-8DCA-4ED3-ACCE-420EBF6813E7} -> (Intel(R) PRO/Wireless 2915ABG Network Connection) ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
    {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab ->
    {1B9935E4-8A50-4DD8-BD09-A7518723BF97} -> Talisma NetAgent Customer ActiveX Control version 3 - CodeBase = https://intuitcanada.ehosts.net/netagent/objects/custappx3.cab ->
    {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab ->
    {6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153970525535 ->
    {7FA319FB-FFB9-4089-87EB-63179244E6E6} -> NetDirect - CodeBase = https://ssl.grhosp.on.ca/nortel_cacheable/NetDirect.cab ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
    {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} -> Iewiper Control - CodeBase = https://ssl.grhosp.on.ca/nortel_cacheable/iewiper.cab ->
    {A7B17C34-D894-11D3-AE37-0050DA39FE5C} -> WebClientInstall Class - CodeBase = http://diweb.grhosp.com/magicweb/bin/WebClientInstall.cab ->
    {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} -> JInitiator 1.3.1.13 - CodeBase = http://grh309:7850/forms90/jinitiator/jinit.exe ->
    {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
     
  6. ktg35envy

    ktg35envy Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    67
    part 2...

    [Files/Folders - Created Within 30 days]
    _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2007-06-18 3:06:35 PM | Attr = ]
    $NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ -> [Folder | Created Date = 2007-06-13 2:18:43 PM | Attr = ]
    $NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 2007-06-13 2:23:12 PM | Attr = ]
    $NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 2007-06-13 2:23:44 PM | Attr = ]
    $NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 2007-06-13 2:23:02 PM | Attr = ]
    $NtUninstallKB932168$(2) -> %SystemRoot%\$NtUninstallKB932168$(2) -> [Folder | Created Date = 2007-06-13 2:19:00 PM | Attr = ]
    $NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Created Date = 2007-06-13 2:23:25 PM | Attr = ]
    $NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 2007-06-13 2:25:36 PM | Attr = ]
    $NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 2007-06-13 2:23:54 PM | Attr = ]
    BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 2007-06-14 9:33:08 AM | Attr = ]
    imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 2007-06-13 2:18:54 PM | Attr = ]
    WB.ini -> %SystemRoot%\WB.ini -> [Ver = | Size = 0 bytes | Created Date = 2007-06-08 1:43:37 PM | Attr = ]
    WMSysPr8.prx -> %SystemRoot%\WMSysPr8.prx -> [Ver = | Size = 156910 bytes | Created Date = 2007-06-07 1:00:18 PM | Attr = ]
    _MSRSTRT.EXE -> %SystemRoot%\_MSRSTRT.EXE -> [Ver = | Size = 2560 bytes | Created Date = 2007-06-08 1:49:00 PM | Attr = ]
    ac3acm.acm -> %System32%\ac3acm.acm -> fccHandler [Ver = 1, 31, 0, 0 | Size = 118784 bytes | Created Date = 2007-06-06 2:52:07 PM | Attr = ]
    actskn43.ocx -> %System32%\actskn43.ocx -> [Ver = 4, 3, 0, 0 | Size = 389120 bytes | Created Date = 2007-06-07 12:06:49 PM | Attr = ]
    alf2cd.acm -> %System32%\alf2cd.acm -> NCT Company [Ver = 2.03 | Size = 38912 bytes | Created Date = 2007-06-07 1:00:17 PM | Attr = ]
    divx.dll -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Created Date = 2007-06-06 2:52:01 PM | Attr = ]
    divxa32.acm -> %System32%\divxa32.acm -> Kristal Studi [Ver = 4.2.00.000 | Size = 287744 bytes | Created Date = 2007-06-06 2:52:07 PM | Attr = ]
    divxdec.ax -> %System32%\divxdec.ax -> DivXNetworks, Inc. [Ver = 5.2.1.1335 | Size = 577536 bytes | Created Date = 2007-06-07 12:06:54 PM | Attr = ]
    dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 73728 bytes | Created Date = 2007-06-06 2:52:04 PM | Attr = ]
    dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    dtu100.dll -> %System32%\dtu100.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 200704 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    ff_vfw.dll -> %System32%\ff_vfw.dll -> [Ver = | Size = 10752 bytes | Created Date = 2007-06-06 2:52:01 PM | Attr = ]
    ff_vfw.dll.manifest -> %System32%\ff_vfw.dll.manifest -> [Ver = | Size = 547 bytes | Created Date = 2007-06-06 2:52:01 PM | Attr = ]
    huffyuv.dll -> %System32%\huffyuv.dll -> Disappearing Inc. [Ver = 2.1.1 - CCESP Patch v0.2.5 | Size = 39936 bytes | Created Date = 2007-06-06 2:52:06 PM | Attr = ]
    I263_32.drv -> %System32%\I263_32.drv -> Intel Corporation [Ver = V2.55.012 | Size = 391680 bytes | Created Date = 2007-06-06 2:52:06 PM | Attr = ]
    i420vfw.dll -> %System32%\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 217088 bytes | Created Date = 2007-06-06 2:52:06 PM | Attr = ]
    Iacenc.dll -> %System32%\Iacenc.dll -> Intel Corporation [Ver = 2.05.53 | Size = 144384 bytes | Created Date = 2007-06-06 2:52:06 PM | Attr = ]
    IMC32.acm -> %System32%\IMC32.acm -> Intel Corporation [Ver = 1.02 | Size = 98304 bytes | Created Date = 2007-06-06 2:52:06 PM | Attr = ]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 2007-06-15 9:18:14 AM | Attr = ]
    javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 2007-06-15 9:18:14 AM | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 2007-06-15 9:18:14 AM | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 2007-06-15 9:18:14 AM | Attr = ]
    Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 2007-06-14 3:02:42 PM | Attr = ]
    lameACM.acm -> %System32%\lameACM.acm -> http://www.mp3dev.org/ [Ver = 0.9.1 | Size = 389120 bytes | Created Date = 2007-06-06 2:52:07 PM | Attr = ]
    lame_acm.xml -> %System32%\lame_acm.xml -> [Ver = | Size = 414 bytes | Created Date = 2007-06-06 2:52:07 PM | Attr = ]
    libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8 | Size = 1044480 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    mcdvd_32.dll -> %System32%\mcdvd_32.dll -> MainConcept [Ver = 2.0.4 | Size = 261632 bytes | Created Date = 2007-06-07 1:00:17 PM | Attr = ]
    mp3fhg.acm -> %System32%\mp3fhg.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 3, 4, 0, 0 | Size = 232448 bytes | Created Date = 2007-06-06 2:52:07 PM | Attr = ]
    qt-dx331.dll -> %System32%\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Created Date = 2007-06-06 2:52:04 PM | Attr = ]
    Scg726.acm -> %System32%\Scg726.acm -> SHARP Corporation [Ver = 1, 0, 0, 3 | Size = 13239 bytes | Created Date = 2007-06-07 1:00:17 PM | Attr = ]
    ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8 | Size = 200704 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    vct3216.acm -> %System32%\vct3216.acm -> Voxware, Inc. [Ver = 1.6.0.17 | Size = 82944 bytes | Created Date = 2007-06-07 1:00:17 PM | Attr = ]
    vorbis.acm -> %System32%\vorbis.acm -> HMS http://hp.vector.co.jp/authors/VA012897/ [Ver = 0, 0, 3, 6 | Size = 1294336 bytes | Created Date = 2007-06-06 2:52:07 PM | Attr = ]
    vp6vfw.dll -> %System32%\vp6vfw.dll -> On2.com [Ver = 6,4,2,0 | Size = 438272 bytes | Created Date = 2007-06-06 2:52:05 PM | Attr = ]
    vp7vfw.dll -> %System32%\vp7vfw.dll -> On2.com [Ver = 7,0,10,0 | Size = 630784 bytes | Created Date = 2007-06-06 2:52:05 PM | Attr = ]
    wbload.dll -> %System32%\wbload.dll -> [Ver = | Size = 20480 bytes | Created Date = 2007-06-08 1:33:34 PM | Attr = ]
    wbsys.dll -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Created Date = 2007-06-08 1:33:34 PM | Attr = ]
    wnaspi32.dll -> %System32%\wnaspi32.dll -> Adaptec [Ver = 4.71 (0002) | Size = 45056 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    x264vfw.dll -> %System32%\x264vfw.dll -> [Ver = | Size = 548864 bytes | Created Date = 2007-06-06 2:52:05 PM | Attr = ]
    xvidcore.dll -> %System32%\xvidcore.dll -> [Ver = | Size = 524288 bytes | Created Date = 2007-06-06 2:52:05 PM | Attr = ]
    xvidvfw.dll -> %System32%\xvidvfw.dll -> [Ver = | Size = 139264 bytes | Created Date = 2007-06-06 2:52:05 PM | Attr = ]
    yv12vfw.dll -> %System32%\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 217088 bytes | Created Date = 2007-06-06 2:52:06 PM | Attr = ]
    aspi32.sys -> %System32%\drivers\aspi32.sys -> Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    ikfileflt.sys -> %System32%\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 39376 bytes | Created Date = 2007-06-14 10:55:10 PM | Attr = ]
    ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1027 | Size = 53840 bytes | Created Date = 2007-06-14 10:55:10 PM | Attr = ]
    iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1019 | Size = 57424 bytes | Created Date = 2007-06-14 10:55:10 PM | Attr = ]
    iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1018 | Size = 83024 bytes | Created Date = 2007-06-14 10:55:10 PM | Attr = ]
    kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29264 bytes | Created Date = 2007-06-14 10:55:10 PM | Attr = ]

    [Files/Folders - Modified Within 30 days]
    Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2007-06-18 10:05:08 AM | Attr = H ]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535810048 bytes | Modified Date = 2007-06-19 11:20:38 AM | Attr = HS]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-06-18 10:04:22 AM | Attr = R ]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-06-18 4:17:12 PM | Attr = ]
    _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2007-06-18 4:06:36 PM | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-06-14 4:01:56 PM | Attr = H ]
    $NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ -> [Folder | Modified Date = 2007-06-14 4:03:08 PM | Attr = ]
    $NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 2007-06-14 4:03:00 PM | Attr = ]
    $NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 2007-06-14 4:02:54 PM | Attr = ]
    $NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 2007-06-14 4:03:00 PM | Attr = ]
    $NtUninstallKB932168$(2) -> %SystemRoot%\$NtUninstallKB932168$(2) -> [Folder | Modified Date = 2007-06-14 4:03:06 PM | Attr = ]
    $NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Modified Date = 2007-06-14 4:02:58 PM | Attr = ]
    $NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 2007-06-14 4:02:50 PM | Attr = ]
    $NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 2007-06-14 4:02:52 PM | Attr = ]
    BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 2007-06-14 4:02:44 PM | Attr = ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-06-19 11:20:40 AM | Attr = S]
    bthservsdp.dat -> %SystemRoot%\bthservsdp.dat -> [Ver = | Size = 12 bytes | Modified Date = 2007-06-19 11:19:32 AM | Attr = ]
    cfgall.ini -> %SystemRoot%\cfgall.ini -> [Ver = | Size = 7778 bytes | Modified Date = 2007-06-19 9:36:28 AM | Attr = ]
    Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2007-06-13 3:24:06 PM | Attr = ]
    Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-06-14 10:33:14 AM | Attr = S]
    Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2007-06-14 4:17:10 PM | Attr = R S]
    GPInstall.exe -> %SystemRoot%\GPInstall.exe -> Qsc [Ver = 5.0.3.32 | Size = 796672 bytes | Modified Date = 2007-06-14 4:18:34 PM | Attr = ]
    hpbafd.ini -> %SystemRoot%\hpbafd.ini -> [Ver = | Size = 182 bytes | Modified Date = 2007-06-07 3:11:00 PM | Attr = ]
    imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2007-06-13 3:24:00 PM | Attr = ]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-06-14 4:03:08 PM | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-06-18 10:05:08 AM | Attr = HS]
    msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 2007-06-14 4:02:50 PM | Attr = ]
    NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 2007-06-16 11:25:32 PM | Attr = ]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-06-19 11:24:46 AM | Attr = ]
    Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2007-06-14 4:03:48 PM | Attr = ]
    security -> %SystemRoot%\security -> [Folder | Modified Date = 2007-06-19 11:27:42 AM | Attr = ]
    SMSCFG.ini -> %SystemRoot%\SMSCFG.ini -> [Ver = | Size = 456 bytes | Modified Date = 2007-06-19 11:22:26 AM | Attr = ]
    system -> %SystemRoot%\system -> [Folder | Modified Date = 2007-06-08 12:34:20 PM | Attr = ]
    system32 -> %System32% -> [Folder | Modified Date = 2007-06-19 11:36:02 AM | Attr = ]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-06-19 11:24:38 AM | Attr = ]
    WB.ini -> %SystemRoot%\WB.ini -> [Ver = | Size = 0 bytes | Modified Date = 2007-06-08 2:43:38 PM | Attr = ]
    win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 777 bytes | Modified Date = 2007-06-08 2:45:20 PM | Attr = ]
    WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2007-06-07 2:00:46 PM | Attr = ]
    _MSRSTRT.EXE -> %SystemRoot%\_MSRSTRT.EXE -> [Ver = | Size = 2560 bytes | Modified Date = 2007-06-08 2:49:02 PM | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-06-19 11:20:44 AM | Attr = H ]
    CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 2007-06-16 10:58:08 PM | Attr = ]
    CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-06-16 10:58:02 PM | Attr = ]
    config -> %System32%\config -> [Folder | Modified Date = 2007-06-14 4:04:34 PM | Attr = ]
    divx.dll -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Modified Date = 2007-05-31 8:44:56 AM | Attr = ]
    dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-06-14 4:03:04 PM | Attr = RHS]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-06-19 11:24:58 AM | Attr = ]
    DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 2007-06-08 1:01:26 PM | Attr = ]
    ff_vfw.dll -> %System32%\ff_vfw.dll -> [Ver = | Size = 10752 bytes | Modified Date = 2007-06-03 2:31:28 PM | Attr = ]
    FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 262232 bytes | Modified Date = 2007-06-08 9:32:44 AM | Attr = ]
    Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 2007-06-14 4:02:44 PM | Attr = ]
    Restore -> %System32%\Restore -> [Folder | Modified Date = 2007-06-14 3:26:22 PM | Attr = ]
    usmt -> %System32%\usmt -> [Folder | Modified Date = 2007-06-14 4:03:08 PM | Attr = ]
    wbem -> %System32%\wbem -> [Folder | Modified Date = 2007-06-14 4:03:48 PM | Attr = ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2007-06-19 11:21:58 AM | Attr = ]
    ikfileflt.sys -> %System32%\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 39376 bytes | Modified Date = 2007-05-23 4:58:38 PM | Attr = ]
    ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1027 | Size = 53840 bytes | Modified Date = 2007-05-23 4:58:42 PM | Attr = ]
    iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1019 | Size = 57424 bytes | Modified Date = 2007-05-23 4:58:46 PM | Attr = ]
    iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1018 | Size = 83024 bytes | Modified Date = 2007-05-23 4:58:50 PM | Attr = ]
    kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29264 bytes | Modified Date = 2007-05-23 4:58:54 PM | Attr = ]

    [File String Scan - Non-Microsoft Only]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2001-08-23 12:00:00 PM | Attr = ]
    PEC2 , PECompact2 , -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Modified Date = 2007-05-31 8:44:56 AM | Attr = ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2001-08-23 12:00:00 PM | Attr = ]
    WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2001-08-23 12:00:00 PM | Attr = ]
    PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 2004-08-03 11:41:38 PM | Attr = ]

    < End of report >
     
  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Start WinPFind3U. Copy/Paste the information in the Quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

    I will review the information when it comes back in.
     
  8. ktg35envy

    ktg35envy Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    67
    grh501.exe is work related. grh is the acronym for my work's name. are you sure that i should alter this file????

    i forgot to post the updated hijackthis log.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:30:48 PM, on 2007-06-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    C:\WINDOWS\TEMP\YT286.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\kgarach\My Documents\Back Up\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [aaTrueAccess] grh501.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [BMMLREF] "C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
    O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
    O4 - HKLM\..\Run: [BLOG] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk.disabled
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk.disabled
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://diweb.grhosp.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/netagent/objects/custappx3.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153970525535
    O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} (NetDirect) - https://ssl.grhosp.on.ca/nortel_cacheable/NetDirect.cab
    O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://ssl.grhosp.on.ca/nortel_cacheable/iewiper.cab
    O16 - DPF: {A7B17C34-D894-11D3-AE37-0050DA39FE5C} (WebClientInstall Class) - http://diweb.grhosp.com/magicweb/bin/WebClientInstall.cab
    O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) - http://grh309:7850/forms90/jinitiator/jinit.exe
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grhosp.com
    O17 - HKLM\Software\..\Telephony: DomainName = grhosp.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grhosp.com
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\VPN\Extranet_serv.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    If it's a legit file leave it.

    How is it running? Any problems?
     
  10. ktg35envy

    ktg35envy Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    67
    i asked around at work. grh501.exe is an old executable that we dont use anymore. its for single sign on purposes. so i used hijackthis to remove it as you recommended in your original reply. i did the fix in Winpfind3U for the other issue and this is what it said:

    [Processes - Non-Microsoft Only]
    Unable to kill process yt286.exe .
    C:\WINDOWS\Temp\YT286.EXE moved successfully.
    < End of log >
    Created on 06-19-2007 13:57:56

    and here is the updated log

    WinPFind3 logfile created on: 2007-06-19 2:03:13 PM
    WinPFind3U by OldTimer - Version 1.0.38 Folder = C:\Documents and Settings\kgarach\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 6.0.2900.2180)

    510.92 Mb Total Physical Memory | 190.11 Mb Available Physical Memory | 37.21% Memory free
    1.22 Gb Paging File | 0.62 Gb Available in Paging File | 50.82% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.25 Gb Total Space | 12.55 Gb Free Space | 33.68% Space Free
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    Computer Name: ADMN2473
    Current User Name: kgarach
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - Non-Microsoft Only]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 2005-05-25 10:56:48 PM | Attr = ]
    ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 2005-05-25 10:56:48 PM | Attr = ]
    ibmpmsvc.exe -> %System32%\ibmpmsvc.exe -> [Ver = | Size = 73782 bytes | Modified Date = 2005-11-11 1:33:00 AM | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 2007-03-14 3:43:44 AM | Attr = ]
    ntrtscan.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\NTRtScan.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 495616 bytes | Modified Date = 2006-02-07 4:49:18 PM | Attr = ]
    ofcpfwsvc.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\OfcPfwSvc.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 233552 bytes | Modified Date = 2006-02-07 5:10:30 PM | Attr = ]
    pccntmon.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\PccNTMon.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 356352 bytes | Modified Date = 2006-02-07 5:16:46 PM | Attr = ]
    sdtrayapp.exe -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.1.40 | Size = 1053264 bytes | Modified Date = 2007-06-12 1:19:24 PM | Attr = ]
    stylexp.exe -> %ProgramFiles%\TGTSoft\StyleXP\StyleXP.exe -> [Ver = 0, 30, 9, 0 | Size = 1347584 bytes | Modified Date = 2005-06-09 8:55:12 PM | Attr = ]
    stylexpservice.exe -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> [Ver = 0, 20, 0, 3000 | Size = 339968 bytes | Modified Date = 2005-06-09 8:38:42 PM | Attr = ]
    superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 8, 0, 1002 | Size = 1314816 bytes | Modified Date = 2007-05-23 10:12:46 AM | Attr = ]
    svcntaux.exe -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.1.22 | Size = 708688 bytes | Modified Date = 2007-06-12 1:27:14 PM | Attr = ]
    swdsvc.exe -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.1.62 | Size = 1309264 bytes | Modified Date = 2007-06-12 1:27:22 PM | Attr = ]
    syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.2.3.10 24Jun03 | Size = 561152 bytes | Modified Date = 2003-06-24 3:33:04 PM | Attr = ]
    syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.2.3.10 24Jun03 | Size = 126976 bytes | Modified Date = 2003-06-24 3:34:38 PM | Attr = ]
    tmlisten.exe -> %ProgramFiles%\Trend Micro\OfficeScan Client\TmListen.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 614488 bytes | Modified Date = 2006-02-07 4:48:52 PM | Attr = ]
    tpshocks.exe -> %System32%\TpShocks.exe -> IBM Corp. [Ver = 1, 0, 0, 1 | Size = 102400 bytes | Modified Date = 2004-03-26 7:16:30 PM | Attr = ]
    unlockerassistant.exe -> %ProgramFiles%\Unlocker\UnlockerAssistant.exe -> [Ver = | Size = 15360 bytes | Modified Date = 2006-09-07 3:58:40 AM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 318976 bytes | Modified Date = 2007-05-22 6:27:40 PM | Attr = ]
    winvnc.exe -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1, 0, 0, 18 | Size = 630854 bytes | Modified Date = 2004-06-20 8:45:28 PM | Attr = ]
    yt286.exe -> %SystemRoot%\TEMP\YT286.EXE -> File not found

    [Win32 Services - Non-Microsoft Only]
    (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 2005-05-25 10:56:48 PM | Attr = ]
    (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 1:56:50 AM | Attr = ]
    (ExtranetAccess) Contivity VPN Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\VPN\Extranet_serv.exe -> Nortel Networks NA, Inc. [Ver = V04_10.00 | Size = 565248 bytes | Modified Date = 2001-08-09 3:05:12 PM | Attr = ]
    (IBMPMSVC) ThinkPad PM Service [Win32_Own | Auto | Running] -> %System32%\ibmpmsvc.exe -> [Ver = | Size = 73782 bytes | Modified Date = 2005-11-11 1:33:00 AM | Attr = ]
    (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
    (ntrtscan) OfficeScanNT RealTime Scan [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\NTRtScan.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 495616 bytes | Modified Date = 2006-02-07 4:49:18 PM | Attr = ]
    (OfcPfwSvc) OfficeScanNT Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\OfcPfwSvc.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 233552 bytes | Modified Date = 2006-02-07 5:10:30 PM | Attr = ]
    (sdAuxService) Spyware Doctor Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\svcntaux.exe -> PC Tools [Ver = 5.0.1.22 | Size = 708688 bytes | Modified Date = 2007-06-12 1:27:14 PM | Attr = ]
    (sdCoreService) Spyware Doctor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\swdsvc.exe -> PC Tools [Ver = 5.0.1.62 | Size = 1309264 bytes | Modified Date = 2007-06-12 1:27:22 PM | Attr = ]
    (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 3 | Size = 210432 bytes | Modified Date = 2006-11-06 2:21:10 PM | Attr = ]
    (StyleXPService) StyleXPService [Win32_Own | Auto | Running] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> [Ver = 0, 20, 0, 3000 | Size = 339968 bytes | Modified Date = 2005-06-09 8:38:42 PM | Attr = ]
    (tmlisten) OfficeScanNT Listener [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\OfficeScan Client\TmListen.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 614488 bytes | Modified Date = 2006-02-07 4:48:52 PM | Attr = ]
    (winvnc) VNC Server [Win32_Own | Auto | Running] -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1, 0, 0, 18 | Size = 630854 bytes | Modified Date = 2004-06-20 8:45:28 PM | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    BLOG -> %ProgramFiles%\ThinkPad\Utilities\BATLOGEX.DLL ["rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog] -> [Ver = | Size = 208896 bytes | Modified Date = 2005-04-20 1:38:00 AM | Attr = ]
    BMMGAG -> %ProgramFiles%\ThinkPad\Utilities\PWRMONIT.DLL [RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor] -> IBM Corp. [Ver = 1, 0, 0, 0 | Size = 110592 bytes | Modified Date = 2005-04-20 1:38:00 AM | Attr = ]
    BMMLREF -> %ProgramFiles%\ThinkPad\Utilities\BMMLREF.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 2005-04-20 1:38:00 AM | Attr = ]
    BMMMONWND -> %ProgramFiles%\ThinkPad\Utilities\BATINFEX.DLL ["rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor] -> [Ver = | Size = 396288 bytes | Modified Date = 2005-04-20 1:38:00 AM | Attr = ]
    OfficeScanNT Monitor -> %ProgramFiles%\Trend Micro\OfficeScan Client\PccNTMon.exe -> Trend Micro Inc. [Ver = 7.3.0.1020 | Size = 356352 bytes | Modified Date = 2006-02-07 5:16:46 PM | Attr = ]
    SDTray -> %ProgramFiles%\Spyware Doctor\SDTrayApp.exe -> PC Tools [Ver = 5.0.1.40 | Size = 1053264 bytes | Modified Date = 2007-06-12 1:19:24 PM | Attr = ]
    SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 2007-03-14 3:43:44 AM | Attr = ]
    SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.2.3.10 24Jun03 | Size = 561152 bytes | Modified Date = 2003-06-24 3:33:04 PM | Attr = ]
    SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.2.3.10 24Jun03 | Size = 126976 bytes | Modified Date = 2003-06-24 3:34:38 PM | Attr = ]
    TpShocks -> %System32%\TpShocks.exe -> IBM Corp. [Ver = 1, 0, 0, 1 | Size = 102400 bytes | Modified Date = 2004-03-26 7:16:30 PM | Attr = ]
    UnlockerAssistant -> %ProgramFiles%\Unlocker\UnlockerAssistant.exe -> [Ver = | Size = 15360 bytes | Modified Date = 2006-09-07 3:58:40 AM | Attr = ]
    WinVNC -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1, 0, 0, 18 | Size = 630854 bytes | Modified Date = 2004-06-20 8:45:28 PM | Attr = ]
    < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
    IMAIL -> Installed = 1 ->
    MAPI -> Installed = 1 ->
    MSFS -> Installed = 1 ->
    < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    STYLEXP -> %ProgramFiles%\TGTSoft\StyleXP\StyleXP.exe -> [Ver = 0, 30, 9, 0 | Size = 1347584 bytes | Modified Date = 2005-06-09 8:55:12 PM | Attr = ]
    SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 8, 0, 1002 | Size = 1314816 bytes | Modified Date = 2007-05-23 10:12:46 AM | Attr = ]
    < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    -> %AllUsersStartup%\HP Image Zone Fast Start.lnk -> File not found
    -> %AllUsersStartup%\Microsoft Office OneNote 2003 Quick Launch.lnk -> File not found
    < User Startup > -> C:\Documents and Settings\kgarach\Start Menu\Programs\Startup
    %UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 2005-03-16 8:16:50 PM | Attr = ]
    < AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
    {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 2006-12-20 1:55:48 PM | Attr = ]
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 2007-04-19 1:41:36 PM | Attr = ]
    AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 46080 bytes | Modified Date = 2005-05-25 10:56:52 PM | Attr = ]
    WRNotifier -> WRLogonNTF.dll -> File not found
    < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
    < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
    < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
    127.0.0.1 localhost -> ->
    < Internet Explorer Settings > ->
    HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
    HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
    HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
    HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
    HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
    HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
    HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
    HKCU: Start Page -> http://www.yahoo.com/ ->
    HKCU: ProxyEnable -> 0 ->
    < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    msn.com [ - ] -> ->
    < Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
    diweb_grhosp.com [http] -> ->
    diweb_grhosp.com [https] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 2006-12-18 5:16:42 AM | Attr = ]
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 2005-05-31 1:04:00 AM | Attr = ]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 2007-03-14 3:43:40 AM | Attr = ]
    < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
    {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 2007-03-14 3:43:42 AM | Attr = ]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 2007-03-14 3:43:40 AM | Attr = ]
    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
    < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
    E&xport to Microsoft Excel -> -> File not found
    Open with Scansoft PDF Converter 3.0 -> %ProgramFiles%\ScanSoft\PDF Professional 3.0\IEShellExt.dll -> ScanSoft, Inc. [Ver = 3.0.5229.1 | Size = 32768 bytes | Modified Date = 2005-04-29 2:58:32 AM | Attr = ]
    < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
    SV1 -> ->
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
    {0BDD3D8A-39D5-43D1-AAA0-167801FB58EE} -> (Intel(R) PRO/1000 MT Mobile Connection) ->
    {0FF686EA-50AA-470B-8D79-81A5F31528AE} -> () ->
    {9A807AC8-7C8B-4BEC-AC77-8B320AF337BC} -> () ->
    {BDBC2630-DCE5-4AB7-8317-E561F4DDA560} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
    {CE2644C7-C317-4139-8C87-D71537C5929B} -> (11b/g Wireless LAN Mini PCI Adapter) ->
    {D50EB22A-8DCA-4ED3-ACCE-420EBF6813E7} -> (Intel(R) PRO/Wireless 2915ABG Network Connection) ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
    ipp -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
    {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab ->
    {1B9935E4-8A50-4DD8-BD09-A7518723BF97} -> Talisma NetAgent Customer ActiveX Control version 3 - CodeBase = https://intuitcanada.ehosts.net/netagent/objects/custappx3.cab ->
    {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc3.cab ->
    {6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153970525535 ->
    {7FA319FB-FFB9-4089-87EB-63179244E6E6} -> NetDirect - CodeBase = https://ssl.grhosp.on.ca/nortel_cacheable/NetDirect.cab ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
    {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} -> Iewiper Control - CodeBase = https://ssl.grhosp.on.ca/nortel_cacheable/iewiper.cab ->
    {A7B17C34-D894-11D3-AE37-0050DA39FE5C} -> WebClientInstall Class - CodeBase = http://diweb.grhosp.com/magicweb/bin/WebClientInstall.cab ->
    {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} -> JInitiator 1.3.1.13 - CodeBase = http://grh309:7850/forms90/jinitiator/jinit.exe ->
    {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->


    to be continued...
     
  11. ktg35envy

    ktg35envy Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    67
    and part 2 again...

    [Files/Folders - Created Within 30 days]
    _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2007-06-18 3:06:35 PM | Attr = ]
    $NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ -> [Folder | Created Date = 2007-06-13 2:18:43 PM | Attr = ]
    $NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 2007-06-13 2:23:12 PM | Attr = ]
    $NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 2007-06-13 2:23:44 PM | Attr = ]
    $NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 2007-06-13 2:23:02 PM | Attr = ]
    $NtUninstallKB932168$(2) -> %SystemRoot%\$NtUninstallKB932168$(2) -> [Folder | Created Date = 2007-06-13 2:19:00 PM | Attr = ]
    $NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Created Date = 2007-06-13 2:23:25 PM | Attr = ]
    $NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 2007-06-13 2:25:36 PM | Attr = ]
    $NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 2007-06-13 2:23:54 PM | Attr = ]
    BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 2007-06-14 9:33:08 AM | Attr = ]
    imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 2007-06-13 2:18:54 PM | Attr = ]
    WB.ini -> %SystemRoot%\WB.ini -> [Ver = | Size = 0 bytes | Created Date = 2007-06-08 1:43:37 PM | Attr = ]
    WMSysPr8.prx -> %SystemRoot%\WMSysPr8.prx -> [Ver = | Size = 156910 bytes | Created Date = 2007-06-07 1:00:18 PM | Attr = ]
    _MSRSTRT.EXE -> %SystemRoot%\_MSRSTRT.EXE -> [Ver = | Size = 2560 bytes | Created Date = 2007-06-08 1:49:00 PM | Attr = ]
    ac3acm.acm -> %System32%\ac3acm.acm -> fccHandler [Ver = 1, 31, 0, 0 | Size = 118784 bytes | Created Date = 2007-06-06 2:52:07 PM | Attr = ]
    actskn43.ocx -> %System32%\actskn43.ocx -> [Ver = 4, 3, 0, 0 | Size = 389120 bytes | Created Date = 2007-06-07 12:06:49 PM | Attr = ]
    alf2cd.acm -> %System32%\alf2cd.acm -> NCT Company [Ver = 2.03 | Size = 38912 bytes | Created Date = 2007-06-07 1:00:17 PM | Attr = ]
    divx.dll -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Created Date = 2007-06-06 2:52:01 PM | Attr = ]
    divxa32.acm -> %System32%\divxa32.acm -> Kristal Studi [Ver = 4.2.00.000 | Size = 287744 bytes | Created Date = 2007-06-06 2:52:07 PM | Attr = ]
    divxdec.ax -> %System32%\divxdec.ax -> DivXNetworks, Inc. [Ver = 5.2.1.1335 | Size = 577536 bytes | Created Date = 2007-06-07 12:06:54 PM | Attr = ]
    dpl100.dll -> %System32%\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 12 | Size = 73728 bytes | Created Date = 2007-06-06 2:52:04 PM | Attr = ]
    dpu11.dll -> %System32%\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    dpuGUI11.dll -> %System32%\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    dpv11.dll -> %System32%\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    dtu100.dll -> %System32%\dtu100.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 200704 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    ff_vfw.dll -> %System32%\ff_vfw.dll -> [Ver = | Size = 10752 bytes | Created Date = 2007-06-06 2:52:01 PM | Attr = ]
    ff_vfw.dll.manifest -> %System32%\ff_vfw.dll.manifest -> [Ver = | Size = 547 bytes | Created Date = 2007-06-06 2:52:01 PM | Attr = ]
    huffyuv.dll -> %System32%\huffyuv.dll -> Disappearing Inc. [Ver = 2.1.1 - CCESP Patch v0.2.5 | Size = 39936 bytes | Created Date = 2007-06-06 2:52:06 PM | Attr = ]
    I263_32.drv -> %System32%\I263_32.drv -> Intel Corporation [Ver = V2.55.012 | Size = 391680 bytes | Created Date = 2007-06-06 2:52:06 PM | Attr = ]
    i420vfw.dll -> %System32%\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 217088 bytes | Created Date = 2007-06-06 2:52:06 PM | Attr = ]
    Iacenc.dll -> %System32%\Iacenc.dll -> Intel Corporation [Ver = 2.05.53 | Size = 144384 bytes | Created Date = 2007-06-06 2:52:06 PM | Attr = ]
    IMC32.acm -> %System32%\IMC32.acm -> Intel Corporation [Ver = 1.02 | Size = 98304 bytes | Created Date = 2007-06-06 2:52:06 PM | Attr = ]
    java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 2007-06-15 9:18:14 AM | Attr = ]
    javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 69632 bytes | Created Date = 2007-06-15 9:18:14 AM | Attr = ]
    javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 135168 bytes | Created Date = 2007-06-15 9:18:14 AM | Attr = ]
    javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 139264 bytes | Created Date = 2007-06-15 9:18:14 AM | Attr = ]
    Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 2007-06-14 3:02:42 PM | Attr = ]
    lameACM.acm -> %System32%\lameACM.acm -> http://www.mp3dev.org/ [Ver = 0.9.1 | Size = 389120 bytes | Created Date = 2007-06-06 2:52:07 PM | Attr = ]
    lame_acm.xml -> %System32%\lame_acm.xml -> [Ver = | Size = 414 bytes | Created Date = 2007-06-06 2:52:07 PM | Attr = ]
    libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8 | Size = 1044480 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    mcdvd_32.dll -> %System32%\mcdvd_32.dll -> MainConcept [Ver = 2.0.4 | Size = 261632 bytes | Created Date = 2007-06-07 1:00:17 PM | Attr = ]
    mp3fhg.acm -> %System32%\mp3fhg.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 3, 4, 0, 0 | Size = 232448 bytes | Created Date = 2007-06-06 2:52:07 PM | Attr = ]
    qt-dx331.dll -> %System32%\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Created Date = 2007-06-06 2:52:04 PM | Attr = ]
    Scg726.acm -> %System32%\Scg726.acm -> SHARP Corporation [Ver = 1, 0, 0, 3 | Size = 13239 bytes | Created Date = 2007-06-07 1:00:17 PM | Attr = ]
    ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8 | Size = 200704 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    vct3216.acm -> %System32%\vct3216.acm -> Voxware, Inc. [Ver = 1.6.0.17 | Size = 82944 bytes | Created Date = 2007-06-07 1:00:17 PM | Attr = ]
    vorbis.acm -> %System32%\vorbis.acm -> HMS http://hp.vector.co.jp/authors/VA012897/ [Ver = 0, 0, 3, 6 | Size = 1294336 bytes | Created Date = 2007-06-06 2:52:07 PM | Attr = ]
    vp6vfw.dll -> %System32%\vp6vfw.dll -> On2.com [Ver = 6,4,2,0 | Size = 438272 bytes | Created Date = 2007-06-06 2:52:05 PM | Attr = ]
    vp7vfw.dll -> %System32%\vp7vfw.dll -> On2.com [Ver = 7,0,10,0 | Size = 630784 bytes | Created Date = 2007-06-06 2:52:05 PM | Attr = ]
    wbload.dll -> %System32%\wbload.dll -> [Ver = | Size = 20480 bytes | Created Date = 2007-06-08 1:33:34 PM | Attr = ]
    wbsys.dll -> %System32%\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Created Date = 2007-06-08 1:33:34 PM | Attr = ]
    wnaspi32.dll -> %System32%\wnaspi32.dll -> Adaptec [Ver = 4.71 (0002) | Size = 45056 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    x264vfw.dll -> %System32%\x264vfw.dll -> [Ver = | Size = 548864 bytes | Created Date = 2007-06-06 2:52:05 PM | Attr = ]
    xvidcore.dll -> %System32%\xvidcore.dll -> [Ver = | Size = 524288 bytes | Created Date = 2007-06-06 2:52:05 PM | Attr = ]
    xvidvfw.dll -> %System32%\xvidvfw.dll -> [Ver = | Size = 139264 bytes | Created Date = 2007-06-06 2:52:05 PM | Attr = ]
    yv12vfw.dll -> %System32%\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 217088 bytes | Created Date = 2007-06-06 2:52:06 PM | Attr = ]
    aspi32.sys -> %System32%\drivers\aspi32.sys -> Adaptec [Ver = 4.71 (0002) built by: WinDDK | Size = 16512 bytes | Created Date = 2007-06-07 12:06:51 PM | Attr = ]
    ikfileflt.sys -> %System32%\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 39376 bytes | Created Date = 2007-06-14 10:55:10 PM | Attr = ]
    ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1027 | Size = 53840 bytes | Created Date = 2007-06-14 10:55:10 PM | Attr = ]
    iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1019 | Size = 57424 bytes | Created Date = 2007-06-14 10:55:10 PM | Attr = ]
    iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1018 | Size = 83024 bytes | Created Date = 2007-06-14 10:55:10 PM | Attr = ]
    kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29264 bytes | Created Date = 2007-06-14 10:55:10 PM | Attr = ]

    [Files/Folders - Modified Within 30 days]
    Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2007-06-18 10:05:08 AM | Attr = H ]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535810048 bytes | Modified Date = 2007-06-19 11:20:38 AM | Attr = HS]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-06-19 1:18:56 PM | Attr = R ]
    WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-06-18 4:17:12 PM | Attr = ]
    _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2007-06-18 4:06:36 PM | Attr = ]
    $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-06-14 4:01:56 PM | Attr = H ]
    $NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ -> [Folder | Modified Date = 2007-06-14 4:03:08 PM | Attr = ]
    $NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 2007-06-14 4:03:00 PM | Attr = ]
    $NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 2007-06-14 4:02:54 PM | Attr = ]
    $NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 2007-06-14 4:03:00 PM | Attr = ]
    $NtUninstallKB932168$(2) -> %SystemRoot%\$NtUninstallKB932168$(2) -> [Folder | Modified Date = 2007-06-14 4:03:06 PM | Attr = ]
    $NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Modified Date = 2007-06-14 4:02:58 PM | Attr = ]
    $NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 2007-06-14 4:02:50 PM | Attr = ]
    $NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 2007-06-14 4:02:52 PM | Attr = ]
    BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 2007-06-14 4:02:44 PM | Attr = ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-06-19 11:20:40 AM | Attr = S]
    bthservsdp.dat -> %SystemRoot%\bthservsdp.dat -> [Ver = | Size = 12 bytes | Modified Date = 2007-06-19 11:19:32 AM | Attr = ]
    cfgall.ini -> %SystemRoot%\cfgall.ini -> [Ver = | Size = 7778 bytes | Modified Date = 2007-06-19 9:36:28 AM | Attr = ]
    Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2007-06-13 3:24:06 PM | Attr = ]
    Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-06-14 10:33:14 AM | Attr = S]
    Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2007-06-14 4:17:10 PM | Attr = R S]
    GPInstall.exe -> %SystemRoot%\GPInstall.exe -> Qsc [Ver = 5.0.3.32 | Size = 796672 bytes | Modified Date = 2007-06-14 4:18:34 PM | Attr = ]
    hpbafd.ini -> %SystemRoot%\hpbafd.ini -> [Ver = | Size = 182 bytes | Modified Date = 2007-06-07 3:11:00 PM | Attr = ]
    imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2007-06-13 3:24:00 PM | Attr = ]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-06-14 4:03:08 PM | Attr = H ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-06-18 10:05:08 AM | Attr = HS]
    msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 2007-06-14 4:02:50 PM | Attr = ]
    NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 2007-06-16 11:25:32 PM | Attr = ]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-06-19 1:22:34 PM | Attr = ]
    Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2007-06-14 4:03:48 PM | Attr = ]
    security -> %SystemRoot%\security -> [Folder | Modified Date = 2007-06-19 11:27:42 AM | Attr = ]
    SMSCFG.ini -> %SystemRoot%\SMSCFG.ini -> [Ver = | Size = 456 bytes | Modified Date = 2007-06-19 11:22:26 AM | Attr = ]
    system -> %SystemRoot%\system -> [Folder | Modified Date = 2007-06-08 12:34:20 PM | Attr = ]
    system32 -> %System32% -> [Folder | Modified Date = 2007-06-19 1:53:34 PM | Attr = ]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-06-19 1:57:58 PM | Attr = ]
    WB.ini -> %SystemRoot%\WB.ini -> [Ver = | Size = 0 bytes | Modified Date = 2007-06-08 2:43:38 PM | Attr = ]
    win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 777 bytes | Modified Date = 2007-06-08 2:45:20 PM | Attr = ]
    WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2007-06-07 2:00:46 PM | Attr = ]
    _MSRSTRT.EXE -> %SystemRoot%\_MSRSTRT.EXE -> [Ver = | Size = 2560 bytes | Modified Date = 2007-06-08 2:49:02 PM | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-06-19 11:20:44 AM | Attr = H ]
    CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 2007-06-16 10:58:08 PM | Attr = ]
    CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-06-16 10:58:02 PM | Attr = ]
    config -> %System32%\config -> [Folder | Modified Date = 2007-06-14 4:04:34 PM | Attr = ]
    divx.dll -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Modified Date = 2007-05-31 8:44:56 AM | Attr = ]
    dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-06-14 4:03:04 PM | Attr = RHS]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-06-19 11:24:58 AM | Attr = ]
    DRVSTORE -> %System32%\DRVSTORE -> [Folder | Modified Date = 2007-06-08 1:01:26 PM | Attr = ]
    ff_vfw.dll -> %System32%\ff_vfw.dll -> [Ver = | Size = 10752 bytes | Modified Date = 2007-06-03 2:31:28 PM | Attr = ]
    FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 262232 bytes | Modified Date = 2007-06-08 9:32:44 AM | Attr = ]
    Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 2007-06-14 4:02:44 PM | Attr = ]
    Restore -> %System32%\Restore -> [Folder | Modified Date = 2007-06-14 3:26:22 PM | Attr = ]
    usmt -> %System32%\usmt -> [Folder | Modified Date = 2007-06-14 4:03:08 PM | Attr = ]
    wbem -> %System32%\wbem -> [Folder | Modified Date = 2007-06-14 4:03:48 PM | Attr = ]
    wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2007-06-19 11:21:58 AM | Attr = ]
    ikfileflt.sys -> %System32%\drivers\ikfileflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1017 | Size = 39376 bytes | Modified Date = 2007-05-23 4:58:38 PM | Attr = ]
    ikfilesec.sys -> %System32%\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1027 | Size = 53840 bytes | Modified Date = 2007-05-23 4:58:42 PM | Attr = ]
    iksysflt.sys -> %System32%\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1019 | Size = 57424 bytes | Modified Date = 2007-05-23 4:58:46 PM | Attr = ]
    iksyssec.sys -> %System32%\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1018 | Size = 83024 bytes | Modified Date = 2007-05-23 4:58:50 PM | Attr = ]
    kcom.sys -> %System32%\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29264 bytes | Modified Date = 2007-05-23 4:58:54 PM | Attr = ]

    [File String Scan - Non-Microsoft Only]
    PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2001-08-23 12:00:00 PM | Attr = ]
    PEC2 , PECompact2 , -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.6.1.4 | Size = 740442 bytes | Modified Date = 2007-05-31 8:44:56 AM | Attr = ]
    winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2001-08-23 12:00:00 PM | Attr = ]
    WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2001-08-23 12:00:00 PM | Attr = ]
    PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 2004-08-03 11:41:38 PM | Attr = ]

    < End of report >
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    How is it running now? Any problems?
     
  13. ktg35envy

    ktg35envy Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    67
    sorry the same issue is happening. blank white screen. maybe its a configuration problem in IE6 or maybe an active x thing or java issue. i noticed i had a java error yellow triangle with exclamation mark in the bottom left corner of my browser sometimes. maybe its a java thing. here is a pic.
     

    Attached Files:

  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  15. ktg35envy

    ktg35envy Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    67
    the IE fix program did the trick!!! thank you so much for your help.(y) :) this is a wonderful site. everytime i have had an issue, you have managed to help me out. thanks again!:D
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/584485

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice