Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Tabs opening by themselves

  • 27-10-2007 4:54pm
    #1
    Registered Users, Registered Users 2 Posts: 6,462
    ✭✭✭


    Hi all

    I seem to have a problems with my Internet Explorer- New tabs keep opening themselves. For eg I can be on Boards.ie and threads will open that I didnt click, or on youtube and videos will open on tabs that I didnt open.

    I had a similar problem on an old pc and I believe someone thought it was a virus of some sort. (I'm running Vista and IE7)

    I have included the log from HijackThis but I cant see anything too odd on it (It should be noted that when I ran Hijack This I did get an error about being denied access to the host files and "An unexpected error has occurred at procedure: modMain_CheckOther1Item()
    Error #75 - Path/File access error")

    Would someone be able to have a look and see if there is something here causing the problem?

    Cheers



    Logfile of HijackThis v1.99.1
    Scan saved at 17:42:51, on 27/10/2007
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
    C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
    I:\Hijack this\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Komplett
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll
    O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Windows\ImageShackToolbar\ImageShackToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
    O16 - DPF: {xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx} (e-Safekey) - https://ebanking.nati...../activex/e-Safekey/NIB/e-Safekey.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4FA961E5-3BEE-4882-B6B7-F60014139C92}: NameServer = 213.94.190.235 213.94.190.195
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - c:\Users\Administrator\Temp\report\RpcSandraSrv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


Welcome!

It looks like you're new here. Sign in or register to get started.

Comments

  • Closed Accounts Posts: 1,970 ActorSeeksJob
    ✭✭✭


    Your log looks ok, try this

    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
    • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • Under Additional Scans on the bottom right, check the boxes for Reg - Disabled MS Config Items, Reg - Uninstall List.
    • Now click the Run Scan button on the toolbar.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.


  • Registered Users, Registered Users 2 Posts: 1,797 bobcar61
    ✭✭✭


    I don't have a resoultion for you but thats damn annoying and quite strange,I've never heard of that happening before


  • Registered Users, Registered Users 2 Posts: 6,462 TheBazman
    ✭✭✭


    Cheers

    I ran Winpfind3u but I got an error

    Winpfind3u: Windows -No Disk
    Exception Processing Message0xc0000013 Parameters 0x7634023C0x856........
    with options to Cancel, Try Again, and Continue

    However when I Continue - the program freezes (Not Responding) for a while then gives me the following


    [Processes - Non-Microsoft Only]
    avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 27/10/2007 08:47:10 | Attr = ]
    avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.497 | Size = 579072 bytes | Modified Date = 27/10/2007 08:47:12 | Attr = ]
    avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.494 | Size = 406528 bytes | Modified Date = 27/10/2007 08:47:12 | Attr = ]
    avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/06/2007 19:49:54 | Attr = ]
    avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/06/2007 19:49:54 | Attr = ]
    avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 27/05/2007 11:40:44 | Attr = ]
    flashutil9c.exe -> %System32%\Macromed\Flash\FlashUtil9c.exe -> Adobe Systems, Inc. [Ver = 9,0,45,0 | Size = 190696 bytes | Modified Date = 23/03/2007 21:59:38 | Attr = R ]
    ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 27/04/2007 10:25:52 | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14/03/2007 02:43:44 | Attr = ]
    launchapplication.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 83, 75, 3 | Size = 227328 bytes | Modified Date = 23/03/2007 12:20:52 | Attr = ]
    nmsaccess.exe -> %ProgramFiles%\CDBurnerXP\NMSAccess.exe -> [Ver = | Size = 45056 bytes | Modified Date = 14/05/2003 10:10:46 | Attr = ]
    rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 54 | Size = 4435968 bytes | Modified Date = 23/04/2007 13:51:42 | Attr = ]
    servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 83, 78, 3 | Size = 292864 bytes | Modified Date = 26/03/2007 12:06:24 | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ]
    xaudio.exe -> %System32%\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 28/11/2006 15:44:58 | Attr = ]

    [Win32 Services - Non-Microsoft Only]
    (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 27/10/2007 08:47:10 | Attr = ]
    (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 27/05/2007 11:40:44 | Attr = ]
    (AvgCoreSvc) AVG7 Resident Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 25/06/2007 19:49:54 | Attr = ]
    (AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.494 | Size = 406528 bytes | Modified Date = 27/10/2007 08:47:12 | Attr = ]
    (CertPropSvc) Certificate Propagation [Win32_Shared | Unknown | Stopped] -> -> File not found
    (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Unknown | Running] -> -> File not found
    (DPS) Diagnostic Policy Service [Win32_Shared | Unknown | Running] -> -> File not found
    (gpsvc) Group Policy Client [Win32_Shared | Unknown | Running] -> -> File not found
    (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
    (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 500800 bytes | Modified Date = 27/04/2007 10:25:52 | Attr = ]
    (MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> -> File not found
    (NMSAccess) NMSAccess [Win32_Own | Auto | Running] -> %ProgramFiles%\CDBurnerXP\NMSAccess.exe -> [Ver = | Size = 45056 bytes | Modified Date = 14/05/2003 10:10:46 | Attr = ]
    (RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Unknown | Running] -> -> File not found
    (SandraTheSrv) Sandra Service [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Users\Administrator\Temp\report\RpcSandraSrv.exe -> File not found
    (SCardSvr) Smart Card [Win32_Shared | Unknown | Stopped] -> -> File not found
    (Schedule) Task Scheduler [Win32_Shared | Unknown | Running] -> -> File not found
    (SCPolicySvc) Smart Card Removal Policy [Win32_Shared | Unknown | Stopped] -> -> File not found
    (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 83, 78, 3 | Size = 292864 bytes | Modified Date = 26/03/2007 12:06:24 | Attr = ]
    (TrustedInstaller) Windows Modules Installer [Win32_Own | Unknown | Stopped] -> -> File not found
    (WdiServiceHost) Diagnostic Service Host [Win32_Shared | Unknown | Stopped] -> -> File not found
    (WdiSystemHost) Diagnostic System Host [Win32_Shared | Unknown | Running] -> -> File not found
    (XAudioService) XAudioService [Win32_Own | Auto | Running] -> %System32%\drivers\XAudio.exe -> Conexant Systems, Inc. [Ver = 1.02 | Size = 386560 bytes | Modified Date = 28/11/2006 15:44:58 | Attr = ]

    [Registry - Non-Microsoft Only]
    < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.497 | Size = 579072 bytes | Modified Date = 27/10/2007 08:47:12 | Attr = ]
    NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 7.15.11.5818 | Size = 8429568 bytes | Modified Date = 12/04/2007 15:07:00 | Attr = ]
    NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 7.15.11.5818 | Size = 81920 bytes | Modified Date = 12/04/2007 15:07:00 | Attr = ]
    NvSvc -> %System32%\nvsvc.dll [RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart] -> NVIDIA Corporation [Ver = 7.15.11.5818 | Size = 86016 bytes | Modified Date = 12/04/2007 15:07:00 | Attr = ]
    PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 83, 75, 3 | Size = 227328 bytes | Modified Date = 23/03/2007 12:20:52 | Attr = ]
    RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 54 | Size = 4435968 bytes | Modified Date = 23/04/2007 13:51:42 | Attr = ]
    SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 14/03/2007 02:43:44 | Attr = ]
    Windows Defender -> MSASCui.exe -> File not found
    < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
    IMAIL -> Installed = 1 ->
    MAPI -> Installed = 1 ->
    MSFS -> Installed = 1 ->
    < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
    < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    avgwlntf -> %System32%\avgwlntf.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.446 | Size = 9216 bytes | Modified Date = 27/05/2007 11:40:48 | Attr = ]
    < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 0 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
    < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
    < HOSTS File > (761 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
    127.0.0.1 localhost -> ->
    ::1 localhost -> ->
    < Internet Explorer Settings > -> ->
    HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
    HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
    HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
    HKCU: Local Page -> C:\Windows\system32\blank.htm ->
    HKCU: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
    HKCU: Start Page -> http://www.google.ie/ ->
    HKCU: ProxyEnable -> 0 ->
    < Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    toolbar_imageshack.us [http] -> ->
    < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 22:08:42 | Attr = ]
    {60BF5EE3-0105-4858-AD98-17C19F86B042} [HKLM] -> %ProgramFiles%\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll [Burn4Free Toolbar Helper] -> [Ver = 3,3,0,0 | Size = 827392 bytes | Modified Date = 03/07/2007 18:26:28 | Attr = ]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 02:43:40 | Attr = ]
    < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
    {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} [HKLM] -> %ProgramFiles%\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll [Burn4Free Toolbar] -> [Ver = 3,3,0,0 | Size = 827392 bytes | Modified Date = 03/07/2007 18:26:28 | Attr = ]
    {6932D140-ABC4-4073-A44C-D4A541665E35} [HKLM] -> %SystemRoot%\ImageShackToolbar\ImageShackToolbar.dll [ImageShack Toolbar] -> ImageShack Corp. [Ver = 4, 3, 5, 58 | Size = 602112 bytes | Modified Date = 21/08/2007 22:31:08 | Attr = ]
    < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
    WebBrowser\\{55FAF0F2-44D4-425F-B5F5-6B275B621EAB} [HKLM] -> %ProgramFiles%\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll [Burn4Free Toolbar] -> [Ver = 3,3,0,0 | Size = 827392 bytes | Modified Date = 03/07/2007 18:26:28 | Attr = ]
    < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 02:43:40 | Attr = ]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 14/03/2007 02:43:40 | Attr = ]
    < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
    E&xport to Microsoft Excel -> -> File not found
    < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {8B22B704-780C-4CF7-A320-17FBDB73069E} -> (Realtek RTL8169/8110 Family PCI Gigabit Ethernet NIC (NDIS 6.0)) ->
    < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
    about -> Reg Data - Key not found -> File not found
    dvd -> Reg Data - Key not found -> File not found
    its -> Reg Data - Key not found -> File not found
    mhtml -> Reg Data - Key not found -> File not found
    msdaipp -> Reg Data - Key not found -> File not found
    ms-its -> Reg Data - Key not found -> File not found
    tv -> Reg Data - Key not found -> File not found
    vbscript -> Reg Data - Key not found -> File not found
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {6932D140-ABC4-4073-A44C-D4A541665E35} -> ImageShack Toolbar - CodeBase = http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab ->
    {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -> Java Plug-in 1.6.0 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab ->
    {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
    {D8575CE3-3432-4540-88A9-xxxxxxxxxxx} -> e-Safekey - CodeBase = httpsebanking.nationalirishbank.ie/html/activex/e-Safekey/NIB/e-Safekey.cab ->


    [Registry - Additional Scans - Non-Microsoft Only]
    < Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
    C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 23/10/2006 00:48:20 | Attr = ]
    C:^Prograxxxxx xxxxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk -> %ProgramFiles%\OpenOffice.org 2.2\program\quickstart.exe -> [Ver = | Size = 393216 bytes | Modified Date = 02/02/2007 15:54:56 | Attr = ]
    < Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
    Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 06/06/2005 22:46:24 | Attr = ]
    iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.1.1.5 | Size = 257088 bytes | Modified Date = 27/04/2007 10:25:58 | Attr = ]
    PCSuiteTrayApplication -> %ProgramFiles%\Nokia\Nokia PC Suite 6\LaunchApplication.exe -> Nokia [Ver = 6, 83, 75, 3 | Size = 227328 bytes | Modified Date = 23/03/2007 12:20:52 | Attr = ]
    QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 27/04/2007 08:41:54 | Attr = ]
    < Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
    {066D65EA-ED53-44E4-A96A-F81B6E409D2E} -> PC Connectivity Solution ->
    {08094E03-AFE4-4853-9D31-6D0743DF5328} -> QuickTime ->
    {3186AEAE-E104-424D-9152-1BF6A4404758} -> Nokia Software Updater ->
    {3248F0A8-6813-11D6-A77B-00B0D0160000} -> Java(TM) SE Runtime Environment 6 ->
    {3248F0A8-6813-11D6-A77B-00B0D0160010} -> Java(TM) SE Runtime Environment 6 Update 1 ->
    {3592F5CB-B524-43AA-92F2-2377268199CC} -> iTunes ->
    {37477865-A3F1-4772-AD43-AAFC6BCFF99F} -> MSXML 4.0 SP2 (KB927978) ->
    {407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B} -> Google Earth ->
    {4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} -> Adobe® Photoshop® Album Starter Edition 3.0 ->
    {57A48477-92F0-4C1F-ADF9-4806C4EC3CF2} -> Nokia PC Suite ->
    {59359B3D-ABE7-46BF-AB55-43B67A64DC68} -> Nokia MTP driver ->
    {5C29CB8B-AC1E-4114-8D68-9CD080140D4A} -> Sony USB Driver ->
    {73E30715-9EC4-4DAE-BE67-64500AEB8012} -> Nokia Nseries Skin for Microsoft Windows Media Player ->
    {77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8} -> Nokia themes for your device ->
    {78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747} -> Ad-Aware SE Personal ->
    {83B26E5D-1795-4DFE-9317-0FA0F3AAB568} -> Paint.NET v3.08 ->
    {8D9D8304-5241-41EB-BC97-D78E094323B7}_is1 -> CDBurnerXP ->
    {91130409-6000-11D3-8CFE-0050048383C9} -> Microsoft Office XP Small Business ->
    {972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1} -> Nokia Connectivity Cable Driver ->
    {A080492B-91D0-4CB8-AE02-9FF2EF9FFDC8} -> ImageShack Toolbar for Internet Explorer ->
    {A1C8D94A-4303-4489-B585-4B6E6CD408CB} -> OpenOffice.org 2.2 ->
    {AC76BA86-7AD7-1033-7B44-A80000000002} -> Adobe Reader 8 ->
    {AF599832-2305-4922-9342-6FF48894E384} -> Opera 9.21 ->
    {BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1 -> ConvertXtoDVD 2.2.3.258 ->
    {C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181) ->
    {C523D256-313D-4866-B36A-F3DE528246EF} -> MSXML 4.0 SP2 (KB941833) ->
    {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 ->
    {CD95F661-A5C4-44F5-A6AA-ECDD91C240B5} -> WinZip 11.1 ->
    {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver ->
    {F9FD80CE-0448-4D4F-8BCD-77FC514C3F99} -> Vista Codec Package ->
    0852D05415AB9A4F1EF451E342267F76C776ED2F -> Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) ->
    Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX ->
    Adobe Flash Player Plugin -> Adobe Flash Player Plugin ->
    Adobe Shockwave Player -> Adobe Shockwave Player ->
    AdobeESD -> Adobe Download Manager 2.2 (Remove Only) ->
    Ares Tube_is1 -> Ares Tube 2.0 ->
    Audacity 1.3 Beta (Unicode)_is1 -> Audacity 1.3.3 (Unicode) ->
    AutoGK -> Auto Gordian Knot 2.40 ->
    AVG7Uninstall -> AVG 7.5 ->
    AviSynth -> AviSynth 2.5 ->
    Burn4Free -> Burn4Free CD and DVD ->
    Burn4Free Toolbar -> Burn4Free Toolbar ->
    CCleaner -> CCleaner (remove only) ->
    CNXT_MODEM_USB_VID_0803&PID_1300 -> Zoom V92 USB Faxmodem ->
    DVD Decrypter -> DVD Decrypter (Remove Only) ->
    DVD Shrink_is1 -> DVD Shrink 3.2 ->
    DVDFab HD Decrypter_is1 -> DVDFab HD Decrypter 3.1.1.6 ->
    dvdSanta 4.50 - Make your own DVD movies!_is1 -> dvdSanta 4.50 ->
    Free DVD Ripper 2.25_is1 -> Free DVD Ripper Version 2.25 ->
    FrostWire -> FrostWire 4.13.1.7 BETA ->
    ImgBurn -> ImgBurn (Remove Only) ->
    LimeWire -> LimeWire 4.14.8 ->
    Nokia PC Suite -> Nokia PC Suite ->
    NVIDIA Drivers -> NVIDIA Drivers ->
    PS3 Video 9 -> PS3 Video 9 2.15 ->
    SUPER © -> SUPER © Version 2007.bld.23 (July 4, 2007) ->
    Video Convert Master_is1 -> Video Convert Master Trial Version (English) 8.0.1.18 ->
    Videora iPod Converter -> Videora iPod Converter 2.19 ->
    VLC media player -> VideoLAN VLC media player 0.8.6b ->
    VobSub -> VobSub v2.23 (Remove Only) ->
    WinGimp-2.0_is1 -> The GIMP 2.2.15 ->
    WinGTK-2_is1 -> GTK+ 2.10.11 runtime environment ->
    WinRAR archiver -> WinRAR archiver ->
    Xilisoft Video Converter -> Xilisoft Video Converter ->
    XviD MPEG4 Video Codec -> XviD MPEG4 Video Codec (remove only) ->
    Xvid_is1 -> Xvid 1.1.2 final uninstall ->


    [Files/Folders - Created Within 30 days]
    xxxxxx.ISO -> %SystemDrive%\xxxxxxx.ISO -> [Ver = | Size = -1099257856 bytes | Created Date = 28/10/2007 20:26:21 | Attr = ]
    xxxxxxx 3.avi -> %SystemDrive%\xxxxxxx 3.avi -> [Ver = | Size = 655527936 bytes | Created Date = 26/10/2007 20:41:06 | Attr = ]
    xxxxx.avi -> %SystemDrive%\xxxxx.avi -> [Ver = | Size = 455144960 bytes | Created Date = 26/10/2007 22:09:24 | Attr = ]
    MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 204956634 bytes | Created Date = 26/10/2007 23:53:41 | Attr = ]
    Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 26/10/2007 23:53:55 | Attr = ]
    WNASPI32.DLL -> %System32%\WNASPI32.DLL -> Adaptec [Ver = 4.70 (0008) | Size = 45056 bytes | Created Date = 26/10/2007 20:31:58 | Attr = ]
    ASPI32.SYS -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.70 (0008) built by: WinDDK | Size = 84832 bytes | Created Date = 26/10/2007 20:31:58 | Attr = ]

    [Files/Folders - Modified Within 30 days]
    xxxxx.ISO -> %SystemDrive%\xxxxx.ISO -> [Ver = | Size = -1099257856 bytes | Modified Date = 28/10/2007 20:29:24 | Attr = ]
    hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2145902592 bytes | Modified Date = 28/10/2007 18:17:20 | Attr = HS]
    Program Files -> %ProgramFiles% -> [Folder | Modified Date = 28/10/2007 23:02:16 | Attr = R ]
    xxxxx.avi -> %SystemDrive%\xxxxx.avi -> [Ver = | Size = 655527936 bytes | Modified Date = 26/10/2007 21:26:28 | Attr = ]
    System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 28/10/2007 19:14:04 | Attr = HS]
    xxxxx.avi -> %SystemDrive%\xxxxx.avi -> [Ver = | Size = 455144960 bytes | Modified Date = 26/10/2007 22:40:14 | Attr = ]
    Windows -> %SystemRoot% -> [Folder | Modified Date = 26/10/2007 23:53:56 | Attr = ]
    AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 11/10/2007 21:44:22 | Attr = ]
    bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 67584 bytes | Modified Date = 28/10/2007 18:17:24 | Attr = S]
    inf -> %SystemRoot%\inf -> [Folder | Modified Date = 28/10/2007 22:52:14 | Attr = ]
    Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 24/10/2007 20:58:44 | Attr = HS]
    MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 204956634 bytes | Modified Date = 26/10/2007 23:53:56 | Attr = ]
    Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 26/10/2007 23:53:56 | Attr = ]
    Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 28/10/2007 23:10:34 | Attr = ]
    System32 -> %System32% -> [Folder | Modified Date = 28/10/2007 22:52:16 | Attr = ]
    Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 28/10/2007 23:10:34 | Attr = ]
    winsxs -> %SystemRoot%\winsxs -> [Folder | Modified Date = 12/10/2007 13:07:32 | Attr = ]
    SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 28/10/2007 18:17:26 | Attr = H ]
    User_Feed_Synchronization-{3C9D3323-2FD1-40D0-9CFC-B0665643015C}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{3C9D3323-2FD1-40D0-9CFC-B0665643015C}.job -> [Ver = | Size = 430 bytes | Modified Date = 27/10/2007 22:36:54 | Attr = H ]
    7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3456 bytes | Modified Date = 28/10/2007 22:17:26 | Attr = H ]
    7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %System32%\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [Ver = | Size = 3456 bytes | Modified Date = 28/10/2007 22:17:26 | Attr = H ]
    catroot -> %System32%\catroot -> [Folder | Modified Date = 12/10/2007 13:07:32 | Attr = ]
    catroot2 -> %System32%\catroot2 -> [Folder | Modified Date = 13/10/2007 22:37:48 | Attr = ]
    drivers -> %System32%\drivers -> [Folder | Modified Date = 27/10/2007 08:47:16 | Attr = ]
    migration -> %System32%\migration -> [Folder | Modified Date = 11/10/2007 21:44:22 | Attr = ]
    perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 111812 bytes | Modified Date = 28/10/2007 22:52:16 | Attr = ]
    perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 631234 bytes | Modified Date = 28/10/2007 22:52:16 | Attr = ]
    PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 729436 bytes | Modified Date = 28/10/2007 22:52:16 | Attr = ]
    xvid-uninstall.exe -> %System32%\xvid-uninstall.exe -> [Ver = | Size = 43602 bytes | Modified Date = 22/10/2007 17:47:22 | Attr = ]
    avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 27/10/2007 08:47:08 | Attr = ]

    [File String Scan - Non-Microsoft Only]
    File scan skipped for file %SystemDrive%\xxxxx.avi -> File size too big (655527936 bytes) ->
    File scan skipped for file %SystemDrive%\xxxx.avi -> File size too big (455144960 bytes) ->
    File scan skipped for file %SystemDrive%\WinPEpge.sys -> File size too big (268435456 bytes) ->
    File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (204956634 bytes) ->
    UPX! , UPX0 , -> %System32%\ac3DX.ax -> [Ver = 1.01a | Size = 227328 bytes | Modified Date = 12/09/2006 10:46:24 | Attr = RHS]
    UPX! , UPX0 , -> %System32%\AVCDX.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Modified Date = 12/01/2006 22:23:26 | Attr = RHS]
    UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 28/10/2005 16:44:12 | Attr = ]
    UPX! , UPX0 , -> %System32%\b4fm.dll -> [Ver = | Size = 224768 bytes | Modified Date = 02/08/2005 22:03:52 | Attr = ]
    UPX! , UPX0 , -> %System32%\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Modified Date = 16/08/2006 13:53:32 | Attr = RHS]
    UPX! , UPX0 , -> %System32%\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Modified Date = 17/01/2005 22:26:36 | Attr = RHS]
    UPX! , UPX0 , -> %System32%\flvDX.dll -> Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Modified Date = 03/05/2006 09:06:54 | Attr = RHS]
    UPX! , UPX0 , -> %System32%\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 02/01/2004 23:08:00 | Attr = ]
    UPX! , UPX0 , -> %System32%\MatroskaDX.ax -> Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Modified Date = 10/03/2006 20:48:48 | Attr = RHS]
    PEC2 , PECompact2 , -> %System32%\msfDX.dll -> Hans Mayerl [Ver = 2.02.2113 | Size = 31232 bytes | Modified Date = 21/02/2007 10:47:16 | Attr = RHS]
    UPX! , UPX0 , -> %System32%\qtalt.ax -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 30/04/2004 20:46:24 | Attr = ]
    UPX! , UPX0 , -> %System32%\RealMediaDX.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Modified Date = 25/11/2005 19:46:34 | Attr = RHS]
    UPX! , UPX0 , -> %System32%\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Modified Date = 20/11/2003 22:00:00 | Attr = RHS]
    UPX! , UPX0 , -> %System32%\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Modified Date = 26/04/2004 22:00:00 | Attr = RHS]
    UPX! , UPX0 , -> %System32%\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Modified Date = 12/02/2005 22:00:00 | Attr = RHS]
    UPX! , UPX0 , -> %System32%\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Modified Date = 12/02/2005 22:00:00 | Attr = RHS]
    UPX! , UPX0 , -> %System32%\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Modified Date = 12/02/2005 22:00:00 | Attr = RHS]
    UPX! , UPX0 , -> %System32%\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Modified Date = 05/02/2005 22:00:00 | Attr = RHS]
    UPX! , UPX0 , -> %System32%\rmalt.ax -> Gabest [Ver = 1, 0, 0, 4 | Size = 116224 bytes | Modified Date = 26/03/2004 15:32:36 | Attr = ]
    Thawte Consulting , -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 07/10/2006 02:18:32 | Attr = ]
    PEC2 , PECompact2 , -> %System32%\Smab.dll -> [Ver = | Size = 394240 bytes | Modified Date = 14/05/2007 14:24:30 | Attr = ]
    UPX! , UPX0 , -> %System32%\x.264.exe -> [Ver = | Size = 240128 bytes | Modified Date = 10/11/2005 12:16:02 | Attr = ]
    UPX! , UPX0 , -> %System32%\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 02/01/2004 23:08:00 | Attr = ]
    UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 27/10/2007 08:47:08 | Attr = ]

    < End of report >


  • Closed Accounts Posts: 1,970 ActorSeeksJob
    ✭✭✭


    You can delete WinPFind3.exe

    That didn't find anything which is not helpful.

    New tabs keep opening themselves. For eg I can be on Boards.ie and threads will open that I didnt click,
    Do these new tabs go to any specific sites? Or is it just to the ones you are on already?


    This may not be malware related but lets make sure


    Please download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.
    • Open a command window by going to Start > Run and typing: cmd
    • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
    • Hit "Enter" to start the program and then close the cmd box.
    • Accept the user agreement and click "Next".
    • Click "Scan".
    • After the scan is complete, click "Next", then "Exit".
    • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
    • The log will have a list of all items found. Do not choose to rename any yet!
      I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.
    • Exit Blacklight and post the contents of the log in your next reply.



    * Click here to download AVG Anti Rootkit and save it to your desktop.
    • Double-click on the AVG_AntiRootkit_1.0.0.42.exe file to run it.
    • Click "I Agree" to agree to the EULA.
    • By default it will install to "G:\Program Files\GRISOFT\AVG Anti-Rootkit Beta".
    • Click "Next" to begin the installation then click "Install".
    • It will then ask you to reboot now to finish the installation.
    • Click "Finish" and your computer will reboot.
    • After it reboots, double-click on the AVG Anti-Rootkit Beta shortcut that is now on your desktop.
    • Click on the "Perform in-depth search" button to begin the scan.
    • The scan will take a while so be patient and let it complete.
    • When the scan is finished, click the "Save result to file" button.
    • Save the scan results to your desktop then come back here to copy and paste the results in your next reply to this thread.


  • Registered Users, Registered Users 2 Posts: 6,462 TheBazman
    ✭✭✭


    Cheers for the help so far

    Not much to report from the fsbl log (see below)

    0/29/07 08:30:30 [Info]: BlackLight Engine 1.0.67 initialized
    10/29/07 08:30:30 [Info]: OS: 6.0 build 6000 ()
    10/29/07 08:30:31 [Note]: 7019 4
    10/29/07 08:30:31 [Note]: 7005 0
    10/29/07 08:30:33 [Note]: 7006 0
    10/29/07 08:30:33 [Note]: 7022 0
    10/29/07 08:30:33 [Note]: 7027 0
    10/29/07 08:30:34 [Note]: 7026 0
    10/29/07 08:30:34 [Note]: 7026 0
    10/29/07 08:30:36 [Note]: FSRAW library version 1.7.1024
    10/29/07 08:44:40 [Note]: 7007 0

    I'm working on the AVG


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 6,462 TheBazman
    ✭✭✭


    right well I ran AVG - I couldnt save the log as it said it didnt find anything, so I didnt get the option.

    Also on your other question - the tabs dont open up to new sites, they just open up new tabs of the existing site I'm on. For example a new boards.ie thread could open up on a new tab as I'm typing this.

    I'm wondering could it be a glitch with IE - should I just switch to another browser?


  • Closed Accounts Posts: 1,970 ActorSeeksJob
    ✭✭✭


    Not sure what is responsible, I thought it was malware related but doesn't seem to be.


  • Closed Accounts Posts: 793 white_falcon
    ✭✭✭


    TheBazman wrote: »
    right well I ran AVG - I couldnt save the log as it said it didnt find anything, so I didnt get the option.

    Also on your other question - the tabs dont open up to new sites, they just open up new tabs of the existing site I'm on. For example a new boards.ie thread could open up on a new tab as I'm typing this.

    I'm wondering could it be a glitch with IE - should I just switch to another browser?

    use firefox...it can do everything IE can and loads that it IE can't

    plus it is more secure


Welcome!

It looks like you're new here. Sign in or register to get started.
Advertisement