Help - trying to remove BraveSentry etc

**StckFigure** · 05-17-2007, 05:16 PM

Part 2

--------------------------------------------------------------------------
Select AutoRun Registry Keys:
--------------------------------------------------------------------------

HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe

HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runonce

HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runonceex

HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runservices

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run
SoundMan REG_SZ SOUNDMAN.EXE
CTSysVol REG_SZ C:\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
P17Helper REG_SZ Rundll32 P17.dll,P17Helper
WinFast Schedule REG_SZ C:\WinFast\WFTVFM\WFWIZ.exe
<NO NAME> REG_SZ
ATIMACE REG_SZ MACE.exe
ccApp REG_SZ "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonceex
Flag REG_SZ
Windows Update REG_SZ C:\WINDOWS\scvhost.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runservices

Error: Key: software\microsoft\windows\currentversion\runservi cesonce does not exist!

HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run

Error: Key: .default\software\microsoft\windows\currentversion \runonce does not exist!

HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run

Error: Key: s-1-5-18\software\microsoft\windows\currentversion\runon ce does not exist!

HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\run

Error: Key: s-1-5-19\software\microsoft\windows\currentversion\runon ce does not exist!

HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\run

Error: Key: s-1-5-20\software\microsoft\windows\currentversion\runon ce does not exist!

Error: Key: s-1-5-18\microsoft\windows nt\currentversion\windows\load does not exist!

Error: Key: software\microsoft\windows nt\currentversion\windows\run does not exist!

--------------------------------------------------------------------------
WinLogon Notify Registry Key:
--------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent
DLLName REG_SZ Ati2evxx.dll
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 1 (0x1)
Lock REG_SZ AtiLockEvent
Logoff REG_SZ AtiLogoffEvent
Logon REG_SZ AtiLogonEvent
Disconnect REG_SZ AtiDisConnectEvent
Reconnect REG_SZ AtiReConnectEvent
Safe REG_DWORD 0 (0x0)
Shutdown REG_SZ AtiShutdownEvent
StartScreenSaver REG_SZ AtiStartScreenSaverEvent
StartShell REG_SZ AtiStartShellEvent
Startup REG_SZ AtiStartupEvent
StopScreenSaver REG_SZ AtiStopScreenSaverEvent
Unlock REG_SZ AtiUnLockEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ crypt32.dll
Logoff REG_SZ ChainWlxLogoffEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
Asynchronous REG_DWORD 0 (0x0)
Impersonate REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ cryptnet.dll
Logoff REG_SZ CryptnetWlxLogoffEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
DLLName REG_SZ cscdll.dll
Logon REG_SZ WinlogonLogonEvent
Logoff REG_SZ WinlogonLogoffEvent
ScreenSaver REG_SZ WinlogonScreenSaverEvent
Startup REG_SZ WinlogonStartupEvent
Shutdown REG_SZ WinlogonShutdownEvent
StartShell REG_SZ WinlogonStartShellEvent
Impersonate REG_DWORD 0 (0x0)
Asynchronous REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
DLLName REG_SZ wlnotify.dll
Logon REG_SZ SCardStartCertProp
Logoff REG_SZ SCardStopCertProp
Lock REG_SZ SCardSuspendCertProp
Unlock REG_SZ SCardResumeCertProp
Enabled REG_DWORD 1 (0x1)
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
Asynchronous REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0 (0x0)
StartShell REG_SZ SchedStartShell
Logoff REG_SZ SchedEventLogOff

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
Logoff REG_SZ WLEventLogoff
Impersonate REG_DWORD 0 (0x0)
Asynchronous REG_DWORD 1 (0x1)
DllName REG_EXPAND_SZ sclgntfy.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
DLLName REG_SZ WlNotify.dll
Lock REG_SZ SensLockEvent
Logon REG_SZ SensLogonEvent
Logoff REG_SZ SensLogoffEvent
Safe REG_DWORD 1 (0x1)
MaxWait REG_DWORD 600 (0x258)
StartScreenSaver REG_SZ SensStartScreenSaverEvent
StopScreenSaver REG_SZ SensStopScreenSaverEvent
Startup REG_SZ SensStartupEvent
Shutdown REG_SZ SensShutdownEvent
StartShell REG_SZ SensStartShellEvent
PostShell REG_SZ SensPostShellEvent
Disconnect REG_SZ SensDisconnectEvent
Reconnect REG_SZ SensReconnectEvent
Unlock REG_SZ SensUnlockEvent
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
Asynchronous REG_DWORD 0 (0x0)
DllName REG_EXPAND_SZ wlnotify.dll
Impersonate REG_DWORD 0 (0x0)
Logoff REG_SZ TSEventLogoff
Logon REG_SZ TSEventLogon
PostShell REG_SZ TSEventPostShell
Shutdown REG_SZ TSEventShutdown
StartShell REG_SZ TSEventStartShell
Startup REG_SZ TSEventStartup
MaxWait REG_DWORD 600 (0x258)
Reconnect REG_SZ TSEventReconnect
Disconnect REG_SZ TSEventDisconnect

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
Logon REG_SZ WLEventLogon
Logoff REG_SZ WLEventLogoff
Startup REG_SZ WLEventStartup
Shutdown REG_SZ WLEventShutdown
StartScreenSaver REG_SZ WLEventStartScreenSaver
StopScreenSaver REG_SZ WLEventStopScreenSaver
Lock REG_SZ WLEventLock
Unlock REG_SZ WLEventUnlock
StartShell REG_SZ WLEventStartShell
PostShell REG_SZ WLEventPostShell
Disconnect REG_SZ WLEventDisconnect
Reconnect REG_SZ WLEventReconnect
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 0 (0x0)
SafeMode REG_DWORD 1 (0x1)
MaxWait REG_DWORD -1 (0xffffffff)
DllName REG_EXPAND_SZ WgaLogon.dll
Event REG_DWORD 0 (0x0)
EulaAccepted REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Setting s
Data REG_BINARY 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002a 7e88bac6d2bb489c00c780818e259404000000040000005300 000003660000a8000000100000007a285a36d51418470a1dda e2c92a2d900000000004800000a0000000100000005adf3a0e 19deddc251630e0767049704b00100008111d36050c9c2b007 5df641e7c49ad9438c8dca801c5c6a57e8a8602b801f10294c 5844a79f5fed412b77ff5859e143488effb0b6e5b4d23d5121 f02ad1e3be6ce71eab9d5accf13f98494bbbbe15d36dd9d0aa 0ee2f5d493cfd6200fbe545b0db994e96ee1471ce100fb6f80 80509f4896c8124dbd88a5b87c8acd224b3a155c99f64a275a 8eb814598589ba36342f8177872aee3ff8b1e10a963df4378a 8509c8710ed8c244719489ccebfc7879984adef99aa630380b 4dae1685ec13c47021858a32cc91909aaa0533fa8389013d04 37c88d628cce1347ddf633db3fc00605e19610c4458ee6df52 fd255455c9ae9f96425dad38022667382fba7d076f271fd958 88385d2005b54b750d7e90ebbcf931a718c02b5e8746031c55 e6f531ad686608ca112405666c2798e7e9b051c52b18270181 6a53a6fce3ddc854945cd1d9cfb3afb82999a69b8a3dca506b e149c8f2a3765e0b811670212910c9f8b5308fe9a4a6e96be1 e54c8612740e81f153585e92e8f7ffebdd278f516c16390d09 1cf05d07db71e2cdef89cf78b4609473d4aaf81879b3bdbc4d a925c43b11384630a91475de5f24d97bd6437b6b911b191400 00007d3f8d1ef105e9af98602c5808afc7ca5117141c

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
DLLName REG_SZ wlnotify.dll
Logon REG_SZ RegisterTicketExpiredNotificationEvent
Logoff REG_SZ UnregisterTicketExpiredNotificationEvent
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WRNotifier
Asynchronous REG_DWORD 0 (0x0)
DllName REG_SZ WRLogonNTF.dll
Impersonate REG_DWORD 1 (0x1)
Lock REG_SZ WRLock
StartScreenSaver REG_SZ WRStartScreenSaver
StartShell REG_SZ WRStartShell
Startup REG_SZ WRStartup
StopScreenSaver REG_SZ WRStopScreenSaver
Unlock REG_SZ WRUnlock
Shutdown REG_SZ WRShutdown
Logoff REG_SZ WRLogoff
Logon REG_SZ WRLogon

--------------------------------------------------------------------------
Shared Task Scheduler Registry Items:
--------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

--------------------------------------------------------------------------
Scheduled Tasks:
--------------------------------------------------------------------------

Volume in drive C has no label.
Volume Serial Number is 10D3-D6EE

Directory of C:\WINDOWS\tasks

05/16/2007 04:05 PM <DIR> .
05/16/2007 04:05 PM <DIR> ..
05/16/2007 02:39 PM 284 AppleSoftwareUpdate.job
08/10/2004 02:00 PM 65 desktop.ini
12/11/2005 06:08 PM 258 ISP signup reminder 2.job
12/11/2005 06:08 PM 258 ISP signup reminder 3.job
05/04/2007 08:23 PM 548 Norton AntiVirus - Scan my computer - Owner.job
05/17/2007 03:24 PM 6 SA.DAT
05/17/2007 04:10 PM 364 Symantec NetDetect.job
05/17/2007 11:38 AM 422 User_Feed_Synchronization-{0BECA80B-B388-4AE3-AF65-66E87AAB161E}.job
8 File(s) 2,205 bytes

Total Files Listed:
8 File(s) 2,205 bytes
2 Dir(s) 56,363,909,120 bytes free
A C:\WINDOWS\tasks\AppleSoftwareUpdate.job
HR C:\WINDOWS\tasks\desktop.ini
A C:\WINDOWS\tasks\ISP signup reminder 2.job
A C:\WINDOWS\tasks\ISP signup reminder 3.job
A C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job
A H C:\WINDOWS\tasks\SA.DAT
A C:\WINDOWS\tasks\Symantec NetDetect.job
A H C:\WINDOWS\tasks\User_Feed_Synchronization-{0BECA80B-B388-4AE3-AF65-66E87AAB161E}.job

----------------------------------------------------------------------------
ShellExecuteHooks Registry Keys
----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{076394AD-7FDD-44EF-A075-32C68DBAB99B} REG_SZ
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} REG_SZ AVG Anti-Spyware 7.5

----------------------------------------------------------------------------
ShellServiceObjectDelayLoad Registry Keys
----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload
PostBootReminder REG_SZ {7849596a-48ea-486e-8937-a2a3009f31a9}
CDBurn REG_SZ {fbeb8a05-beee-4442-804e-409d6c4515e9}
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}

----------------------------------------------------------------------------
ModuleUsage Registry Keys:
----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\C:/WINDOWS/Downloaded Program Files/asinst.dll
.Owner REG_SZ {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\C:/WINDOWS/Downloaded Program Files/asquared.ocx
.Owner REG_SZ {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\C:/WINDOWS/Downloaded Program Files/CacheManager.ocx
.Owner REG_SZ {DA80E089-4648-43D5-93B4-7F37917084E6}
{DA80E089-4648-43D5-93B4-7F37917084E6} REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\C:/WINDOWS/Downloaded Program Files/cpcScan.dll
.Owner REG_SZ {A90A5822-F108-45AD-8482-9BC8B12DD539}
{A90A5822-F108-45AD-8482-9BC8B12DD539} REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\C:/WINDOWS/Downloaded Program Files/FacebookPhotoUploader.ocx
.Owner REG_SZ {5F8469B4-B055-49DD-83F7-62B522420ECC}
{5F8469B4-B055-49DD-83F7-62B522420ECC} REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\C:/WINDOWS/Downloaded Program Files/hrtbeat.ocx
.Owner REG_SZ {E5D419D6-A846-4514-9FAD-97E826C84822}
{E5D419D6-A846-4514-9FAD-97E826C84822} REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx
.Owner REG_SZ {B8BE5E93-A60C-4D26-A2DC-220313175592}
{B8BE5E93-A60C-4D26-A2DC-220313175592} REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\C:/WINDOWS/Downloaded Program Files/zsetup.exe
.Owner REG_SZ {E5D419D6-A846-4514-9FAD-97E826C84822}
{E5D419D6-A846-4514-9FAD-97E826C84822} REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\C:/WINDOWS/system32/GWFSPidGen.DLL
.Owner REG_SZ Unknown Owner
{17492023-C23A-453E-A040-C7C580BBF700} REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\C:/WINDOWS/system32/LegitCheckControl.DLL
.Owner REG_SZ Unknown Owner
{17492023-C23A-453E-A040-C7C580BBF700} REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\C:/WINDOWS/system32/msinet.ocx
.Owner REG_SZ Unknown Owner
{DA80E089-4648-43D5-93B4-7F37917084E6} REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\C:/WINDOWS/system32/muweb.dll
.Owner REG_SZ {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} REG_SZ

----------------------------------------------------------------------------
BHO Registry Keys:
----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects
<NO NAME> REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
<NO NAME> REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
<NO NAME> REG_SZ Norton Internet Security

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\browser helper objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
<NO NAME> REG_SZ NAV Helper

--------------------------------------------------------------------------
Select Policy Keys:
--------------------------------------------------------------------------

Error: Key: software\microsoft\windows\currentversion\policies \run does not exist!

HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NoFolderOptions REG_DWORD 0 (0x0)
NoRun REG_DWORD 0 (0x0)

HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\run

HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\run

HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)

HKEY_CURRENT_USER\software\policies\microsoft\inte rnet explorer

HKEY_CURRENT_USER\software\policies\microsoft\inte rnet explorer\Control Panel

Error: Key: software\microsoft\windows\currentversion\policies \run does not exist!

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer
NoCDBurning REG_DWORD 0 (0x0)
NoFolderOptions REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\Run

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run

HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme

Error: Key: software\policies\microsoft\internet explorer\run does not exist!

Error: Key: .default\software\microsoft\windows\currentversion \policies\run does not exist!

HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
CDRAutoRun REG_DWORD 0 (0x0)

HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer\run

HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer\run

HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies

HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\Explorer

HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\System

Error: Key: .default\software\policies\microsoft\internet explorer does not exist!

Error: Key: s-1-5-18\software\microsoft\windows\currentversion\polic ies\run does not exist!

HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
CDRAutoRun REG_DWORD 0 (0x0)

HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer\run

HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer\run

HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\system

Error: Key: s-1-5-18\software\policies\microsoft\internet explorer does not exist!

Error: Key: s-1-5-19\software\microsoft\windows\currentversion\polic ies\run does not exist!

Error: Key: s-1-5-19\software\microsoft\windows\currentversion\polic ies\explorer\run does not exist!

Error: Key: s-1-5-19\software\microsoft\windows\currentversion\polic ies\system does not exist!

Error: Key: s-1-5-19\software\policies\microsoft\internet explorer does not exist!

Error: Key: s-1-5-19\software\microsoft\windows\currentversion\polic ies\run does not exist!

Error: Key: s-1-5-19\software\microsoft\windows\currentversion\polic ies\explorer\run does not exist!

Error: Key: s-1-5-19\software\microsoft\windows\currentversion\polic ies\system does not exist!

Error: Key: s-1-5-19\software\policies\microsoft\internet explorer does not exist!

************************************************** **********************************

Checking File System for suspicious Files

--------------------------------------------------------------------------
Items in the Root Directory:
--------------------------------------------------------------------------

Locating all files created in C:\

"C:\"
AD-AWA~1 Dec 13 2005 "Ad-Aware SE Personal"
ADOBEP~1 Dec 12 2005 "Adobe Photoshop CS2"
AGENTN~1 May 14 2006 "Agent Newsreader"
ANTIVI~1 Jan 19 2006 "AntiVirPersonal"
aolcon~1.exe Dec 11 2005 10920 "aolconnfix.exe"
aolcon~1.txt Dec 11 2005 1039 "aolconnfix.txt"
AUDACITY Mar 3 2007 "Audacity"
audio.log Aug 6 2005 193 "audio.log"
AUSLOG~1 May 16 2007 "AusLogics Disk Defrag"
autoexec.bat Dec 13 2005 95 "AUTOEXEC.BAT"
AVGANT~1.5 May 9 2007 "AVG Anti-Spyware 7.5"
AZUREUS May 16 2006 "Azureus"
BINARY~1 May 14 2006 "Binary Boy"
BOGGLE Dec 15 2005 "Boggle"
boot.ini May 15 2007 209 "boot.ini"
BUNDLE Apr 13 2005 "Bundle"
CABS Jan 18 2006 "cabs"
CCLEANER Dec 2 2006 "CCleaner"
CMPNENTS Apr 13 2005 "CMPNENTS"
COLLEC~1 Jul 15 2006 "Collectorz"
combofix.txt May 15 2007 16111 "ComboFix.txt"
combof~1.txt May 15 2007 5408 "ComboFix-quarantined-files.txt"
combof~2.txt May 14 2007 17609 "ComboFix2.txt"
combof~3.txt May 15 2007 5408 "ComboFix-quarantined-files515.txt"
config.sys Apr 13 2005 0 "CONFIG.SYS"
COUNTE~1 Jan 20 2006 "CounterSpy"
CREATIVE Dec 12 2005 "Creative"
DARTKA~1 Jul 26 2006 "DART Karaoke Studio CDG"
debug.log Oct 8 2006 42507 "debug.log"
DIAMOND May 7 2007 "Diamond"
DIGITA~1 Dec 11 2005 "Digital Pictures"
DISCJU~1 Feb 7 2006 "DiscJuggler"
DOCUME~1 Apr 13 2005 "Documents and Settings"
DOCUME~2 Dec 12 2005 "Documents"
DRAMAT~1 Apr 30 2006 "Dramatica Pro"
DRIVERS Apr 2 2007 "Drivers"
DVDLAB~1 Feb 7 2006 "DVDlabPro"
DVDSANTA Oct 8 2006 "dvdSanta"
DVDSHR~1 Apr 28 2006 "DVDShrink"
EASYDV~1 Feb 2 2006 "EasyDVDConverter"
err_log.txt Mar 24 2007 52 "err_log.txt"
FINALD~1 May 6 2006 "Final Draft 7"
GADWIN~1 Apr 28 2007 "Gadwin Systems"
GOOGLE~1 Apr 28 2006 "Google SketchUp"
graph.txt Dec 5 2006 1001 "graph.txt"
hiberfil.sys May 17 2007 2145964032 "hiberfil.sys"
HIJACK~1 May 11 2007 "HijackThis199"
hpfr5550.xml Jul 28 2006 564 "hpfr5550.xml"
hph7150.log Jul 28 2006 63890 "hph7150.log"
io.sys Apr 13 2005 0 "IO.SYS"
iph.ph Dec 17 2006 877 "IPH.PH"
ISEEYO~1 May 17 2007 "ISeeYouXP"
JEOPAR~1 Apr 1 2006 "Jeopardy! 2nd Edition"
JEOPAR~2 May 17 2006 "Jeopardy! 2003"
LAST~1.FMP May 23 2006 "Last.fm Player"
LEXMARK Aug 24 2006 "lexmark"
LIMEWIRE Jan 18 2007 "LimeWire"
LINKSY~1 Feb 1 2007 "Linksys EasyLink Advisor"
lmab.log Mar 12 2007 195 "lmab.log"
log.dat Jul 27 2006 2 "log.dat"
MACROM~1 Dec 13 2005 "Macromedia"
MAGICD~1 Mar 20 2007 "MagicDVDRipper"
MAGICISO Feb 7 2006 "MagicISO"
MAGICW~1 Mar 15 2007 "Magic Workstation"
MAXIS Dec 13 2005 "Maxis"
MICROP~1 Dec 15 2005 "Microprose"
MICROS~1 Dec 12 2005 "Microsoft Office"
MIRC Dec 11 2005 "mIRC"
MOVIEM~1 Apr 30 2006 "Movie Magic Screenwriter"
MOVIES Dec 12 2005 "Movies"
MOZILL~1 May 16 2007 "Mozilla Firefox"
msdos.sys Apr 13 2005 0 "MSDOS.SYS"
MSOCACHE Dec 12 2005 "MSOCache"
MYMUSI~1 Aug 6 2005 "My Music"
MYDOWN~1 Feb 11 2006 "My Downloads"
MYSTER~1 Apr 30 2006 "Mystery Case Files Huntsville"
napster.log Aug 6 2005 160 "napster.log"
NERO7~1 Nov 12 2006 "Nero 7"
NESTER Aug 2 2006 "Nester"
ntdetect.com Aug 10 2004 47564 "NTDETECT.COM"
ntldr Aug 10 2004 250032 "ntldr"
ORGANI~1 Jul 27 2006 "Organizers"
OZUM May 21 2006 "Ozum"
pagefile.sys May 17 2007 2145894400 "pagefile.sys"
pcsimo~1.rar Oct 14 2006 202689801 "PC Simon The Sorcerer 2+XP Patch.rar"
PINNACLE Dec 13 2005 "Pinnacle"
POPCAP~2 Dec 13 2005 "PopCap Games"
POWERP~1 Apr 17 2006 "PowerPlugs"
PROGRA~1 Aug 6 2005 "Program Files"
RADVIDEO Mar 24 2007 "RADVideo"
rapport.txt May 9 2007 2409 "rapport.txt"
RECYCLER Aug 6 2005 "RECYCLER"
REFLEX~1 May 6 2006 "Reflexive Arcade"
REGCLE~1 May 16 2007 "RegCleaner"
REGORG~1 Mar 12 2007 "Reg Organizer"
ROXIO Feb 7 2006 "Roxio"
SCRABBLE Dec 15 2005 "Scrabble"
SETIAT~1 May 16 2006 "SETI At Home"
SIDMEI~1 Dec 12 2005 "Sid Meier's Civilization 4"
smitfi~1.txt Jan 19 2006 1441 "smitfiles.txt"
SNES9X Aug 3 2006 "SNES9x"
SNOOD Dec 15 2005 "Snood"
SPSSST~1 Dec 12 2005 "SPSS Student"
SPYBOT~1 Dec 13 2005 "Spybot - Search & Destroy"
SPYWAR~1 May 16 2007 "SpywareBlaster"
sqmdat~1.sqm Feb 23 2007 268 "sqmdata00.sqm"
sqmdat~2.sqm Mar 18 2007 268 "sqmdata01.sqm"
sqmdat~3.sqm Apr 7 2007 268 "sqmdata02.sqm"
sqmnoo~1.sqm Feb 23 2007 244 "sqmnoopt00.sqm"
sqmnoo~2.sqm Mar 18 2007 244 "sqmnoopt01.sqm"
sqmnoo~3.sqm Apr 7 2007 244 "sqmnoopt02.sqm"
STARCR~1 Dec 14 2005 "Starcraft"
STICKIT Dec 15 2005 "Stickit"
SURETH~1 Apr 21 2006 "SureThing"
SYSTEM~1 Aug 6 2005 "System Volume Information"
TEMP Jan 23 2006 "temp"
TEMPDVD Nov 11 2006 "TempDVD"
TEMP_DVD Feb 10 2006 "temp_dvd"
THEFON~1 Mar 12 2007 "The Font Thing"
TIGERW~2 Jun 20 2006 "Tiger Woods PGA TOUR 06"
TRILLIAN Nov 25 2006 "Trillian"
TROJAN~1.6 May 11 2007 "TrojanHunter 4.6"
ULEADC~1 Dec 19 2005 "Ulead COOL 3D Studio"
ULTIMA~1 Apr 9 2006 "Ultima Online Mondain's Legacy"
USENEXT Mar 24 2007 "UseNeXT"
VIDEOLAN Feb 19 2006 "VideoLAN"
VPNCLI~1 Apr 22 2006 "VPN Client"
WALLPA~1 Dec 12 2005 "wallpaper"
WEBROOT Dec 13 2005 "Webroot"
WINAVI~1 Oct 8 2006 "WinAVIVideoConverter"
WINDOWS Apr 13 2005 "WINDOWS"
WINFAST Jan 18 2006 "WinFast"
WINFAS~1 Jan 18 2006 "WinFast WorkArea"
WINRAR Dec 13 2005 "WinRAR"
YAHOO! Sep 10 2006 "Yahoo!"
YDKJ Apr 1 2006 "YDKJ"

137 items found: 34 files (14 H/S), 103 directories (3 H/S).
Total of file sizes: 4,495,017,455 bytes 4.18 G

--------------------------------------------------------------------------
Locating all Backup files on C:
--------------------------------------------------------------------------

Locating all *.BAK* files

"C:\Magic Workstation\"
magicw~1.bak Aug 11 2005 3008000 "MagicWorkstation.exe.bak"

"C:\WINDOWS\"
imsins.bak May 14 2007 1374 "imsins.BAK"

"C:\LimeWire\Incomplete\"
downlo~1.bak Apr 2 2007 275 "downloads.bak"

"C:\Documents and Settings\All Users\DRM\"
drmv1.bak Feb 1 2006 4348 "DRMv1.bak"

"C:\Program Files\Common Files\Symantec Shared\"
persist.bak May 16 2007 11060 "Persist.BAK"

"C:\WINDOWS\Debug\UserMode\"
userenv.bak Apr 12 2007 308884 "userenv.bak"

"C:\WINDOWS\erdnt\subs\"
software.bak May 14 2007 35856384 "software.bak"
system.bak May 14 2007 6897664 "system.bak"

"C:\WINDOWS\system32\config\"
default.bak May 14 2007 524288 "default.bak"
sam.bak May 14 2007 28672 "SAM.bak"
security.bak May 14 2007 98304 "SECURITY.bak"
software.bak May 14 2007 35913728 "software.bak"
system.bak May 14 2007 7077888 "system.bak"

"C:\WINDOWS\system32\NtmsData\"
ntmsdata.bak Jan 30 2006 159744 "NTMSDATA.BAK"

"C:\Documents and Settings\Owner\Application Data\Azureus\"
azureu~1.bak May 16 2007 251 "azureus.statistics.bak"
azureu~2.bak May 16 2007 14420 "azureus.config.bak"
banips~1.bak Apr 29 2007 73 "banips.config.bak"
downlo~1.bak May 16 2007 690 "downloads.config.bak"
tracke~1.bak May 16 2007 14 "tracker.config.bak"

"C:\Documents and Settings\Owner\Application Data\LimeWire\"
fileurns.bak Mar 4 2007 3507 "fileurns.bak"

"C:\Documents and Settings\Owner\Application Data\UseNeXT\"
articl~1.bak Mar 24 2007 11 "articlestatus.dat.bak"
config~1.bak Mar 24 2007 271 "config.dat.bak"
downlo~1.bak Mar 24 2007 11 "downloadqueue.dat.bak"
subscr~1.bak Mar 24 2007 15 "subscribed.dat.bak"
wizard~1.bak Mar 24 2007 11 "wizard.dat.bak"

"C:\Program Files\Common Files\Symantec Shared\IDS\"
idssettg.bak May 16 2007 4372 "IDSSettg.BAK"

"C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\"
settings.bak May 17 2007 8699396 "settings.bak"

"C:\Documents and Settings\Owner\Application Data\Ahead\NeroVision\"
gchwcfg.bak Dec 16 2006 97 "GCHWCfg.bak"

"C:\Documents and Settings\Owner\Application Data\Azureus\active\"
961672~1.bak Mar 24 2007 18477 "9616727FD99803656867B7E09B2B0CB0AAA3840A.dat. bak"

"C:\Documents and Settings\Owner\My Documents\My Music\License Backup\"
drmv1key.bak Feb 1 2006 4348 "drmv1key.bak"
drmv1lic.bak Apr 29 2007 20 "drmv1lic.bak"
drmv2key.bak Feb 12 2006 488 "drmv2key.bak"
drmv2lic.bak Apr 29 2007 36864 "drmv2lic.bak"

"C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\Recording\"
record~1.bak May 17 2007 520 "Recordings.xml.bak"

"C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\"
opa11.bak Oct 17 2002 8200 "OPA11.BAK"

"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9wzhox2s.default\"
bookma~1.bak May 17 2007 93672 "bookmarks.bak"

36 items found: 36 files (4 H/S), 0 directories.
Total of file sizes: 98,776,341 bytes 94.20 M

Thread: Help - trying to remove BraveSentry etc

Thread Tools

Display

Threaded View

Thread Information

Users Browsing this Thread

Posting Permissions