Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 20 of 25 Posts

·
Registered
Joined
·
219 Posts
Discussion Starter · #1 ·
Could someone take a look at my Highjack This report and tell me what I need to do to get all the crap of my system.

Logfile of HijackThis v1.99.1
Scan saved at 15:05:53, on 01/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\runservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Dougie_2\Local Settings\Application Data\3a5c6b29.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\psc_mon.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6EB2C10B-C07F-EEAD-2395-07973B88015D} - C:\WINDOWS\System32\brlaemg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [3a5c6b29.exe] C:\WINDOWS\System32\3a5c6b29.exe
O4 - HKLM\..\Run: [philkxn.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\philkxn.dll,tnvjzof
O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\System32\psc_mon.exe
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [3a5c6b29.exe] C:\Documents and Settings\Dougie_2\Local Settings\Application Data\3a5c6b29.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: GetMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\GetMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://c.ancestry.com/cab/aft/AncestryFamilyTree.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110069436593
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetupml.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://intranet.bedfordschool.org.uk/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 212.139.132.4 212.139.132.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 212.139.132.4 212.139.132.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

·
Retired Moderator
Joined
·
72,109 Posts

·
Registered
Joined
·
219 Posts
Discussion Starter · #3 ·
Combofix Log:

"Dougie_2" - 07-02-01 23:37:30 Service Pack 1
ComboFix 07.01.31 - Running from: "C:\Documents and Settings\Dougie_2\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-01 to 2007-02-01 ))))))))))))))))))))))))))))))))))

2007-02-01 15:30 71,680 --a------ C:\WINDOWS\SYSTEM32\bsnchml.dll
2007-02-01 15:30 59,392 --a------ C:\WINDOWS\SYSTEM32\jwszizi.dll
2007-02-01 15:30 13,824 --a------ C:\DOCUME~1\Dougie_2\loaded.exe
2007-02-01 08:14 70,656 --a------ C:\WINDOWS\SYSTEM32\brlaemg.dll
2007-02-01 08:14 59,392 --a------ C:\WINDOWS\SYSTEM32\philkxn.dll
2007-02-01 08:14 221,184 --a------ C:\WINDOWS\SYSTEM32\psc_mon.exe
2007-01-31 13:00 95,744 --a------ C:\WINDOWS\SYSTEM32\blooetj.dll
2007-01-30 08:37 95,744 --a------ C:\WINDOWS\SYSTEM32\fbyghbg.dll
2007-01-29 23:52 96,256 --a------ C:\WINDOWS\SYSTEM32\rbspgil.dll
2007-01-29 16:39 96,256 --a------ C:\WINDOWS\SYSTEM32\jtsoomf.dll
2007-01-29 09:07 96,256 --a------ C:\WINDOWS\SYSTEM32\vsrjpkh.dll
2007-01-28 23:33 95,744 --a------ C:\WINDOWS\SYSTEM32\dykwlnf.dll
2007-01-28 20:16 96,256 --a------ C:\WINDOWS\SYSTEM32\zuwsmwi.dll
2007-01-28 13:57 95,744 --a------ C:\WINDOWS\SYSTEM32\rxdyigm.dll
2007-01-28 09:09 96,256 --a------ C:\WINDOWS\SYSTEM32\uplvigi.dll
2007-01-27 14:02 96,256 --a------ C:\WINDOWS\SYSTEM32\jmhwawm.dll
2007-01-27 10:51 96,256 --a------ C:\WINDOWS\SYSTEM32\hscxrzi.dll
2007-01-26 23:14 95,744 --a------ C:\WINDOWS\SYSTEM32\pzxsagk.dll
2007-01-26 13:01 96,768 --a------ C:\WINDOWS\SYSTEM32\iggdqxk.dll
2007-01-26 09:31 95,744 --a------ C:\WINDOWS\SYSTEM32\mwrqive.dll
2007-01-25 13:03 95,232 --a------ C:\WINDOWS\SYSTEM32\ylarqae.dll
2007-01-25 08:42 95,744 --a------ C:\WINDOWS\SYSTEM32\ogqpmml.dll
2007-01-24 08:14 96,256 --a------ C:\WINDOWS\SYSTEM32\hizuglb.dll
2007-01-23 19:38 95,232 --a------ C:\WINDOWS\SYSTEM32\lcufcem.dll
2007-01-23 16:01 95,744 --a------ C:\WINDOWS\SYSTEM32\ibnlqcb.dll
2007-01-23 12:23 95,232 --a------ C:\WINDOWS\SYSTEM32\rbfbvfe.dll
2007-01-09 23:57 112,640 --a------ C:\WINDOWS\lsb_un20.exe
2007-01-09 23:55 d-------- C:\Program Files\Gallan
2007-01-07 02:06 d-------- C:\Program Files\Audacity
2007-01-03 19:08 93,696 --a------ C:\WINDOWS\SYSTEM32\wdokbye.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-02-01 15:41 7673 --ahs---- C:\WINDOWS\SYSTEM32\mmf.sys
2007-02-01 15:05 -------- d-------- C:\Program Files\hijackthis
2007-02-01 08:26 -------- d-------- C:\DOCUME~1\Dougie_2\Application Data\adobeum
2007-01-03 10:10 93696 --a------ C:\WINDOWS\SYSTEM32\hrcopul.dll
2006-12-26 00:22 -------- d-------- C:\DOCUME~1\Dougie_2\Application Data\sports interactive
2006-12-26 00:13 -------- d-------- C:\Program Files\sports interactive
2006-12-26 00:08 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-24 21:45 -------- d-------- C:\DOCUME~1\Dougie_2\Application Data\wings3d
2006-12-24 21:33 -------- d-------- C:\Program Files\wings3d_0.98.32a
2006-12-23 15:46 -------- d-------- C:\Program Files\Common Files\daz
2006-12-23 02:47 -------- d-------- C:\Program Files\daz
2006-12-21 14:44 -------- d-------- C:\Program Files\ds9
2006-12-21 00:43 94208 --a------ C:\WINDOWS\SYSTEM32\gqljkoj.dll
2006-12-21 00:22 -------- d-------- C:\Program Files\gds
2006-12-20 19:53 -------- d-------- C:\Program Files\quicktime
2006-12-20 19:39 -------- d-------- C:\Program Files\itunes
2006-12-20 19:38 -------- d-------- C:\Program Files\google
2006-12-20 19:29 -------- d-------- C:\Program Files\finepixviewer
2006-12-20 17:59 93696 --a------ C:\WINDOWS\SYSTEM32\zkmqfsi.dll
2006-12-20 14:52 -------- d-------- C:\Program Files\grisoft
2006-12-20 13:35 -------- d--h----- C:\Program Files\installshield installation information
2006-12-20 13:17 93696 --a------ C:\WINDOWS\SYSTEM32\ansfsrg.dll
2006-12-14 21:21 -------- d-------- C:\Program Files\educational simulations
2006-12-11 18:40 91648 --a------ C:\WINDOWS\SYSTEM32\vyxeevm.dll
2006-12-07 19:07 -------- d-------- C:\Program Files\ultimate defender
2006-12-05 15:07 32256 --a------ C:\WINDOWS\SYSTEM32\dzbryce6.dll
2006-12-05 15:00 6144000 --a------ C:\WINDOWS\SYSTEM32\dzcore.dll
2006-12-05 15:00 180224 --a------ C:\WINDOWS\SYSTEM32\dzwrapper.dll
2006-11-20 16:25 4984832 --a------ C:\WINDOWS\SYSTEM32\daz-qt-mt.dll
2006-11-20 16:25 1343488 --a------ C:\WINDOWS\SYSTEM32\daz-qsa.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sonic RecordNow!"=""
"atiupdate"=""
"NOMAD Detector"="\"C:\\Program Files\\Creative\\PlayCenter2\\CTNMRUN.EXE\""
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"3a5c6b29.exe"="C:\\Documents and Settings\\Dougie_2\\Local Settings\\Application Data\\3a5c6b29.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"3a5c6b29.exe"="C:\\WINDOWS\\System32\\3a5c6b29.exe"
"philkxn.dll"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\philkxn.dll,tnvjzof"
"Personal Security Center Monitor"="C:\\WINDOWS\\System32\\psc_mon.exe"
"jwszizi.dll"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\jwszizi.dll,uxdnhxb"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"_NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"ktohkhblk.exe"="C:\\WINDOWS\\system\\ktohkhblk.exe"
"rnrfv.exe"="C:\\WINDOWS\\system\\rnrfv.exe"
"msgcaplv.exe"="C:\\WINDOWS\\system\\msgcaplv.exe"
"wsmhtr.exe"="C:\\WINDOWS\\system\\wsmhtr.exe"
"rjrei.exe"="C:\\WINDOWS\\system\\rjrei.exe"
"gcilch.exe"="C:\\WINDOWS\\system\\gcilch.exe"
"wxgwd.exe"="C:\\WINDOWS\\system\\wxgwd.exe"
"krjgtman.exe"="C:\\WINDOWS\\system\\krjgtman.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a05761fd-a683-11d8-96ce-806d6172696f}]
Shell\AutoRun\command D:\autorun.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP signup reminder 1.job

Completion time: 07-02-01 23:47:51
 

·
Retired Moderator
Joined
·
72,109 Posts
Run HJT again and put a check in the following:

O2 - BHO: (no name) - {6EB2C10B-C07F-EEAD-2395-07973B88015D} - C:\WINDOWS\System32\brlaemg.dll
O4 - HKLM\..\Run: [philkxn.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\philkxn.dll,tnvjzof
O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\System32\psc_mon.exe
O4 - HKCU\..\Run: [3a5c6b29.exe] C:\Documents and Settings\Dougie_2\Local Settings\Application Data\3a5c6b29.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: GetMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\GetMP3 (file missing)

Close all applications and browser windows before you click "fix checked".

Open notepad. Copy and paste the quote box below in to the notepad.
REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
Save as select all files name it fix.reg and place it on your desktop.

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Copy the entire contents of the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\DOCUME~1\Dougie_2\loaded.exe
C:\Documents and Settings\Dougie_2\Local Settings\Application Data\3a5c6b29.exe
C:\WINDOWS\lsb_un20.exe
C:\WINDOWS\system\gcilch.exe
C:\WINDOWS\system\krjgtman.exe
C:\WINDOWS\system\ktohkhblk.exe
C:\WINDOWS\system\msgcaplv.exe
C:\WINDOWS\system\rjrei.exe
C:\WINDOWS\system\rnrfv.exe
C:\WINDOWS\system\wsmhtr.exe
C:\WINDOWS\system\wxgwd.exe
C:\WINDOWS\System32\3a5c6b29.exe
C:\WINDOWS\SYSTEM32\ansfsrg.dll
C:\WINDOWS\SYSTEM32\blooetj.dll
C:\WINDOWS\SYSTEM32\brlaemg.dll
C:\WINDOWS\SYSTEM32\bsnchml.dll
C:\WINDOWS\SYSTEM32\dykwlnf.dll
C:\WINDOWS\SYSTEM32\fbyghbg.dll
C:\WINDOWS\SYSTEM32\gqljkoj.dll
C:\WINDOWS\SYSTEM32\hizuglb.dll
C:\WINDOWS\SYSTEM32\hrcopul.dll
C:\WINDOWS\SYSTEM32\hscxrzi.dll
C:\WINDOWS\SYSTEM32\ibnlqcb.dll
C:\WINDOWS\SYSTEM32\iggdqxk.dll
C:\WINDOWS\SYSTEM32\jmhwawm.dll
C:\WINDOWS\SYSTEM32\jtsoomf.dll
C:\WINDOWS\SYSTEM32\jwszizi.dll
C:\WINDOWS\SYSTEM32\lcufcem.dll
C:\WINDOWS\SYSTEM32\mwrqive.dll
C:\WINDOWS\SYSTEM32\ogqpmml.dll
C:\WINDOWS\System32\philkxn.dll
C:\WINDOWS\SYSTEM32\psc_mon.exe
C:\WINDOWS\SYSTEM32\pzxsagk.dll
C:\WINDOWS\SYSTEM32\rbfbvfe.dll
C:\WINDOWS\SYSTEM32\rbspgil.dll
C:\WINDOWS\SYSTEM32\rxdyigm.dll
C:\WINDOWS\SYSTEM32\uplvigi.dll
C:\WINDOWS\SYSTEM32\vsrjpkh.dll
C:\WINDOWS\SYSTEM32\vyxeevm.dll
C:\WINDOWS\SYSTEM32\wdokbye.dll
C:\WINDOWS\SYSTEM32\ylarqae.dll
C:\WINDOWS\SYSTEM32\zkmqfsi.dll
C:\WINDOWS\SYSTEM32\zuwsmwi.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh hijackthis log.
 

·
Registered
Joined
·
219 Posts
Discussion Starter · #5 ·
Open notepad. Copy and paste the quote box below in to the notepad.

Quote:
REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er\run]

Save as select all files name it fix.reg and place it on your desktop.

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes.
I can't open notepad for some reason, I press the button but nothing happens. Any idea why this could be?
 

·
Registered
Joined
·
219 Posts
Discussion Starter · #7 ·
Avenger Log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ovyauijk

*******************

Script file located at: \??\C:\Documents and Settings\jvvfnhgp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\DOCUME~1\Dougie_2\loaded.exe deleted successfully.
File C:\Documents and Settings\Dougie_2\Local Settings\Application Data\3a5c6b29.exe deleted successfully.
File C:\WINDOWS\lsb_un20.exe deleted successfully.


File C:\WINDOWS\system\gcilch.exe not found!
Deletion of file C:\WINDOWS\system\gcilch.exe failed!

Could not process line:
C:\WINDOWS\system\gcilch.exe
Status: 0xc0000034



File C:\WINDOWS\system\krjgtman.exe not found!
Deletion of file C:\WINDOWS\system\krjgtman.exe failed!

Could not process line:
C:\WINDOWS\system\krjgtman.exe
Status: 0xc0000034



File C:\WINDOWS\system\ktohkhblk.exe not found!
Deletion of file C:\WINDOWS\system\ktohkhblk.exe failed!

Could not process line:
C:\WINDOWS\system\ktohkhblk.exe
Status: 0xc0000034



File C:\WINDOWS\system\msgcaplv.exe not found!
Deletion of file C:\WINDOWS\system\msgcaplv.exe failed!

Could not process line:
C:\WINDOWS\system\msgcaplv.exe
Status: 0xc0000034



File C:\WINDOWS\system\rjrei.exe not found!
Deletion of file C:\WINDOWS\system\rjrei.exe failed!

Could not process line:
C:\WINDOWS\system\rjrei.exe
Status: 0xc0000034



File C:\WINDOWS\system\rnrfv.exe not found!
Deletion of file C:\WINDOWS\system\rnrfv.exe failed!

Could not process line:
C:\WINDOWS\system\rnrfv.exe
Status: 0xc0000034



File C:\WINDOWS\system\wsmhtr.exe not found!
Deletion of file C:\WINDOWS\system\wsmhtr.exe failed!

Could not process line:
C:\WINDOWS\system\wsmhtr.exe
Status: 0xc0000034



File C:\WINDOWS\system\wxgwd.exe not found!
Deletion of file C:\WINDOWS\system\wxgwd.exe failed!

Could not process line:
C:\WINDOWS\system\wxgwd.exe
Status: 0xc0000034

File C:\WINDOWS\System32\3a5c6b29.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\ansfsrg.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\blooetj.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\brlaemg.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\bsnchml.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\dykwlnf.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\fbyghbg.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\gqljkoj.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\hizuglb.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\hrcopul.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\hscxrzi.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\ibnlqcb.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\iggdqxk.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\jmhwawm.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\jtsoomf.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\jwszizi.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\lcufcem.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\mwrqive.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\ogqpmml.dll deleted successfully.
File C:\WINDOWS\System32\philkxn.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\psc_mon.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\pzxsagk.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\rbfbvfe.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\rbspgil.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\rxdyigm.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\uplvigi.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\vsrjpkh.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\vyxeevm.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\wdokbye.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\ylarqae.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\zkmqfsi.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\zuwsmwi.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
 

·
Registered
Joined
·
219 Posts
Discussion Starter · #8 ·
HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 14:41:05, on 03/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\runservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4218C234-8B55-7B5C-0DC4-02C4E551896C} - C:\WINDOWS\System32\lfzglqc.dll
O2 - BHO: (no name) - {51771211-D409-F4D9-CF59-00504F895E21} - C:\WINDOWS\System32\bsnchml.dll (file missing)
O2 - BHO: (no name) - {5313DACB-4196-E725-3542-0B2D5DFF4498} - C:\WINDOWS\System32\blamntj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [3a5c6b29.exe] C:\WINDOWS\System32\3a5c6b29.exe
O4 - HKLM\..\Run: [jwszizi.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\jwszizi.dll,uxdnhxb
O4 - HKLM\..\Run: [hcbzwfd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\hcbzwfd.dll,lqwjbwc
O4 - HKLM\..\Run: [fqznfrb.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\fqznfrb.dll,jdcdgob
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {B93AC13A-2E2F-428c-A426-2C131FAD7305} - (no file) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://c.ancestry.com/cab/aft/AncestryFamilyTree.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110069436593
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetupml.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://intranet.bedfordschool.org.uk/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 212.139.132.21 212.139.132.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 212.139.132.21 212.139.132.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

·
Retired Moderator
Joined
·
72,109 Posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:
1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
 

·
Registered
Joined
·
219 Posts
Discussion Starter · #11 ·
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

A V G A n t i - S p y w a r e - S c a n R e p o r t

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

+ C r e a t e d a t : 1 7 : 1 6 : 3 8 0 5 / 0 2 / 2 0 0 7

+ S c a n r e s u l t :

H K U \ S - 1 - 5 - 2 1 - 1 9 6 7 2 9 8 9 0 8 - 2 8 5 1 8 1 1 6 0 9 - 1 9 8 1 6 1 7 4 9 6 - 1 0 0 9 \ S o f t w a r e \ C l a s s e s \ C L S I D \ { 0 0 C E A F 8 F - B F 5 9 - 4 2 9 b - A 1 D 9 - 9 1 C 8 8 C C F E 9 4 B } - > A d w a r e . A B X T o o l b a r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

H K U \ S - 1 - 5 - 2 1 - 1 9 6 7 2 9 8 9 0 8 - 2 8 5 1 8 1 1 6 0 9 - 1 9 8 1 6 1 7 4 9 6 - 1 0 0 9 _ C l a s s e s \ C L S I D \ { 0 0 C E A F 8 F - B F 5 9 - 4 2 9 b - A 1 D 9 - 9 1 C 8 8 C C F E 9 4 B } - > A d w a r e . A B X T o o l b a r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 2 9 \ A 0 0 1 4 7 4 4 . e x e - > A d w a r e . U l t i m a t e D e f e n d e r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ a v e n g e r \ b a c k u p . z i p / a v e n g e r / p s c _ m o n . e x e - > A d w a r e . U l t i m a t e D e f e n d e r : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ a v e n g e r \ b a c k u p - 0 3 . 0 2 . 2 0 0 7 - 1 4 . 3 8 . 3 0 . 1 5 . z i p / a v e n g e r / a n s f s r g . d l l - > D o w n l o a d e r . B u s k y : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ a v e n g e r \ b a c k u p - 0 3 . 0 2 . 2 0 0 7 - 1 4 . 3 8 . 3 0 . 1 5 . z i p / a v e n g e r / h n u j v p c . d l l - > D o w n l o a d e r . B u s k y : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 6 \ A 0 0 1 0 5 2 2 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 6 \ A 0 0 1 0 5 4 1 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 7 \ A 0 0 1 0 5 6 1 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 7 \ A 0 0 1 0 5 8 1 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 7 \ A 0 0 1 0 6 1 6 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 8 \ A 0 0 1 0 6 4 0 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 9 \ A 0 0 1 0 6 5 7 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 0 9 \ A 0 0 1 0 6 8 2 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 0 \ A 0 0 1 0 7 0 9 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 0 \ A 0 0 1 0 7 2 2 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 1 \ A 0 0 1 0 7 4 5 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 2 \ A 0 0 1 1 7 5 2 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 2 \ A 0 0 1 1 7 7 4 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 3 \ A 0 0 1 1 7 9 7 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 3 \ A 0 0 1 1 8 1 1 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 4 \ A 0 0 1 1 8 4 9 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 4 \ A 0 0 1 1 8 7 4 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 4 \ A 0 0 1 1 9 0 0 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 5 \ A 0 0 1 1 9 1 5 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 5 \ A 0 0 1 2 9 1 5 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 5 \ A 0 0 1 2 9 2 6 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 6 \ A 0 0 1 2 9 8 7 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 6 \ A 0 0 1 3 0 5 7 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 7 \ A 0 0 1 3 1 3 6 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 1 7 \ A 0 0 1 3 1 4 7 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 2 9 \ A 0 0 1 4 7 3 0 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { 9 8 7 E 0 3 3 1 - 0 F 0 1 - 4 2 7 C - A 5 8 A - 7 A 2 E 4 A A B F 8 4 D } \ R P 1 2 9 \ A 0 0 1 4 7 5 2 . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ a v e n g e r \ b a c k u p . z i p / a v e n g e r / h r c o p u l . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ a v e n g e r \ b a c k u p . z i p / a v e n g e r / w d o k b y e . d l l - > D o w n l o a d e r . B u s k y . a z : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ m s n p o r t a l . 1 1 2 . 2 o 7 [ 1 ] . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ a d r e v o l v e r [ 2 ] . t x t - > T r a c k i n g C o o k i e . A d r e v o l v e r : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ a d t e c h [ 2 ] . t x t - > T r a c k i n g C o o k i e . A d t e c h : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ a d v e r t i s i n g [ 1 ] . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ a d v i v a [ 2 ] . t x t - > T r a c k i n g C o o k i e . A d v i v a : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ a t d m t [ 2 ] . t x t - > T r a c k i n g C o o k i e . A t d m t : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ b l u e s t r e a k [ 2 ] . t x t - > T r a c k i n g C o o k i e . B l u e s t r e a k : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ d o u b l e c l i c k [ 1 ] . t x t - > T r a c k i n g C o o k i e . D o u b l e c l i c k : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ a d o p t . e u r o c l i c k [ 2 ] . t x t - > T r a c k i n g C o o k i e . E u r o c l i c k : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ m e d i a p l e x [ 1 ] . t x t - > T r a c k i n g C o o k i e . M e d i a p l e x : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ b s . s e r v i n g - s y s [ 1 ] . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ s e r v i n g - s y s [ 2 ] . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d .

C : \ D o c u m e n t s a n d S e t t i n g s \ D o u g i e _ 2 \ C o o k i e s \ d o u g i e _ 2 @ a d . y i e l d m a n a g e r [ 1 ] . t x t - > T r a c k i n g C o o k i e . Y i e l d m a n a g e r : C l e a n e d .

C : \ W I N D O W S \ S Y S T E M 3 2 \ o u t . d l l - > T r o j a n . A g e n t . a d l : C l e a n e d w i t h b a c k u p ( q u a r a n t i n e d ) .

: : R e p o r t e n d
 

·
Registered
Joined
·
219 Posts
Discussion Starter · #13 ·
Logfile of HijackThis v1.99.1
Scan saved at 01:57:13, on 06/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\runservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4218C234-8B55-7B5C-0DC4-02C4E551896C} - C:\WINDOWS\System32\lfzglqc.dll
O2 - BHO: (no name) - {51771211-D409-F4D9-CF59-00504F895E21} - C:\WINDOWS\System32\bsnchml.dll (file missing)
O2 - BHO: (no name) - {5313DACB-4196-E725-3542-0B2D5DFF4498} - C:\WINDOWS\System32\blamntj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [3a5c6b29.exe] C:\WINDOWS\System32\3a5c6b29.exe
O4 - HKLM\..\Run: [jwszizi.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\jwszizi.dll,uxdnhxb
O4 - HKLM\..\Run: [hcbzwfd.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\hcbzwfd.dll,lqwjbwc
O4 - HKLM\..\Run: [fqznfrb.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\fqznfrb.dll,jdcdgob
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://c.ancestry.com/cab/aft/AncestryFamilyTree.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110069436593
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetupml.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://intranet.bedfordschool.org.uk/tsweb/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 212.139.132.21 212.139.132.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 212.139.132.21 212.139.132.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

·
Retired Moderator
Joined
·
72,109 Posts
Run HJT again and put a check in the following:

O2 - BHO: (no name) - {4218C234-8B55-7B5C-0DC4-02C4E551896C} - C:\WINDOWS\System32\lfzglqc.dll
O2 - BHO: (no name) - {51771211-D409-F4D9-CF59-00504F895E21} - C:\WINDOWS\System32\bsnchml.dll (file missing)
O2 - BHO: (no name) - {5313DACB-4196-E725-3542-0B2D5DFF4498} - C:\WINDOWS\System32\blamntj.dll
O4 - HKLM\..\Run: [3a5c6b29.exe] C:\WINDOWS\System32\3a5c6b29.exe
O4 - HKLM\..\Run: [jwszizi.dll] C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\jwszizi.dll,uxdnhxb
O4 - HKLM\..\Run: [hcbzwfd.dll] C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\hcbzwfd.dll,lqwjbwc
O4 - HKLM\..\Run: [fqznfrb.dll] C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\fqznfrb.dll,jdcdgob

Close all applications and browser windows before you click "fix checked".

Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.
Copy the following list of files to clipboard, CTRL+C to copy

C:\WINDOWS\System32\jwszizi.dll
C:\WINDOWS\System32\3a5c6b29.exe
C:\WINDOWS\System32\lfzglqc.dll


Now in Killbox go to File, Paste from clipboard.
Click the All Files button.
Click on the button that has the red circle with the X in the middle.
It will ask for confimation to delete the file.
Click Yes.
It will ask if you want to reboot now,
Click Yes.

Note: It is possible that Killbox will tell you that the file does not exist.

If your computer does not restart automatically then please restart it manually.
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Click Here and download Killbox and save it to your desktop.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Run Panda ActiveScan here

Once you are on the Panda site click the "Scan your PC" button.
A new window will open... click the "Check Now" button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address.
Select either Home User or Company.
Click the big "Scan Now" button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
When download is complete, click on "Local Disks" to start the scan.
When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply.

Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Don't do anything with it yet!

Reboot to safe mode.

Double click WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.

Reboot to normal mode.

  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Copy and paste WinPFind.txt in your next post here please.
se the Add Reply button and Copy/Paste the information back here in your next reply.
 

·
Registered
Joined
·
219 Posts
Discussion Starter · #15 ·
Vundo Report:

VundoFix V6.3.5

Checking Java version...

Java version is 1.4.2.3

Java version is 1.5.0.9

Scan started at 00:28:12 07/02/2007

Listing files found while scanning....

No infected files were found.
PS: I find it highly unlikely that this is true.
 

·
Registered
Joined
·
219 Posts
Discussion Starter · #17 ·
Panda scan report:

Incident Status Location

Adware:Adware/SystemDoctor Not disinfected C:\!KillBox\3a5c6b29.exe
Adware:Adware/UltimateCleaner Not disinfected C:\!KillBox\Ultimate Cleaner\IeSafe.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected]2o7[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][2].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dougie_2\Cookies\do[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dougie_2\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\HijackThis\backups\backup-20061009-211322-821.inf
Adware:adware/ncase Not disinfected C:\temp\salm.log
Adware:adware/bookedspace Not disinfected C:\WINDOWS\cfgmgr52.ini
Dialer:dialer.bny Not disinfected C:\WINDOWS\pcconfig.dat
Spyware:spyware/media-motor Not disinfected C:\WINDOWS\ubber60.ini
I'll try and get round to PFind tomorrow.
 

·
Retired Moderator
Joined
·
72,109 Posts
Click Here and download Killbox and save it to your desktop.

Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.
Copy the following list of files to clipboard, CTRL+C to copy

C:\temp\salm.log
C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\pcconfig.dat
C:\WINDOWS\ubber60.ini


Now in Killbox go to File, Paste from clipboard.
Click the All Files button.
Click on the button that has the red circle with the X in the middle.
It will ask for confimation to delete the file.
Click Yes.
It will ask if you want to reboot now,
Click Yes.

Note: It is possible that Killbox will tell you that the file does not exist.

If your computer does not restart automatically then please restart it manually.
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.
 

·
Registered
Joined
·
219 Posts
Discussion Starter · #19 ·
Pfind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 08/02/2007 01:09:36
WinPFind v1.5.0 Folder = C:\Documents and Settings\Dougie_2\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 27/08/2006 17:21:46 108032 C:\WINDOWS\iccupdater.exe ()

Checking %System% folder...
UPX! 07/10/2005 17:14:52 308224 C:\WINDOWS\SYSTEM32\avisynth.dll (The Public)
aspack 26/05/2005 14:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
PEC2 29/08/2002 04:00:00 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC ()
PTech 12/12/2006 10:45:04 1474864 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation)
PECompact2 02/01/2007 15:19:46 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 02/01/2007 15:19:46 10980776 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 04/08/2004 07:56:54 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 04/08/2004 07:56:36 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 04/08/2004 07:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 04/08/2004 07:56:44 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 29/08/2002 04:00:00 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU ()

Checking %System%\Drivers folder and sub-folders...
PTech 04/08/2004 05:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
08/02/2007 01:08:16 S 2048 C:\WINDOWS\BOOTSTAT.DAT ()
07/02/2007 22:57:38 H 54156 C:\WINDOWS\QTFont.qfn ()
06/02/2007 19:43:20 RHS 305145 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_16.cab ()
06/02/2007 19:46:32 RHS 68327 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_17.cab ()
08/02/2007 01:06:06 HS 7673 C:\WINDOWS\SYSTEM32\mmf.sys ()
08/02/2007 01:08:04 H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG ()
08/02/2007 01:08:36 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG ()
08/02/2007 01:08:18 H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG ()
08/02/2007 01:08:48 H 73728 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG ()
08/02/2007 01:08:28 H 1118208 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG ()
06/02/2007 22:45:26 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG ()
06/02/2007 23:45:42 S 341 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 ()
06/02/2007 23:45:42 S 413 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 ()
06/02/2007 23:45:42 S 574 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 ()
06/02/2007 23:45:42 S 126 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 ()
06/02/2007 23:45:42 S 98 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 ()
06/02/2007 23:45:42 S 136 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 ()
06/02/2007 20:56:26 HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\desktop.ini ()
06/02/2007 20:56:26 HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini ()
06/02/2007 20:56:26 HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3MZ3G83P\desktop.ini ()
06/02/2007 20:56:26 HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MNUYN0P2\desktop.ini ()
06/02/2007 20:56:26 HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WHESQFUH\desktop.ini ()
06/02/2007 20:56:26 HS 67 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZR7QX7B3\desktop.ini ()
01/02/2007 15:28:16 HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\1515cf5f-4744-4cf4-9f22-27f6eb4eed9b ()
01/02/2007 15:28:16 HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred ()
08/02/2007 01:07:06 H 6 C:\WINDOWS\Tasks\SA.DAT ()
06/02/2007 22:16:16 HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini ()
06/02/2007 22:16:16 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ()
06/02/2007 22:16:16 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\AW91EXGB\desktop.ini ()
06/02/2007 22:16:16 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KB0C4ONT\desktop.ini ()
06/02/2007 22:16:16 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\LZ0PI8HZ\desktop.ini ()
06/02/2007 22:16:16 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\UF09Q4DO\desktop.ini ()

Checking for CPL files...
04/08/2004 07:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
04/08/2004 07:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
04/08/2004 07:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
18/09/2003 02:18:00 R 24576 C:\WINDOWS\SYSTEM32\cpl_moh.cpl ()
30/03/2001 01:00:00 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl (Creative Technology Ltd.)
21/02/2002 212992 C:\WINDOWS\SYSTEM32\CTDevCtrl.cpl (Creative Technology Ltd.)
04/08/2004 07:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
04/08/2004 07:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
04/08/2004 07:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
17/10/2006 12:05:48 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
04/08/2004 07:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
04/08/2004 07:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
02/02/2007 13:10:40 327680 C:\WINDOWS\SYSTEM32\isc_cpl.cpl ()
04/08/2004 07:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
07/09/2006 14:51:22 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
29/08/2002 04:00:00 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL (Microsoft Corporation)
04/08/2004 07:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
29/08/2002 04:00:00 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL (Microsoft Corporation)
04/08/2004 07:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
04/08/2004 07:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
29/08/2002 04:00:00 36864 C:\WINDOWS\SYSTEM32\NWC.CPL (Microsoft Corporation)
04/08/2004 07:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
04/08/2004 07:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
11/03/2003 15:15:56 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl (Intel(R) Corporation)
26/08/1996 01:12:00 R 341504 C:\WINDOWS\SYSTEM32\QTW32.CPL (Apple Computer, Inc.)
04/08/2004 07:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
29/08/2002 04:00:00 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL (Microsoft Corporation)
04/08/2004 07:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
04/08/2004 07:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
26/05/2005 03:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
17/10/2006 12:05:48 1817088 C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{00B71CFB-6864-4346-A978-C0A14556272C} - Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - Creative Software AutoUpdate - CodeBase = http://www.creative.com/su/ocx/15015/CTSUEng.cab
{14B87622-7E19-4EA8-93B3-97215F77A6BC} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{2B323CD9-50E3-11D3-9466-00A0C9700498} - Yahoo! Audio Conferencing - CodeBase = http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
{33564D57-0000-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - McAfee.com Operating System Class - CodeBase = http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
{51045741-8C4E-4EAC-8F03-08E43A6FBB29} - - CodeBase = http://c.ancestry.com/cab/aft/AncestryFamilyTree.cab
{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110069436593
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170787640593
{72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} - InstallShield International Setup Player - CodeBase = http://www.installengine.com/engine/isetupml.cab
{7D1E9C49-BD6A-11D3-87A8-009027A35D73} - Yahoo! Audio UI1 - CodeBase = http://chat.yahoo.com/cab/yacsui.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
{9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - Microsoft RDP Client Control (redist) - CodeBase = http://intranet.bedfordschool.org.uk/tsweb/msrdp.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/msnmessengersetupdownloader.cab
{B8BE5E93-A60C-4D26-A2DC-220313175592} - ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
{CA034DCC-A580-4333-B52F-15F98C42E04C} - Downloader Class - CodeBase = http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - Yahoo! Webcam Viewer Wrapper - CodeBase = http://chat.yahoo.com/cab/yvwrctl.cab
{EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} - Microsoft Search Settings Control - CodeBase = http://lg.home.microsoft.com/search/lobby/searchsettings.cab
{F6ACF75C-C32C-447B-9BEF-46B766368D29} - Creative Software AutoUpdate Support Package - CodeBase = http://www.creative.com/su/ocx/15014/CTPID.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
11/05/2004 18:04:22 730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 8.0 Tray Icon.lnk ()
03/09/2002 12:36:04 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI ()
14/08/2004 16:46:24 842 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk ()
16/07/2004 14:02:20 1609 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk ()
25/07/2004 21:16:54 1876 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
03/09/2002 12:26:20 HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI ()
30/01/2007 21:27:22 1371 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
03/09/2002 12:36:04 HS 84 C:\Documents and Settings\Dougie_2\Start Menu\Programs\Startup\DESKTOP.INI ()

Checking files in %USERPROFILE%\Application Data folder...
03/09/2002 12:26:20 HS 62 C:\Documents and Settings\Dougie_2\Application Data\DESKTOP.INI ()
15/08/2001 11:48:12 H 536 C:\Documents and Settings\Dougie_2\Application Data\winpmltspb6 ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer]
\\SearchURL - http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://go.microsoft.com/fwlink/?LinkId=69157
\\Search Page - http://go.microsoft.com/fwlink/?LinkId=54896
\\Default_Page_URL - http://go.microsoft.com/fwlink/?LinkId=69157
\\Default_Search_URL - http://go.microsoft.com/fwlink/?LinkId=54896
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://uk.msn.com/
\\Search Bar - http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.euro.dell.com/countries/uk/enu/gen/default.htm
\\Default_Search_URL - http://search.msn.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
\\SearchAssistant - http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
\\SearchAssistant - http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)
\{7E853D72-626A-48EC-A868-BA8D5E23E045} - = ()
\{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{30D02401-6A81-11D0-8274-00C04FD5AE38} - IE Search Band = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan = c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc.)
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)
\WebBrowser\\{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - = ()
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} - &Links = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 =
\\NEXTID - 8199
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8195 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8196 = Windows Messenger
\\{76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - 8197 =
\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - 8198 =
 

·
Registered
Joined
·
219 Posts
Discussion Starter · #20 ·
Continued:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =
\{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{DEE12703-6333-4D4E-8F34-738C4DCC2E04} - RecordNow! SendToExt = C:\Program Files\Sonic\RecordNow!\shlext.dll (Sonic Solutions)
\\{5CA3D70E-1895-11CF-8E15-001234567890} - DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
\\{FBE1DB69-5026-42cf-BE97-D52DDB70DB87} - AOL = C:\Program Files\Common Files\aolshare\shell\uk\shellext.dll (America Online, Inc.)
\\{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE} - eLicense Control = C:\WINDOWS\lcmmfu.cpl ()
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{52B87208-9CCF-42C9-B88E-069281105805} - Trojan Remover Shell Extension = C:\PROGRA~1\TROJAN~1\Trshlex.dll ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\Trojan Remover - {52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll ()
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\{CFC7205E-2792-4378-9591-3879CC6C9022} - = c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Trojan Remover - {52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll ()
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\{CFC7205E-2792-4378-9591-3879CC6C9022} - = c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc.)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\McUpdate.exe (McAfee, Inc)
MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc)
VSOCheckTask - C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
VirusScan Online - C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
Disc Detector - C:\Program Files\Creative\ShareDLL\CtNotify.exe (Creative Technology Ltd.)
OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sonic RecordNow! - Reg Data missing or invalid ()
atiupdate - Reg Data missing or invalid ()
NOMAD Detector - C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE (Creative Technology Ltd.)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
XPCSpy Start - Reg Data missing or invalid ()
farmmext - Reg Data missing or invalid ()
acenotes - Reg Data missing or invalid ()
v7gh03g7.exe - Reg Data missing or invalid ()
micore - Reg Data missing or invalid ()
PrinterSpool - Reg Data missing or invalid ()
key - Reg Data missing or invalid ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 8.0 Tray Icon.lnk - C:\Program Files\AOL 8.0\aoltray.exe ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk - C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe (Ulead Systems, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Dougie_2\Start Menu\Programs\Startup\DESKTOP.INI ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
\WRNotifier - WRLogonNTF.dll = ()

>>> DNS Name Servers <<<
{5C998764-16DF-4470-9773-2F714A92580E} - ()
{628599A4-47BC-4122-9962-73679DBEE308} - (Intel(R) PRO/100 VE Network Connection)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
1 - 20 of 25 Posts
Status
Not open for further replies.
Top