 |  |  |  |  |  |  |  |
Browser keeps opening on its own
 |
my browser keeps opening up on its own every so often and saying no page to display. i'm also having alot of the same pop ups. i have a pop up blocker which is enabled but isn't stopping the same ones appearing. can anyone help?
my hijackthis log file is pasted below.....
Logfile of HijackThis v1.99.1
Scan saved at 20:37:53, on 09/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\asuskbservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\LSASS.EXE
C:\WINDOWS\SKS~1\javaw.exe
C:\WINDOWS\System32\r?gedit.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JAMIEG~1\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
R3 - URLSearchHook: (no name) - {9A592B60-E8D1-B274-F68E-E13B820722C3} - C:\WINDOWS\System32\fopeipbm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msoff.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Lwra] "C:\WINDOWS\SKS~1\javaw.exe" -vt mt
O4 - HKCU\..\Run: [Qotk] C:\WINDOWS\System32\r?gedit.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetHelp.lnk = C:\Program Files\BTopenworld NetHelp\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Homepage - {8CE3E00A-AA4D-47A5-B422-55E32118AD43} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {961FB8A9-2152-4CEE-920A-02E2D6A778EB} - http://www.bt.com (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF7F3482-AE63-4E26-ABE7-5CDE0A4104C2}: NameServer = 194.74.65.68 194.72.9.34
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\l22slcf71f2.dll
O20 - Winlogon Notify: winild32 - winild32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
thanks in advance!
my hijackthis log file is pasted below.....
Logfile of HijackThis v1.99.1
Scan saved at 20:37:53, on 09/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\asuskbservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\LSASS.EXE
C:\WINDOWS\SKS~1\javaw.exe
C:\WINDOWS\System32\r?gedit.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JAMIEG~1\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
R3 - URLSearchHook: (no name) - {9A592B60-E8D1-B274-F68E-E13B820722C3} - C:\WINDOWS\System32\fopeipbm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msoff.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Lwra] "C:\WINDOWS\SKS~1\javaw.exe" -vt mt
O4 - HKCU\..\Run: [Qotk] C:\WINDOWS\System32\r?gedit.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetHelp.lnk = C:\Program Files\BTopenworld NetHelp\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Homepage - {8CE3E00A-AA4D-47A5-B422-55E32118AD43} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {961FB8A9-2152-4CEE-920A-02E2D6A778EB} - http://www.bt.com (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF7F3482-AE63-4E26-ABE7-5CDE0A4104C2}: NameServer = 194.74.65.68 194.72.9.34
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\l22slcf71f2.dll
O20 - Winlogon Notify: winild32 - winild32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
thanks in advance!
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation: 
Solved Threads: 98
Hi, and welcome to DaniWeb!
To start off you will need to boot windows into safe mode, and configure windows to show hidden filews and folders. To do this follow these instructions.
file 1 Click the Start Button
2 In the Start menu click Control Panel
3 In the Control panel Window click the Folder Options Icon
4 The folder Options Window will now Open
5 Click the View Tab
6 In the view tab window look down the list for a section marked Hidden Files and Folders
7 Enable the option Show Hidden Files and Folders by left clicking the radio button on the left of the option with your mouse. Then uncheck Hide protected operating system files. CLick yes to the dialog.
8 Press the Apply button
9 On the next screen press OK to exit
10 You should now be able to view the hidden files and folders.
------------------------
1. If the computer is running, shut down Windows, and then turn off the power
2. Wait 30 seconds, and then turn the computer on.
3. When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key. The Windows 2000 Advanced Options Menu appears.
4. Ensure that the Safe mode option is selected. In most cases, it is the first item in the list and is selected by default.
5. Press Enter. The computer then begins to start in Safe mode.
Then in safe mode scan again with HJT and put a check next to the following items.
C:\WINDOWS\System32\r?gedit.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msoff.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Qotk] C:\WINDOWS\System32\r?gedit.exe
O9 - Extra button: Homepage - {8CE3E00A-AA4D-47A5-B422-55E32118AD43} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {961FB8A9-2152-4CEE-920A-02E2D6A778EB} - http://www.bt.com (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF7F3482-AE63-4E26-ABE7-5CDE0A4104C2}: NameServer = 194.74.65.68 194.72.9.34
O20 - Winlogon Notify: winild32 - winild32.dll (file missing)
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\l22slcf71f2.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Now close All Browsers and choose Fix Checked
Now reset your Web settings
1.On the Tools menu, click Internet Options.
2.Click the Programs tab.
3.Click the Reset Web Settings button.
Then while your still in safe mode. Browse to and delete the following files/folders. (If they exist)
Then while your still in safe mode delete the following folder. (if it exists)
X:\Documents and Settings\<username>\RavenJoker
where X is your root windows drive (Usally C:\), and username is the user logged on. If not there, do a search for RavenJoker, and if found delete the folder.
-------------------------------------------------------
After all that Empty your recycle bin. Rebbot normally, and post a new log.
-T
To start off you will need to boot windows into safe mode, and configure windows to show hidden filews and folders. To do this follow these instructions.
file 1 Click the Start Button
2 In the Start menu click Control Panel
3 In the Control panel Window click the Folder Options Icon
4 The folder Options Window will now Open
5 Click the View Tab
6 In the view tab window look down the list for a section marked Hidden Files and Folders
7 Enable the option Show Hidden Files and Folders by left clicking the radio button on the left of the option with your mouse. Then uncheck Hide protected operating system files. CLick yes to the dialog.
8 Press the Apply button
9 On the next screen press OK to exit
10 You should now be able to view the hidden files and folders.
------------------------
1. If the computer is running, shut down Windows, and then turn off the power
2. Wait 30 seconds, and then turn the computer on.
3. When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key. The Windows 2000 Advanced Options Menu appears.
4. Ensure that the Safe mode option is selected. In most cases, it is the first item in the list and is selected by default.
5. Press Enter. The computer then begins to start in Safe mode.
Then in safe mode scan again with HJT and put a check next to the following items.
C:\WINDOWS\System32\r?gedit.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msoff.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Qotk] C:\WINDOWS\System32\r?gedit.exe
O9 - Extra button: Homepage - {8CE3E00A-AA4D-47A5-B422-55E32118AD43} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {961FB8A9-2152-4CEE-920A-02E2D6A778EB} - http://www.bt.com (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF7F3482-AE63-4E26-ABE7-5CDE0A4104C2}: NameServer = 194.74.65.68 194.72.9.34
O20 - Winlogon Notify: winild32 - winild32.dll (file missing)
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\l22slcf71f2.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Now close All Browsers and choose Fix Checked
Now reset your Web settings
1.On the Tools menu, click Internet Options.
2.Click the Programs tab.
3.Click the Reset Web Settings button.
Then while your still in safe mode. Browse to and delete the following files/folders. (If they exist)
•
•
•
•
C:\WINDOWS\System32\msoff.exe
C:\WINDOWS\System32\r?gedit.exe
C:\WINDOWS\system32\l22slcf71f2.dll
X:\Documents and Settings\<username>\RavenJoker
where X is your root windows drive (Usally C:\), and username is the user logged on. If not there, do a search for RavenJoker, and if found delete the folder.
-------------------------------------------------------
After all that Empty your recycle bin. Rebbot normally, and post a new log.
-T
Last edited by tayspen; Mar 9th, 2006 at 5:08 pm. Reason: found another nasty...
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
Hi, I will be out of town for a few days, and will not be able to get back to you until then. But im sure someone else will come along and finish the job.
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ya here's some more to fix: Basically, tayspern already mentioned nearly all of them (except for the one O4 I listed). I'm just clarifying to fix everything.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
R3 - URLSearchHook: (no name) - {9A592B60-E8D1-B274-F68E-E13B820722C3} - C:\WINDOWS\System32\fopeipbm.dll
O4 - HKCU\..\Run: [Lwra] "C:\WINDOWS\SKS~1\javaw.exe" -vt mt
After following tayspern's directions, reboot, and download Ewido and CCleaner (links for both are found in my signature below). After downloading, be sure to update definitons for both. Then, run both programs, and save the Ewido log to place into this thread.
After running both scans, fixing both, reboot the computer again, run HJT, and post a new scan, along with the Ewido scan data.
Thanks.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
R3 - URLSearchHook: (no name) - {9A592B60-E8D1-B274-F68E-E13B820722C3} - C:\WINDOWS\System32\fopeipbm.dll
O4 - HKCU\..\Run: [Lwra] "C:\WINDOWS\SKS~1\javaw.exe" -vt mt
After following tayspern's directions, reboot, and download Ewido and CCleaner (links for both are found in my signature below). After downloading, be sure to update definitons for both. Then, run both programs, and save the Ewido log to place into this thread.
After running both scans, fixing both, reboot the computer again, run HJT, and post a new scan, along with the Ewido scan data.
Thanks.
Now if ya like the help ya could always raise our reputation...
•
•
Join Date: Feb 2006
Posts: 244
Reputation:
Solved Threads: 13
Posting Whiz in Training
You should please not that you do not want to delete C:\WINDOWS\System32\regedit.exe
Also - this is a Look2Me infection, you will be deleting all week long
Download the following two tools for me
Spysweeper
http://www.ianag.com/files/14/SpySwe...MajorGeeks.exe
WinPFind
http://www.bleepingcomputer.com/files/winpfind.php
-Follow step 9 here on how to properly run it:
http://wiki.castlecops.com/Vundo_Roo...oval_Procedure
Attach the following logs when you return
Also - this is a Look2Me infection, you will be deleting all week long
Download the following two tools for me
Spysweeper
http://www.ianag.com/files/14/SpySwe...MajorGeeks.exe
WinPFind
http://www.bleepingcomputer.com/files/winpfind.php
-Follow step 9 here on how to properly run it:
http://wiki.castlecops.com/Vundo_Roo...oval_Procedure
Attach the following logs when you return
•
•
•
•
New HijackThis log
Spysweeper log
WinPFind log
Proud Member of ASAP (Alliance of Security Analysis Professionals)
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
Demented always comes along with the final fix, lol.
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Lol, but I'm sure as hell happy he does too... 
By the way,, I jus thougt I might mention I like working with 2 other moderators.
Alrite, no more thread-wasting, back to the task on hand.
By the way,, I jus thougt I might mention I like working with 2 other moderators.
Alrite, no more thread-wasting, back to the task on hand.
Now if ya like the help ya could always raise our reputation...
ok, i've done all what you have said and heres the logs:
New HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 21:18:32, on 13/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\Jamie Griffiths\Desktop\hijackthis\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetHelp.lnk = C:\Program Files\BTopenworld NetHelp\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF7F3482-AE63-4E26-ABE7-5CDE0A4104C2}: NameServer = 194.74.65.68 194.72.9.34
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
WinPfind Log
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
FSG! 25/01/2006 18:40:54 32317 C:\WINDOWS\country.exe
Checking %System% folder...
aspack 18/03/2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 26/05/2005 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
aspack 22/07/2005 19:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
aspack 05/12/2005 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll
PEC2 23/08/2001 12:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
Umonitor 23/08/2001 12:00:00 630784 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 23/08/2001 12:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
UPX! 25/01/2006 19:15:38 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 25/01/2006 19:15:38 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 25/01/2006 19:15:38 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 25/01/2006 19:15:38 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 05/11/2004 11:39:08 82148 C:\WINDOWS\SYSTEM32\drivers\VcommMgr.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
13/03/2006 20:31:32 S 2048 C:\WINDOWS\bootstat.dat
12/03/2006 23:42:38 S 64 C:\WINDOWS\CSC\00000001
12/03/2006 23:40:00 S 64 C:\WINDOWS\CSC\00000002
13/03/2006 20:31:54 H 20480 C:\WINDOWS\system32\config\default.LOG
13/03/2006 20:31:48 H 1024 C:\WINDOWS\system32\config\SAM.LOG
13/03/2006 20:31:34 H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
13/03/2006 20:32:46 H 86016 C:\WINDOWS\system32\config\software.LOG
13/03/2006 20:31:32 H 815104 C:\WINDOWS\system32\config\system.LOG
13/03/2006 20:19:02 HS 184 C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures\Desktop.ini
13/03/2006 20:29:56 H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 23/08/2001 12:00:00 66048 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 23/08/2001 12:00:00 558592 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 23/08/2001 12:00:00 130048 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 23/08/2001 12:00:00 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 29/08/2002 07:14:40 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 23/08/2001 12:00:00 119808 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 17/08/2001 22:37:02 48128 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 29/08/2002 03:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 13/04/2005 03:48:52 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 23/08/2001 12:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 23/08/2001 12:00:00 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 23/08/2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 23/08/2001 12:00:00 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 09/07/2004 10:02:00 R 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 23/08/2001 12:00:00 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 23/08/2001 12:00:00 270848 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 23/08/2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 23/08/2001 12:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 23/08/2001 12:00:00 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 23/08/2001 12:00:00 558592 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 23/08/2001 12:00:00 130048 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 23/08/2001 12:00:00 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 29/08/2002 07:14:40 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 23/08/2001 12:00:00 119808 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 29/08/2002 03:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 23/08/2001 12:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 23/08/2001 12:00:00 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 23/08/2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 23/08/2001 12:00:00 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 23/08/2001 12:00:00 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 23/08/2001 12:00:00 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 23/08/2001 12:00:00 270848 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 23/08/2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 23/08/2001 12:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Socket Communications Inc. 20/01/2005 02:11:46 R 73728 C:\WINDOWS\SYSTEM32\drivers\SCBaud.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
08/01/2006 13:50:28 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
07/02/2006 21:25:06 1593 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
02/01/2006 22:10:52 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
03/01/2006 17:11:50 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
02/01/2006 22:51:06 1729 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetHelp.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
02/01/2006 21:58:32 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
Checking files in %USERPROFILE%\Startup folder...
04/01/2006 20:15:02 988 C:\Documents and Settings\Jamie Griffiths\Start Menu\Programs\Startup\Adobe Gamma.lnk
02/01/2006 22:10:52 HS 84 C:\Documents and Settings\Jamie Griffiths\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
08/01/2006 13:09:08 1688 C:\Documents and Settings\Jamie Griffiths\Application Data\AdobeDLM.log
02/01/2006 21:58:32 HS 62 C:\Documents and Settings\Jamie Griffiths\Application Data\desktop.ini
08/01/2006 13:09:08 0 C:\Documents and Settings\Jamie Griffiths\Application Data\dm.ini
15/01/2006 15:53:38 19552 C:\Documents and Settings\Jamie Griffiths\Application Data\GDIPFONTCACHEV1.DAT
25/01/2006 18:42:28 2140819 C:\Documents and Settings\Jamie Griffiths\Application Data\Install.dat
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
BT Openworld BB = IEAK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{5DD59684-E870-4C87-AF01-4B091F8C63C7} = C:\WINDOWS\system32\lfcmgr10.dll
{A75F5C24-C46D-4BD3-86AF-560646B1D56E} =
{AB21BF63-D333-4642-A8ED-EE34420F9F09} = C:\WINDOWS\system32\nowrsit.dll
{7AE2066D-14DC-4F31-9993-18852214CBDB} =
{A75198B7-6129-4A20-9D82-2615BA5C8A4B} =
{E6E5907A-775C-48A4-8CF6-719CF456B748} = C:\WINDOWS\system32\wjploc.dll
{CF7AB3E0-13E1-4732-9A8E-8F5D70CD8B95} = C:\WINDOWS\system32\ddprop.dll
{511D23E3-4988-47DD-80E2-48F66B4CBAB0} = C:\WINDOWS\system32\csdial32.dll
{DB69803C-92C3-4D06-99C4-9232FB3BEF83} = C:\WINDOWS\system32\ajkctrs.dll
{49FEFDB1-667D-4C3B-9BF0-D458D47FE1DB} = C:\WINDOWS\system32\nimsmgr.dll
{F4AC0A08-760D-4F30-9FF1-7D5C7A93242B} = C:\WINDOWS\system32\izakui.dll
{2690BBCF-FB9D-49F0-846A-8E47D46EF0B1} = C:\WINDOWS\system32\duprop.dll
{0EE9EA1F-16E8-4340-891F-3A5B85BED085} = C:\WINDOWS\system32\ifmontr.dll
{E15D59BE-5519-4C97-A760-E922983F1C72} = C:\WINDOWS\system32\campstui.dll
{D0B56779-6550-4451-BFAE-4B3AEFA3FD16} = C:\WINDOWS\system32\skripto.dll
{A8E31EF8-0433-4312-A5A3-620C04769BA7} = C:\WINDOWS\system32\Atdio3D.dll
{C823762F-0A3B-46F1-892A-C847E5E6B0E1} = C:\WINDOWS\system32\czedui.dll
{0CF6C717-F7C8-4926-A5B9-BF8403EA35BB} = C:\WINDOWS\system32\rLsmontr.dll
{21CDF132-F412-4D2D-90D3-042E94C267AC} = C:\WINDOWS\system32\ozbcbcp.dll
{3ECF167A-1563-4909-9DF9-0DE888D20959} =
{0281BEB4-E698-4943-93B1-3891C4166E2F} = C:\WINDOWS\system32\nlwrstr.dll
{DCC6D617-E8ED-4717-A33E-CC2BE4FCD6A5} =
{6746F7C1-BE96-42DE-89C1-863B776FB62C} = C:\WINDOWS\system32\kmdhu1.dll
{E8F89A29-5B31-4D10-9BD3-C10402FB3446} = C:\WINDOWS\system32\mvrclr40.dll
{F11029C3-4C79-49B7-9A1B-A958E0DD3FE2} =
{2E344936-FD5D-4458-A547-F40AE1855E44} =
{6EDD67EE-A95C-451A-9E73-C39D8FA7AA13} = C:\WINDOWS\system32\mirecr40.dll
{1A33D580-9933-4114-9501-D3D4E0538EFA} =
{4AD6F594-DA07-4BD2-92E1-05033D64711F} = C:\WINDOWS\system32\qpgrprxy.dll
{7DDED1D1-751A-45A0-8372-89B173F90DC6} = C:\WINDOWS\system32\camdlg32.dll
{64BF2778-0BD0-4CD1-BFC4-AD365830123D} = C:\WINDOWS\system32\wthisn.dll
{71383A5D-41AC-4A1F-BFFF-5DFA2AF2BFE3} = C:\WINDOWS\system32\uzrcoina.dll
{6285540C-8513-45C5-A6F3-07666D896DE7} =
{37744D84-C0DD-4960-BD45-98BB667D27A4} = C:\WINDOWS\system32\cqbjmon.dll
{D17BB9E8-8374-453F-AE21-7A36BC80D1E8} =
{98BC8BFE-7460-4ED6-BBDD-4B732F54F461} =
{F4047001-9B3A-43FB-AF68-FFBF2A10F644} = C:\WINDOWS\system32\tCpiperf.dll
{BC0135EF-F8C3-44A8-B271-1B18E4A5718A} = C:\WINDOWS\system32\dgkquoui.dll
{13438E53-73B0-4C81-97A3-E530EAC97B9D} = C:\WINDOWS\system32\ntwrsja.dll
{08587639-59EB-4A42-A51B-8ED3F3488D58} = C:\WINDOWS\system32\malbui.dll
{8FB073E1-2013-4A6C-BADE-E99297183502} =
{5498A2F6-C7D5-4D8D-8635-F361CFCFEA50} = C:\WINDOWS\system32\csbcatex.dll
{2EE4E48C-EA53-4498-A647-5409CEAFACFE} = C:\WINDOWS\system32\chl3d32.dll
{E1A6AC08-C380-4455-86DE-14F9E59FF8C6} = C:\WINDOWS\system32\no4_disp.dll
{F626602E-DC8D-468C-B2BF-E5DED459C412} = C:\WINDOWS\system32\bnowseui.dll
{631AAE12-88EC-44A4-A71F-D7748F3EF44B} = C:\WINDOWS\system32\parfctrs.dll
{0146FA92-D2B2-4A07-B57B-5790E1A98EC6} = C:\WINDOWS\system32\mywebdvd.dll
{46B5EDE5-9137-4E10-9B23-6F2D9368A4CC} = C:\WINDOWS\system32\darawex.dll
{615D6D96-0FBB-421D-B5D7-6C38DD451040} = C:\WINDOWS\system32\nkrspl.dll
{319E7900-35C3-4275-9F56-20D8A01BC692} = C:\WINDOWS\system32\rDcpldlg.dll
{BF5F649B-B12A-4A9A-8C8E-12F7C4EC2C9D} = C:\WINDOWS\system32\mIpi32.dll
{90C42B07-D62E-4701-ADC7-5D6158A92198} = C:\WINDOWS\system32\rLsrad.dll
{05D5FE58-DA80-447C-A4B4-4CE473CE376F} = C:\WINDOWS\system32\dsscript.dll
{C21C5A85-3F70-4483-91F0-1BC4EEC5CF51} = C:\WINDOWS\system32\axstream.dll
{1F0C1556-FF5D-445A-B8D1-1860149D12CC} = C:\WINDOWS\system32\dtsetup.dll
{C7B382C3-5DA5-4A23-BD64-C54F8A2FA061} = C:\WINDOWS\system32\rgfsaps.dll
{A8231D82-FBFE-4009-8727-5EBA496FE52A} = C:\WINDOWS\system32\dtband.dll
{53CF4A16-0BBA-467D-BE76-DF8A6E6D3D32} = C:\WINDOWS\system32\iqakeng.dll
{1DACBDC7-7C5A-4D51-9375-CB70E6E598FB} = C:\WINDOWS\system32\nnshell.dll
{0EDC4BAD-8D95-4F6D-B3C4-19372D11C0E6} = C:\WINDOWS\system32\wupshell.dll
{76549A51-EA35-4F5E-9878-F31567C773A7} =
{75F02086-84AC-44CB-83C7-1CCB7B8C2931} = C:\WINDOWS\system32\pcbase.dll
{14152C67-3A60-4A33-AD04-9855897E0ADD} = C:\WINDOWS\system32\MnPMSNSv.dll
{F7621966-0EA7-46D0-B140-BABABE2143AB} = C:\WINDOWS\system32\dfcpmon.dll
{9F0B7260-1A73-4A19-8DCE-8A122CA2B1BC} = C:\WINDOWS\system32\dJdramp.dll
{27BD3753-B2EE-433C-A832-BBF161311127} = C:\WINDOWS\system32\kudgr1.dll
{F42FAF77-FE2F-4E88-9216-5FF776DF3A6D} = C:\WINDOWS\system32\dl32gt.dll
{6B758944-80B8-427C-8FD2-006D2248D7C1} = C:\WINDOWS\system32\mvdtctm.dll
{991F27DE-36BC-469D-87C7-E4F6693AD26D} = C:\WINDOWS\system32\polmon.dll
{ED92A259-CAF4-48FF-923D-2572F4B0905C} = C:\WINDOWS\system32\ikrtprio.dll
{177B457E-97B3-4F66-9343-96951619818B} = C:\WINDOWS\system32\sgfolder.dll
{E7AA1ED7-8CC9-4CDD-98C8-B97B91D50115} = C:\WINDOWS\system32\auusosdnt.dll
{7F59ADB7-7516-4FB7-A57C-354C06159338} = C:\WINDOWS\system32\tHpi32.dll
{5175F771-F3D1-400C-8BBC-B71AC8EAF51D} = C:\WINDOWS\system32\rucdll.dll
{35F0F677-087A-4A3B-AD78-253D1383641C} = C:\WINDOWS\system32\ozpdx32.dll
{113BC25E-0BC6-480C-BFC3-D9D2DB114B78} = C:\WINDOWS\system32\EjnClass.Dll
{98846BA4-8A39-4DD3-8E49-859465CF3A26} = C:\WINDOWS\system32\uzbmon.dll
{B0DFFB4C-450F-4F41-B57B-59709CD4644F} = C:\WINDOWS\system32\mbrapi.dll
{9F85312D-CEED-4A87-B481-B4C3D05FE604} = C:\WINDOWS\system32\cCbview.dll
{155C783D-AFBF-4790-9AB1-5DECB94F9305} = C:\WINDOWS\system32\lewmf11n.dll
{AB30D9D2-E03C-4AAC-9348-A468A7CF465C} =
{3B1D6C38-0234-4767-B5DD-31E36FC94F02} = C:\WINDOWS\system32\tzpmonui.dll
{A1A8C3D6-4EB5-468D-AB71-A630002693A3} =
{A9B5F71C-299A-429C-A308-B19597A32B46} = C:\WINDOWS\system32\nqrsfi.dll
{9FEFB84A-CE79-4AF3-B180-16DAB27154FF} = C:\WINDOWS\system32\mkrecr40.dll
{CE962CEC-DAB8-44E3-84E6-99D7E6E2E36D} = C:\WINDOWS\system32\obbc32.dll
{878D0658-B0BD-4411-A1E1-6F5CDD4015F2} = C:\WINDOWS\system32\okeprn.dll
{8A1BA3EE-C7DE-49BC-A75B-F35AF3760145} = C:\WINDOWS\system32\dzcdll.dll
{5DAEF4CD-155D-40FC-9A12-BA9FF892D036} = C:\WINDOWS\system32\tkntsvrp.dll
{D09E6400-13AF-4D93-81CB-C3B19074C9CD} = C:\WINDOWS\system32\tdpmib.dll
{4F6A7BD9-788E-474C-BC5B-01F3D4DEB943} = C:\WINDOWS\system32\sstupdll.dll
{B39EF780-9E50-4D4E-9BE9-502D1EA9B8B6} = C:\WINDOWS\system32\MHWMDM.dll
{85640F87-5ECA-4AEB-AE57-CDED22E38429} = C:\WINDOWS\system32\cnnsole.dll
{CFF195B5-7640-4F59-9107-41B1C24AC1CC} = C:\WINDOWS\system32\nxrszht.dll
{53E3715B-3C3A-447F-9CE0-62548D6A7E4D} = C:\WINDOWS\system32\dEdramp.dll
{51A40F4C-CAAD-4492-934B-E349A4F24E76} = C:\WINDOWS\system32\ipcvid.dll
{DA81D6E4-FB95-463B-B04B-9CA0F78A1EEE} = C:\WINDOWS\system32\mmtime.dll
{BB561A49-ABAE-48A9-A1A6-DE289EFE7D1C} = C:\WINDOWS\system32\ueimdmat.dll
{A44E62EF-8422-4796-AEBF-05159A834C11} = C:\WINDOWS\system32\mrvidctl.dll
{59988A25-854D-4B8B-AAE1-DC52966CB8F0} = C:\WINDOWS\system32\wbaueng.dll
{6D2514CF-3BD0-42BA-98E0-751624B962E5} = C:\WINDOWS\system32\sorialui.dll
{73D15C13-68CD-46AB-8085-D36D8E38FBD0} =
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AJC
{5071CDA5-D3E1-11D5-BFC0-005004A71005} = C:\Program Files\Advanced JPEG Compressor\ContextMenuExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{51085E3D-A958-42A2-A6BE-A6A9B0BAF276}
ButtonText = BT Yahoo! Sidebar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SpeedTouch USB Diagnostics "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
anvshell anvshell.exe
WinampAgent C:\Program Files\Winamp\winampa.exe
NeroFilterCheck C:\WINDOWS\System32\NeroCheck.exe
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
DAEMON Tools "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
Yahoo! Pager "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallpaper 0
NoComponents 0
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoHTMLWallPaper 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
ClassicShell 0
ForceActiveDesktopOn 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 13/03/2006 20:38:42
Spysweeper log
********
19:55: | Start of Session, 13 March 2006 |
19:55: Spy Sweeper started
19:55: Sweep initiated using definitions version 630
19:55: Starting Memory Sweep
19:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
19:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
19:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
19:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
19:56: Found Adware: icannnews
19:56: Detected running threat: C:\WINDOWS\system32\fplo0333e.dll (ID = 83)
19:58: Detected running threat: C:\WINDOWS\system32\pFqsp.dll (ID = 83)
19:58: Memory Sweep Complete, Elapsed Time: 00:03:21
19:58: Starting Registry Sweep
19:59: Found Adware: purityscan
19:59: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137986)
19:59: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
19:59: Found Trojan Horse: trojan agent winlogonhook
19:59: HKLM\software\microsoft\mssmgr\ (4 subtraces) (ID = 937101)
19:59: Found Adware: accona toolbar accoona.com hijack
19:59: HKU\WRSS_Profile_S-1-5-21-1960408961-1708537768-725345543-500\software\microsoft\internet explorer\searchurl\ || @ (ID = 955002)
19:59: Registry Sweep Complete, Elapsed Time:00:00:27
19:59: Starting Cookie Sweep
19:59: Cookie Sweep Complete, Elapsed Time: 00:00:00
19:59: Starting File Sweep
20:01: Found Trojan Horse: trojan-dh
20:01: dh9013.exe (ID = 208497)
20:04: Found Adware: look2me
20:04: pfqsp.dll (ID = 159)
20:04: fplo0333e.dll (ID = 159)
20:07: Found Adware: spysheriff fakealert
20:07: secure32.html (ID = 184319)
20:07: n46q0ej5eho.dll (ID = 159)
20:08: guard.tmp (ID = 159)
20:09: File Sweep Complete, Elapsed Time: 00:10:38
20:09: Full Sweep has completed. Elapsed time 00:14:33
20:09: Traces Found: 18
20:17: Removal process initiated
20:18: Quarantining All Traces: icannnews
20:18: icannnews is in use. It will be removed on reboot.
20:18: C:\WINDOWS\system32\fplo0333e.dll is in use. It will be removed on reboot.
20:18: C:\WINDOWS\system32\pFqsp.dll is in use. It will be removed on reboot.
20:18: Quarantining All Traces: look2me
20:18: look2me is in use. It will be removed on reboot.
20:18: pfqsp.dll is in use. It will be removed on reboot.
20:18: fplo0333e.dll is in use. It will be removed on reboot.
20:18: n46q0ej5eho.dll is in use. It will be removed on reboot.
20:18: Quarantining All Traces: purityscan
20:18: Quarantining All Traces: spysheriff fakealert
20:18: Quarantining All Traces: trojan agent winlogonhook
20:18: Quarantining All Traces: trojan-dh
20:18: Quarantining All Traces: accona toolbar accoona.com hijack
20:18: Warning: Launched explorer.exe
20:18: Warning: Quarantine process could not restart Explorer.
20:20: Preparing to restart your computer. Please wait...
20:20: Removal process completed. Elapsed time 00:02:54
21:24: Updating spyware definitions
21:24: Your spyware definitions have been updated.
********
19:54: | Start of Session, 13 March 2006 |
19:54: Spy Sweeper started
19:54: Warning: Access is denied
19:55: Your spyware definitions have been updated.
19:55: | End of Session, 13 March 2006 |
ewido log
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 22:01:44, 13/03/2006
+ Report-Checksum: F3B7A0F3
+ Scan result:
C:\Documents and Settings\Jamie Griffiths\Cookies\jamie griffiths@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Jamie Griffiths\Cookies\jamie griffiths@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
::Report End
New HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 21:18:32, on 13/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\Jamie Griffiths\Desktop\hijackthis\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetHelp.lnk = C:\Program Files\BTopenworld NetHelp\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF7F3482-AE63-4E26-ABE7-5CDE0A4104C2}: NameServer = 194.74.65.68 194.72.9.34
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
WinPfind Log
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
FSG! 25/01/2006 18:40:54 32317 C:\WINDOWS\country.exe
Checking %System% folder...
aspack 18/03/2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 26/05/2005 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
aspack 22/07/2005 19:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
aspack 05/12/2005 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll
PEC2 23/08/2001 12:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
Umonitor 23/08/2001 12:00:00 630784 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 23/08/2001 12:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
UPX! 25/01/2006 19:15:38 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 25/01/2006 19:15:38 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 25/01/2006 19:15:38 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 25/01/2006 19:15:38 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 05/11/2004 11:39:08 82148 C:\WINDOWS\SYSTEM32\drivers\VcommMgr.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
13/03/2006 20:31:32 S 2048 C:\WINDOWS\bootstat.dat
12/03/2006 23:42:38 S 64 C:\WINDOWS\CSC\00000001
12/03/2006 23:40:00 S 64 C:\WINDOWS\CSC\00000002
13/03/2006 20:31:54 H 20480 C:\WINDOWS\system32\config\default.LOG
13/03/2006 20:31:48 H 1024 C:\WINDOWS\system32\config\SAM.LOG
13/03/2006 20:31:34 H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
13/03/2006 20:32:46 H 86016 C:\WINDOWS\system32\config\software.LOG
13/03/2006 20:31:32 H 815104 C:\WINDOWS\system32\config\system.LOG
13/03/2006 20:19:02 HS 184 C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures\Desktop.ini
13/03/2006 20:29:56 H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 23/08/2001 12:00:00 66048 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 23/08/2001 12:00:00 558592 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 23/08/2001 12:00:00 130048 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 23/08/2001 12:00:00 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 29/08/2002 07:14:40 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 23/08/2001 12:00:00 119808 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 17/08/2001 22:37:02 48128 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 29/08/2002 03:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 13/04/2005 03:48:52 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 23/08/2001 12:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 23/08/2001 12:00:00 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 23/08/2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 23/08/2001 12:00:00 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 09/07/2004 10:02:00 R 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 23/08/2001 12:00:00 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 23/08/2001 12:00:00 270848 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 23/08/2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 23/08/2001 12:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 23/08/2001 12:00:00 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 23/08/2001 12:00:00 558592 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 23/08/2001 12:00:00 130048 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 23/08/2001 12:00:00 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 29/08/2002 07:14:40 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 23/08/2001 12:00:00 119808 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 29/08/2002 03:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 23/08/2001 12:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 23/08/2001 12:00:00 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 23/08/2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 23/08/2001 12:00:00 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 23/08/2001 12:00:00 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 23/08/2001 12:00:00 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 23/08/2001 12:00:00 270848 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 23/08/2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 23/08/2001 12:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Socket Communications Inc. 20/01/2005 02:11:46 R 73728 C:\WINDOWS\SYSTEM32\drivers\SCBaud.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
08/01/2006 13:50:28 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
07/02/2006 21:25:06 1593 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
02/01/2006 22:10:52 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
03/01/2006 17:11:50 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
02/01/2006 22:51:06 1729 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetHelp.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
02/01/2006 21:58:32 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
Checking files in %USERPROFILE%\Startup folder...
04/01/2006 20:15:02 988 C:\Documents and Settings\Jamie Griffiths\Start Menu\Programs\Startup\Adobe Gamma.lnk
02/01/2006 22:10:52 HS 84 C:\Documents and Settings\Jamie Griffiths\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
08/01/2006 13:09:08 1688 C:\Documents and Settings\Jamie Griffiths\Application Data\AdobeDLM.log
02/01/2006 21:58:32 HS 62 C:\Documents and Settings\Jamie Griffiths\Application Data\desktop.ini
08/01/2006 13:09:08 0 C:\Documents and Settings\Jamie Griffiths\Application Data\dm.ini
15/01/2006 15:53:38 19552 C:\Documents and Settings\Jamie Griffiths\Application Data\GDIPFONTCACHEV1.DAT
25/01/2006 18:42:28 2140819 C:\Documents and Settings\Jamie Griffiths\Application Data\Install.dat
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
BT Openworld BB = IEAK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{5DD59684-E870-4C87-AF01-4B091F8C63C7} = C:\WINDOWS\system32\lfcmgr10.dll
{A75F5C24-C46D-4BD3-86AF-560646B1D56E} =
{AB21BF63-D333-4642-A8ED-EE34420F9F09} = C:\WINDOWS\system32\nowrsit.dll
{7AE2066D-14DC-4F31-9993-18852214CBDB} =
{A75198B7-6129-4A20-9D82-2615BA5C8A4B} =
{E6E5907A-775C-48A4-8CF6-719CF456B748} = C:\WINDOWS\system32\wjploc.dll
{CF7AB3E0-13E1-4732-9A8E-8F5D70CD8B95} = C:\WINDOWS\system32\ddprop.dll
{511D23E3-4988-47DD-80E2-48F66B4CBAB0} = C:\WINDOWS\system32\csdial32.dll
{DB69803C-92C3-4D06-99C4-9232FB3BEF83} = C:\WINDOWS\system32\ajkctrs.dll
{49FEFDB1-667D-4C3B-9BF0-D458D47FE1DB} = C:\WINDOWS\system32\nimsmgr.dll
{F4AC0A08-760D-4F30-9FF1-7D5C7A93242B} = C:\WINDOWS\system32\izakui.dll
{2690BBCF-FB9D-49F0-846A-8E47D46EF0B1} = C:\WINDOWS\system32\duprop.dll
{0EE9EA1F-16E8-4340-891F-3A5B85BED085} = C:\WINDOWS\system32\ifmontr.dll
{E15D59BE-5519-4C97-A760-E922983F1C72} = C:\WINDOWS\system32\campstui.dll
{D0B56779-6550-4451-BFAE-4B3AEFA3FD16} = C:\WINDOWS\system32\skripto.dll
{A8E31EF8-0433-4312-A5A3-620C04769BA7} = C:\WINDOWS\system32\Atdio3D.dll
{C823762F-0A3B-46F1-892A-C847E5E6B0E1} = C:\WINDOWS\system32\czedui.dll
{0CF6C717-F7C8-4926-A5B9-BF8403EA35BB} = C:\WINDOWS\system32\rLsmontr.dll
{21CDF132-F412-4D2D-90D3-042E94C267AC} = C:\WINDOWS\system32\ozbcbcp.dll
{3ECF167A-1563-4909-9DF9-0DE888D20959} =
{0281BEB4-E698-4943-93B1-3891C4166E2F} = C:\WINDOWS\system32\nlwrstr.dll
{DCC6D617-E8ED-4717-A33E-CC2BE4FCD6A5} =
{6746F7C1-BE96-42DE-89C1-863B776FB62C} = C:\WINDOWS\system32\kmdhu1.dll
{E8F89A29-5B31-4D10-9BD3-C10402FB3446} = C:\WINDOWS\system32\mvrclr40.dll
{F11029C3-4C79-49B7-9A1B-A958E0DD3FE2} =
{2E344936-FD5D-4458-A547-F40AE1855E44} =
{6EDD67EE-A95C-451A-9E73-C39D8FA7AA13} = C:\WINDOWS\system32\mirecr40.dll
{1A33D580-9933-4114-9501-D3D4E0538EFA} =
{4AD6F594-DA07-4BD2-92E1-05033D64711F} = C:\WINDOWS\system32\qpgrprxy.dll
{7DDED1D1-751A-45A0-8372-89B173F90DC6} = C:\WINDOWS\system32\camdlg32.dll
{64BF2778-0BD0-4CD1-BFC4-AD365830123D} = C:\WINDOWS\system32\wthisn.dll
{71383A5D-41AC-4A1F-BFFF-5DFA2AF2BFE3} = C:\WINDOWS\system32\uzrcoina.dll
{6285540C-8513-45C5-A6F3-07666D896DE7} =
{37744D84-C0DD-4960-BD45-98BB667D27A4} = C:\WINDOWS\system32\cqbjmon.dll
{D17BB9E8-8374-453F-AE21-7A36BC80D1E8} =
{98BC8BFE-7460-4ED6-BBDD-4B732F54F461} =
{F4047001-9B3A-43FB-AF68-FFBF2A10F644} = C:\WINDOWS\system32\tCpiperf.dll
{BC0135EF-F8C3-44A8-B271-1B18E4A5718A} = C:\WINDOWS\system32\dgkquoui.dll
{13438E53-73B0-4C81-97A3-E530EAC97B9D} = C:\WINDOWS\system32\ntwrsja.dll
{08587639-59EB-4A42-A51B-8ED3F3488D58} = C:\WINDOWS\system32\malbui.dll
{8FB073E1-2013-4A6C-BADE-E99297183502} =
{5498A2F6-C7D5-4D8D-8635-F361CFCFEA50} = C:\WINDOWS\system32\csbcatex.dll
{2EE4E48C-EA53-4498-A647-5409CEAFACFE} = C:\WINDOWS\system32\chl3d32.dll
{E1A6AC08-C380-4455-86DE-14F9E59FF8C6} = C:\WINDOWS\system32\no4_disp.dll
{F626602E-DC8D-468C-B2BF-E5DED459C412} = C:\WINDOWS\system32\bnowseui.dll
{631AAE12-88EC-44A4-A71F-D7748F3EF44B} = C:\WINDOWS\system32\parfctrs.dll
{0146FA92-D2B2-4A07-B57B-5790E1A98EC6} = C:\WINDOWS\system32\mywebdvd.dll
{46B5EDE5-9137-4E10-9B23-6F2D9368A4CC} = C:\WINDOWS\system32\darawex.dll
{615D6D96-0FBB-421D-B5D7-6C38DD451040} = C:\WINDOWS\system32\nkrspl.dll
{319E7900-35C3-4275-9F56-20D8A01BC692} = C:\WINDOWS\system32\rDcpldlg.dll
{BF5F649B-B12A-4A9A-8C8E-12F7C4EC2C9D} = C:\WINDOWS\system32\mIpi32.dll
{90C42B07-D62E-4701-ADC7-5D6158A92198} = C:\WINDOWS\system32\rLsrad.dll
{05D5FE58-DA80-447C-A4B4-4CE473CE376F} = C:\WINDOWS\system32\dsscript.dll
{C21C5A85-3F70-4483-91F0-1BC4EEC5CF51} = C:\WINDOWS\system32\axstream.dll
{1F0C1556-FF5D-445A-B8D1-1860149D12CC} = C:\WINDOWS\system32\dtsetup.dll
{C7B382C3-5DA5-4A23-BD64-C54F8A2FA061} = C:\WINDOWS\system32\rgfsaps.dll
{A8231D82-FBFE-4009-8727-5EBA496FE52A} = C:\WINDOWS\system32\dtband.dll
{53CF4A16-0BBA-467D-BE76-DF8A6E6D3D32} = C:\WINDOWS\system32\iqakeng.dll
{1DACBDC7-7C5A-4D51-9375-CB70E6E598FB} = C:\WINDOWS\system32\nnshell.dll
{0EDC4BAD-8D95-4F6D-B3C4-19372D11C0E6} = C:\WINDOWS\system32\wupshell.dll
{76549A51-EA35-4F5E-9878-F31567C773A7} =
{75F02086-84AC-44CB-83C7-1CCB7B8C2931} = C:\WINDOWS\system32\pcbase.dll
{14152C67-3A60-4A33-AD04-9855897E0ADD} = C:\WINDOWS\system32\MnPMSNSv.dll
{F7621966-0EA7-46D0-B140-BABABE2143AB} = C:\WINDOWS\system32\dfcpmon.dll
{9F0B7260-1A73-4A19-8DCE-8A122CA2B1BC} = C:\WINDOWS\system32\dJdramp.dll
{27BD3753-B2EE-433C-A832-BBF161311127} = C:\WINDOWS\system32\kudgr1.dll
{F42FAF77-FE2F-4E88-9216-5FF776DF3A6D} = C:\WINDOWS\system32\dl32gt.dll
{6B758944-80B8-427C-8FD2-006D2248D7C1} = C:\WINDOWS\system32\mvdtctm.dll
{991F27DE-36BC-469D-87C7-E4F6693AD26D} = C:\WINDOWS\system32\polmon.dll
{ED92A259-CAF4-48FF-923D-2572F4B0905C} = C:\WINDOWS\system32\ikrtprio.dll
{177B457E-97B3-4F66-9343-96951619818B} = C:\WINDOWS\system32\sgfolder.dll
{E7AA1ED7-8CC9-4CDD-98C8-B97B91D50115} = C:\WINDOWS\system32\auusosdnt.dll
{7F59ADB7-7516-4FB7-A57C-354C06159338} = C:\WINDOWS\system32\tHpi32.dll
{5175F771-F3D1-400C-8BBC-B71AC8EAF51D} = C:\WINDOWS\system32\rucdll.dll
{35F0F677-087A-4A3B-AD78-253D1383641C} = C:\WINDOWS\system32\ozpdx32.dll
{113BC25E-0BC6-480C-BFC3-D9D2DB114B78} = C:\WINDOWS\system32\EjnClass.Dll
{98846BA4-8A39-4DD3-8E49-859465CF3A26} = C:\WINDOWS\system32\uzbmon.dll
{B0DFFB4C-450F-4F41-B57B-59709CD4644F} = C:\WINDOWS\system32\mbrapi.dll
{9F85312D-CEED-4A87-B481-B4C3D05FE604} = C:\WINDOWS\system32\cCbview.dll
{155C783D-AFBF-4790-9AB1-5DECB94F9305} = C:\WINDOWS\system32\lewmf11n.dll
{AB30D9D2-E03C-4AAC-9348-A468A7CF465C} =
{3B1D6C38-0234-4767-B5DD-31E36FC94F02} = C:\WINDOWS\system32\tzpmonui.dll
{A1A8C3D6-4EB5-468D-AB71-A630002693A3} =
{A9B5F71C-299A-429C-A308-B19597A32B46} = C:\WINDOWS\system32\nqrsfi.dll
{9FEFB84A-CE79-4AF3-B180-16DAB27154FF} = C:\WINDOWS\system32\mkrecr40.dll
{CE962CEC-DAB8-44E3-84E6-99D7E6E2E36D} = C:\WINDOWS\system32\obbc32.dll
{878D0658-B0BD-4411-A1E1-6F5CDD4015F2} = C:\WINDOWS\system32\okeprn.dll
{8A1BA3EE-C7DE-49BC-A75B-F35AF3760145} = C:\WINDOWS\system32\dzcdll.dll
{5DAEF4CD-155D-40FC-9A12-BA9FF892D036} = C:\WINDOWS\system32\tkntsvrp.dll
{D09E6400-13AF-4D93-81CB-C3B19074C9CD} = C:\WINDOWS\system32\tdpmib.dll
{4F6A7BD9-788E-474C-BC5B-01F3D4DEB943} = C:\WINDOWS\system32\sstupdll.dll
{B39EF780-9E50-4D4E-9BE9-502D1EA9B8B6} = C:\WINDOWS\system32\MHWMDM.dll
{85640F87-5ECA-4AEB-AE57-CDED22E38429} = C:\WINDOWS\system32\cnnsole.dll
{CFF195B5-7640-4F59-9107-41B1C24AC1CC} = C:\WINDOWS\system32\nxrszht.dll
{53E3715B-3C3A-447F-9CE0-62548D6A7E4D} = C:\WINDOWS\system32\dEdramp.dll
{51A40F4C-CAAD-4492-934B-E349A4F24E76} = C:\WINDOWS\system32\ipcvid.dll
{DA81D6E4-FB95-463B-B04B-9CA0F78A1EEE} = C:\WINDOWS\system32\mmtime.dll
{BB561A49-ABAE-48A9-A1A6-DE289EFE7D1C} = C:\WINDOWS\system32\ueimdmat.dll
{A44E62EF-8422-4796-AEBF-05159A834C11} = C:\WINDOWS\system32\mrvidctl.dll
{59988A25-854D-4B8B-AAE1-DC52966CB8F0} = C:\WINDOWS\system32\wbaueng.dll
{6D2514CF-3BD0-42BA-98E0-751624B962E5} = C:\WINDOWS\system32\sorialui.dll
{73D15C13-68CD-46AB-8085-D36D8E38FBD0} =
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AJC
{5071CDA5-D3E1-11D5-BFC0-005004A71005} = C:\Program Files\Advanced JPEG Compressor\ContextMenuExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{51085E3D-A958-42A2-A6BE-A6A9B0BAF276}
ButtonText = BT Yahoo! Sidebar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SpeedTouch USB Diagnostics "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
anvshell anvshell.exe
WinampAgent C:\Program Files\Winamp\winampa.exe
NeroFilterCheck C:\WINDOWS\System32\NeroCheck.exe
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
DAEMON Tools "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
Yahoo! Pager "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallpaper 0
NoComponents 0
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoHTMLWallPaper 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
ClassicShell 0
ForceActiveDesktopOn 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 13/03/2006 20:38:42
Spysweeper log
********
19:55: | Start of Session, 13 March 2006 |
19:55: Spy Sweeper started
19:55: Sweep initiated using definitions version 630
19:55: Starting Memory Sweep
19:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
19:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
19:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
19:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
19:56: Found Adware: icannnews
19:56: Detected running threat: C:\WINDOWS\system32\fplo0333e.dll (ID = 83)
19:58: Detected running threat: C:\WINDOWS\system32\pFqsp.dll (ID = 83)
19:58: Memory Sweep Complete, Elapsed Time: 00:03:21
19:58: Starting Registry Sweep
19:59: Found Adware: purityscan
19:59: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137986)
19:59: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
19:59: Found Trojan Horse: trojan agent winlogonhook
19:59: HKLM\software\microsoft\mssmgr\ (4 subtraces) (ID = 937101)
19:59: Found Adware: accona toolbar accoona.com hijack
19:59: HKU\WRSS_Profile_S-1-5-21-1960408961-1708537768-725345543-500\software\microsoft\internet explorer\searchurl\ || @ (ID = 955002)
19:59: Registry Sweep Complete, Elapsed Time:00:00:27
19:59: Starting Cookie Sweep
19:59: Cookie Sweep Complete, Elapsed Time: 00:00:00
19:59: Starting File Sweep
20:01: Found Trojan Horse: trojan-dh
20:01: dh9013.exe (ID = 208497)
20:04: Found Adware: look2me
20:04: pfqsp.dll (ID = 159)
20:04: fplo0333e.dll (ID = 159)
20:07: Found Adware: spysheriff fakealert
20:07: secure32.html (ID = 184319)
20:07: n46q0ej5eho.dll (ID = 159)
20:08: guard.tmp (ID = 159)
20:09: File Sweep Complete, Elapsed Time: 00:10:38
20:09: Full Sweep has completed. Elapsed time 00:14:33
20:09: Traces Found: 18
20:17: Removal process initiated
20:18: Quarantining All Traces: icannnews
20:18: icannnews is in use. It will be removed on reboot.
20:18: C:\WINDOWS\system32\fplo0333e.dll is in use. It will be removed on reboot.
20:18: C:\WINDOWS\system32\pFqsp.dll is in use. It will be removed on reboot.
20:18: Quarantining All Traces: look2me
20:18: look2me is in use. It will be removed on reboot.
20:18: pfqsp.dll is in use. It will be removed on reboot.
20:18: fplo0333e.dll is in use. It will be removed on reboot.
20:18: n46q0ej5eho.dll is in use. It will be removed on reboot.
20:18: Quarantining All Traces: purityscan
20:18: Quarantining All Traces: spysheriff fakealert
20:18: Quarantining All Traces: trojan agent winlogonhook
20:18: Quarantining All Traces: trojan-dh
20:18: Quarantining All Traces: accona toolbar accoona.com hijack
20:18: Warning: Launched explorer.exe
20:18: Warning: Quarantine process could not restart Explorer.
20:20: Preparing to restart your computer. Please wait...
20:20: Removal process completed. Elapsed time 00:02:54
21:24: Updating spyware definitions
21:24: Your spyware definitions have been updated.
********
19:54: | Start of Session, 13 March 2006 |
19:54: Spy Sweeper started
19:54: Warning: Access is denied
19:55: Your spyware definitions have been updated.
19:55: | End of Session, 13 March 2006 |
ewido log
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 22:01:44, 13/03/2006
+ Report-Checksum: F3B7A0F3
+ Scan result:
C:\Documents and Settings\Jamie Griffiths\Cookies\jamie griffiths@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Jamie Griffiths\Cookies\jamie griffiths@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
::Report End
|
Similar Threads
- Internet explorer pop up blocker doesnt work (Web Browsers)
- Comments about browser window spam issues (Viruses, Spyware and other Nasties)
- Browser pops up with /yyy34.html (Viruses, Spyware and other Nasties)
- Browser Windows Keep Opening and Won´t Stop (HT Log included) (Viruses, Spyware and other Nasties)
- Help with printing mulitple documents in js...! (HTML and CSS)
- comp forces links to open in IE (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: My computer is having some problems!
- Next Thread: New laptop coming...what should I install?
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
