ok i'll try that tomorrow afternoon, thanks for replying!

ok, i've done all what you have said and heres the logs:

New HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 21:18:32, on 13/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\Jamie Griffiths\Desktop\hijackthis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetHelp.lnk = C:\Program Files\BTopenworld NetHelp\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF7F3482-AE63-4E26-ABE7-5CDE0A4104C2}: NameServer = 194.74.65.68 194.72.9.34
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

WinPfind Log

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
FSG! 25/01/2006 18:40:54 32317 C:\WINDOWS\country.exe

Checking %System% folder...
aspack 18/03/2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 26/05/2005 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
aspack 22/07/2005 19:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
aspack 05/12/2005 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll
PEC2 23/08/2001 12:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
Umonitor 23/08/2001 12:00:00 630784 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 23/08/2001 12:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 25/01/2006 19:15:38 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 25/01/2006 19:15:38 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 25/01/2006 19:15:38 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 25/01/2006 19:15:38 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 05/11/2004 11:39:08 82148 C:\WINDOWS\SYSTEM32\drivers\VcommMgr.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
13/03/2006 20:31:32 S 2048 C:\WINDOWS\bootstat.dat
12/03/2006 23:42:38 S 64 C:\WINDOWS\CSC\00000001
12/03/2006 23:40:00 S 64 C:\WINDOWS\CSC\00000002
13/03/2006 20:31:54 H 20480 C:\WINDOWS\system32\config\default.LOG
13/03/2006 20:31:48 H 1024 C:\WINDOWS\system32\config\SAM.LOG
13/03/2006 20:31:34 H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
13/03/2006 20:32:46 H 86016 C:\WINDOWS\system32\config\software.LOG
13/03/2006 20:31:32 H 815104 C:\WINDOWS\system32\config\system.LOG
13/03/2006 20:19:02 HS 184 C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures\Desktop.ini
13/03/2006 20:29:56 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 23/08/2001 12:00:00 66048 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 23/08/2001 12:00:00 558592 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 23/08/2001 12:00:00 130048 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 23/08/2001 12:00:00 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 29/08/2002 07:14:40 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 23/08/2001 12:00:00 119808 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 17/08/2001 22:37:02 48128 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 29/08/2002 03:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 13/04/2005 03:48:52 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 23/08/2001 12:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 23/08/2001 12:00:00 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 23/08/2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 23/08/2001 12:00:00 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 09/07/2004 10:02:00 R 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 23/08/2001 12:00:00 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 23/08/2001 12:00:00 270848 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 23/08/2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 23/08/2001 12:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 23/08/2001 12:00:00 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 23/08/2001 12:00:00 558592 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 23/08/2001 12:00:00 130048 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 23/08/2001 12:00:00 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 29/08/2002 07:14:40 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 23/08/2001 12:00:00 119808 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 29/08/2002 03:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 23/08/2001 12:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 23/08/2001 12:00:00 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 23/08/2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 23/08/2001 12:00:00 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 23/08/2001 12:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 23/08/2001 12:00:00 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 23/08/2001 12:00:00 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 23/08/2001 12:00:00 270848 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 23/08/2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 23/08/2001 12:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Socket Communications Inc. 20/01/2005 02:11:46 R 73728 C:\WINDOWS\SYSTEM32\drivers\SCBaud.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
08/01/2006 13:50:28 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
07/02/2006 21:25:06 1593 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
02/01/2006 22:10:52 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
03/01/2006 17:11:50 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
02/01/2006 22:51:06 1729 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetHelp.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
02/01/2006 21:58:32 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
04/01/2006 20:15:02 988 C:\Documents and Settings\Jamie Griffiths\Start Menu\Programs\Startup\Adobe Gamma.lnk
02/01/2006 22:10:52 HS 84 C:\Documents and Settings\Jamie Griffiths\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
08/01/2006 13:09:08 1688 C:\Documents and Settings\Jamie Griffiths\Application Data\AdobeDLM.log
02/01/2006 21:58:32 HS 62 C:\Documents and Settings\Jamie Griffiths\Application Data\desktop.ini
08/01/2006 13:09:08 0 C:\Documents and Settings\Jamie Griffiths\Application Data\dm.ini
15/01/2006 15:53:38 19552 C:\Documents and Settings\Jamie Griffiths\Application Data\GDIPFONTCACHEV1.DAT
25/01/2006 18:42:28 2140819 C:\Documents and Settings\Jamie Griffiths\Application Data\Install.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
BT Openworld BB = IEAK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{5DD59684-E870-4C87-AF01-4B091F8C63C7} = C:\WINDOWS\system32\lfcmgr10.dll
{A75F5C24-C46D-4BD3-86AF-560646B1D56E} =
{AB21BF63-D333-4642-A8ED-EE34420F9F09} = C:\WINDOWS\system32\nowrsit.dll
{7AE2066D-14DC-4F31-9993-18852214CBDB} =
{A75198B7-6129-4A20-9D82-2615BA5C8A4B} =
{E6E5907A-775C-48A4-8CF6-719CF456B748} = C:\WINDOWS\system32\wjploc.dll
{CF7AB3E0-13E1-4732-9A8E-8F5D70CD8B95} = C:\WINDOWS\system32\ddprop.dll
{511D23E3-4988-47DD-80E2-48F66B4CBAB0} = C:\WINDOWS\system32\csdial32.dll
{DB69803C-92C3-4D06-99C4-9232FB3BEF83} = C:\WINDOWS\system32\ajkctrs.dll
{49FEFDB1-667D-4C3B-9BF0-D458D47FE1DB} = C:\WINDOWS\system32\nimsmgr.dll
{F4AC0A08-760D-4F30-9FF1-7D5C7A93242B} = C:\WINDOWS\system32\izakui.dll
{2690BBCF-FB9D-49F0-846A-8E47D46EF0B1} = C:\WINDOWS\system32\duprop.dll
{0EE9EA1F-16E8-4340-891F-3A5B85BED085} = C:\WINDOWS\system32\ifmontr.dll
{E15D59BE-5519-4C97-A760-E922983F1C72} = C:\WINDOWS\system32\campstui.dll
{D0B56779-6550-4451-BFAE-4B3AEFA3FD16} = C:\WINDOWS\system32\skripto.dll
{A8E31EF8-0433-4312-A5A3-620C04769BA7} = C:\WINDOWS\system32\Atdio3D.dll
{C823762F-0A3B-46F1-892A-C847E5E6B0E1} = C:\WINDOWS\system32\czedui.dll
{0CF6C717-F7C8-4926-A5B9-BF8403EA35BB} = C:\WINDOWS\system32\rLsmontr.dll
{21CDF132-F412-4D2D-90D3-042E94C267AC} = C:\WINDOWS\system32\ozbcbcp.dll
{3ECF167A-1563-4909-9DF9-0DE888D20959} =
{0281BEB4-E698-4943-93B1-3891C4166E2F} = C:\WINDOWS\system32\nlwrstr.dll
{DCC6D617-E8ED-4717-A33E-CC2BE4FCD6A5} =
{6746F7C1-BE96-42DE-89C1-863B776FB62C} = C:\WINDOWS\system32\kmdhu1.dll
{E8F89A29-5B31-4D10-9BD3-C10402FB3446} = C:\WINDOWS\system32\mvrclr40.dll
{F11029C3-4C79-49B7-9A1B-A958E0DD3FE2} =
{2E344936-FD5D-4458-A547-F40AE1855E44} =
{6EDD67EE-A95C-451A-9E73-C39D8FA7AA13} = C:\WINDOWS\system32\mirecr40.dll
{1A33D580-9933-4114-9501-D3D4E0538EFA} =
{4AD6F594-DA07-4BD2-92E1-05033D64711F} = C:\WINDOWS\system32\qpgrprxy.dll
{7DDED1D1-751A-45A0-8372-89B173F90DC6} = C:\WINDOWS\system32\camdlg32.dll
{64BF2778-0BD0-4CD1-BFC4-AD365830123D} = C:\WINDOWS\system32\wthisn.dll
{71383A5D-41AC-4A1F-BFFF-5DFA2AF2BFE3} = C:\WINDOWS\system32\uzrcoina.dll
{6285540C-8513-45C5-A6F3-07666D896DE7} =
{37744D84-C0DD-4960-BD45-98BB667D27A4} = C:\WINDOWS\system32\cqbjmon.dll
{D17BB9E8-8374-453F-AE21-7A36BC80D1E8} =
{98BC8BFE-7460-4ED6-BBDD-4B732F54F461} =
{F4047001-9B3A-43FB-AF68-FFBF2A10F644} = C:\WINDOWS\system32\tCpiperf.dll
{BC0135EF-F8C3-44A8-B271-1B18E4A5718A} = C:\WINDOWS\system32\dgkquoui.dll
{13438E53-73B0-4C81-97A3-E530EAC97B9D} = C:\WINDOWS\system32\ntwrsja.dll
{08587639-59EB-4A42-A51B-8ED3F3488D58} = C:\WINDOWS\system32\malbui.dll
{8FB073E1-2013-4A6C-BADE-E99297183502} =
{5498A2F6-C7D5-4D8D-8635-F361CFCFEA50} = C:\WINDOWS\system32\csbcatex.dll
{2EE4E48C-EA53-4498-A647-5409CEAFACFE} = C:\WINDOWS\system32\chl3d32.dll
{E1A6AC08-C380-4455-86DE-14F9E59FF8C6} = C:\WINDOWS\system32\no4_disp.dll
{F626602E-DC8D-468C-B2BF-E5DED459C412} = C:\WINDOWS\system32\bnowseui.dll
{631AAE12-88EC-44A4-A71F-D7748F3EF44B} = C:\WINDOWS\system32\parfctrs.dll
{0146FA92-D2B2-4A07-B57B-5790E1A98EC6} = C:\WINDOWS\system32\mywebdvd.dll
{46B5EDE5-9137-4E10-9B23-6F2D9368A4CC} = C:\WINDOWS\system32\darawex.dll
{615D6D96-0FBB-421D-B5D7-6C38DD451040} = C:\WINDOWS\system32\nkrspl.dll
{319E7900-35C3-4275-9F56-20D8A01BC692} = C:\WINDOWS\system32\rDcpldlg.dll
{BF5F649B-B12A-4A9A-8C8E-12F7C4EC2C9D} = C:\WINDOWS\system32\mIpi32.dll
{90C42B07-D62E-4701-ADC7-5D6158A92198} = C:\WINDOWS\system32\rLsrad.dll
{05D5FE58-DA80-447C-A4B4-4CE473CE376F} = C:\WINDOWS\system32\dsscript.dll
{C21C5A85-3F70-4483-91F0-1BC4EEC5CF51} = C:\WINDOWS\system32\axstream.dll
{1F0C1556-FF5D-445A-B8D1-1860149D12CC} = C:\WINDOWS\system32\dtsetup.dll
{C7B382C3-5DA5-4A23-BD64-C54F8A2FA061} = C:\WINDOWS\system32\rgfsaps.dll
{A8231D82-FBFE-4009-8727-5EBA496FE52A} = C:\WINDOWS\system32\dtband.dll
{53CF4A16-0BBA-467D-BE76-DF8A6E6D3D32} = C:\WINDOWS\system32\iqakeng.dll
{1DACBDC7-7C5A-4D51-9375-CB70E6E598FB} = C:\WINDOWS\system32\nnshell.dll
{0EDC4BAD-8D95-4F6D-B3C4-19372D11C0E6} = C:\WINDOWS\system32\wupshell.dll
{76549A51-EA35-4F5E-9878-F31567C773A7} =
{75F02086-84AC-44CB-83C7-1CCB7B8C2931} = C:\WINDOWS\system32\pcbase.dll
{14152C67-3A60-4A33-AD04-9855897E0ADD} = C:\WINDOWS\system32\MnPMSNSv.dll
{F7621966-0EA7-46D0-B140-BABABE2143AB} = C:\WINDOWS\system32\dfcpmon.dll
{9F0B7260-1A73-4A19-8DCE-8A122CA2B1BC} = C:\WINDOWS\system32\dJdramp.dll
{27BD3753-B2EE-433C-A832-BBF161311127} = C:\WINDOWS\system32\kudgr1.dll
{F42FAF77-FE2F-4E88-9216-5FF776DF3A6D} = C:\WINDOWS\system32\dl32gt.dll
{6B758944-80B8-427C-8FD2-006D2248D7C1} = C:\WINDOWS\system32\mvdtctm.dll
{991F27DE-36BC-469D-87C7-E4F6693AD26D} = C:\WINDOWS\system32\polmon.dll
{ED92A259-CAF4-48FF-923D-2572F4B0905C} = C:\WINDOWS\system32\ikrtprio.dll
{177B457E-97B3-4F66-9343-96951619818B} = C:\WINDOWS\system32\sgfolder.dll
{E7AA1ED7-8CC9-4CDD-98C8-B97B91D50115} = C:\WINDOWS\system32\auusosdnt.dll
{7F59ADB7-7516-4FB7-A57C-354C06159338} = C:\WINDOWS\system32\tHpi32.dll
{5175F771-F3D1-400C-8BBC-B71AC8EAF51D} = C:\WINDOWS\system32\rucdll.dll
{35F0F677-087A-4A3B-AD78-253D1383641C} = C:\WINDOWS\system32\ozpdx32.dll
{113BC25E-0BC6-480C-BFC3-D9D2DB114B78} = C:\WINDOWS\system32\EjnClass.Dll
{98846BA4-8A39-4DD3-8E49-859465CF3A26} = C:\WINDOWS\system32\uzbmon.dll
{B0DFFB4C-450F-4F41-B57B-59709CD4644F} = C:\WINDOWS\system32\mbrapi.dll
{9F85312D-CEED-4A87-B481-B4C3D05FE604} = C:\WINDOWS\system32\cCbview.dll
{155C783D-AFBF-4790-9AB1-5DECB94F9305} = C:\WINDOWS\system32\lewmf11n.dll
{AB30D9D2-E03C-4AAC-9348-A468A7CF465C} =
{3B1D6C38-0234-4767-B5DD-31E36FC94F02} = C:\WINDOWS\system32\tzpmonui.dll
{A1A8C3D6-4EB5-468D-AB71-A630002693A3} =
{A9B5F71C-299A-429C-A308-B19597A32B46} = C:\WINDOWS\system32\nqrsfi.dll
{9FEFB84A-CE79-4AF3-B180-16DAB27154FF} = C:\WINDOWS\system32\mkrecr40.dll
{CE962CEC-DAB8-44E3-84E6-99D7E6E2E36D} = C:\WINDOWS\system32\obbc32.dll
{878D0658-B0BD-4411-A1E1-6F5CDD4015F2} = C:\WINDOWS\system32\okeprn.dll
{8A1BA3EE-C7DE-49BC-A75B-F35AF3760145} = C:\WINDOWS\system32\dzcdll.dll
{5DAEF4CD-155D-40FC-9A12-BA9FF892D036} = C:\WINDOWS\system32\tkntsvrp.dll
{D09E6400-13AF-4D93-81CB-C3B19074C9CD} = C:\WINDOWS\system32\tdpmib.dll
{4F6A7BD9-788E-474C-BC5B-01F3D4DEB943} = C:\WINDOWS\system32\sstupdll.dll
{B39EF780-9E50-4D4E-9BE9-502D1EA9B8B6} = C:\WINDOWS\system32\MHWMDM.dll
{85640F87-5ECA-4AEB-AE57-CDED22E38429} = C:\WINDOWS\system32\cnnsole.dll
{CFF195B5-7640-4F59-9107-41B1C24AC1CC} = C:\WINDOWS\system32\nxrszht.dll
{53E3715B-3C3A-447F-9CE0-62548D6A7E4D} = C:\WINDOWS\system32\dEdramp.dll
{51A40F4C-CAAD-4492-934B-E349A4F24E76} = C:\WINDOWS\system32\ipcvid.dll
{DA81D6E4-FB95-463B-B04B-9CA0F78A1EEE} = C:\WINDOWS\system32\mmtime.dll
{BB561A49-ABAE-48A9-A1A6-DE289EFE7D1C} = C:\WINDOWS\system32\ueimdmat.dll
{A44E62EF-8422-4796-AEBF-05159A834C11} = C:\WINDOWS\system32\mrvidctl.dll
{59988A25-854D-4B8B-AAE1-DC52966CB8F0} = C:\WINDOWS\system32\wbaueng.dll
{6D2514CF-3BD0-42BA-98E0-751624B962E5} = C:\WINDOWS\system32\sorialui.dll
{73D15C13-68CD-46AB-8085-D36D8E38FBD0} =

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AJC
{5071CDA5-D3E1-11D5-BFC0-005004A71005} = C:\Program Files\Advanced JPEG Compressor\ContextMenuExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{51085E3D-A958-42A2-A6BE-A6A9B0BAF276}
ButtonText = BT Yahoo! Sidebar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SpeedTouch USB Diagnostics "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
anvshell anvshell.exe
WinampAgent C:\Program Files\Winamp\winampa.exe
NeroFilterCheck C:\WINDOWS\System32\NeroCheck.exe
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
DAEMON Tools "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
ctfmon.exe C:\WINDOWS\System32\ctfmon.exe
Yahoo! Pager "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallpaper 0
NoComponents 0
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoHTMLWallPaper 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
ClassicShell 0
ForceActiveDesktopOn 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 13/03/2006 20:38:42

Spysweeper log

********
19:55: | Start of Session, 13 March 2006 |
19:55: Spy Sweeper started
19:55: Sweep initiated using definitions version 630
19:55: Starting Memory Sweep
19:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
19:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
19:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
19:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
19:56: Found Adware: icannnews
19:56: Detected running threat: C:\WINDOWS\system32\fplo0333e.dll (ID = 83)
19:58: Detected running threat: C:\WINDOWS\system32\pFqsp.dll (ID = 83)
19:58: Memory Sweep Complete, Elapsed Time: 00:03:21
19:58: Starting Registry Sweep
19:59: Found Adware: purityscan
19:59: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137986)
19:59: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
19:59: Found Trojan Horse: trojan agent winlogonhook
19:59: HKLM\software\microsoft\mssmgr\ (4 subtraces) (ID = 937101)
19:59: Found Adware: accona toolbar accoona.com hijack
19:59: HKU\WRSS_Profile_S-1-5-21-1960408961-1708537768-725345543-500\software\microsoft\internet explorer\searchurl\ || @ (ID = 955002)
19:59: Registry Sweep Complete, Elapsed Time:00:00:27
19:59: Starting Cookie Sweep
19:59: Cookie Sweep Complete, Elapsed Time: 00:00:00
19:59: Starting File Sweep
20:01: Found Trojan Horse: trojan-dh
20:01: dh9013.exe (ID = 208497)
20:04: Found Adware: look2me
20:04: pfqsp.dll (ID = 159)
20:04: fplo0333e.dll (ID = 159)
20:07: Found Adware: spysheriff fakealert
20:07: secure32.html (ID = 184319)
20:07: n46q0ej5eho.dll (ID = 159)
20:08: guard.tmp (ID = 159)
20:09: File Sweep Complete, Elapsed Time: 00:10:38
20:09: Full Sweep has completed. Elapsed time 00:14:33
20:09: Traces Found: 18
20:17: Removal process initiated
20:18: Quarantining All Traces: icannnews
20:18: icannnews is in use. It will be removed on reboot.
20:18: C:\WINDOWS\system32\fplo0333e.dll is in use. It will be removed on reboot.
20:18: C:\WINDOWS\system32\pFqsp.dll is in use. It will be removed on reboot.
20:18: Quarantining All Traces: look2me
20:18: look2me is in use. It will be removed on reboot.
20:18: pfqsp.dll is in use. It will be removed on reboot.
20:18: fplo0333e.dll is in use. It will be removed on reboot.
20:18: n46q0ej5eho.dll is in use. It will be removed on reboot.
20:18: Quarantining All Traces: purityscan
20:18: Quarantining All Traces: spysheriff fakealert
20:18: Quarantining All Traces: trojan agent winlogonhook
20:18: Quarantining All Traces: trojan-dh
20:18: Quarantining All Traces: accona toolbar accoona.com hijack
20:18: Warning: Launched explorer.exe
20:18: Warning: Quarantine process could not restart Explorer.
20:20: Preparing to restart your computer. Please wait...
20:20: Removal process completed. Elapsed time 00:02:54
21:24: Updating spyware definitions
21:24: Your spyware definitions have been updated.
********
19:54: | Start of Session, 13 March 2006 |
19:54: Spy Sweeper started
19:54: Warning: Access is denied
19:55: Your spyware definitions have been updated.
19:55: | End of Session, 13 March 2006 |

ewido log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 22:01:44, 13/03/2006
+ Report-Checksum: F3B7A0F3

+ Scan result:

C:\Documents and Settings\Jamie Griffiths\Cookies\jamie [email]griffiths@rotator.adjuggler[1].txt[/email] -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Jamie Griffiths\Cookies\jamie [email]griffiths@www.myaffiliateprogram[1].txt[/email] -> TrackingCookie.Myaffiliateprogram : Cleaned with backup

::Report End

ok, my comp seems to be ok now, thanks all for your help, i've left positive feedback for you all.

cheers again,

Jamie