0

my browser keeps opening up on its own every so often and saying no page to display. i'm also having alot of the same pop ups. i have a pop up blocker which is enabled but isn't stopping the same ones appearing. can anyone help?

my hijackthis log file is pasted below.....

Logfile of HijackThis v1.99.1
Scan saved at 20:37:53, on 09/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\asuskbservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\LSASS.EXE
C:\WINDOWS\SKS~1\javaw.exe
C:\WINDOWS\System32\r?gedit.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JAMIEG~1\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
R3 - URLSearchHook: (no name) - {9A592B60-E8D1-B274-F68E-E13B820722C3} - C:\WINDOWS\System32\fopeipbm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msoff.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Lwra] "C:\WINDOWS\SKS~1\javaw.exe" -vt mt
O4 - HKCU\..\Run: [Qotk] C:\WINDOWS\System32\r?gedit.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetHelp.lnk = C:\Program Files\BTopenworld NetHelp\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Homepage - {8CE3E00A-AA4D-47A5-B422-55E32118AD43} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {961FB8A9-2152-4CEE-920A-02E2D6A778EB} - http://www.bt.com (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF7F3482-AE63-4E26-ABE7-5CDE0A4104C2}: NameServer = 194.74.65.68 194.72.9.34
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\l22slcf71f2.dll
O20 - Winlogon Notify: winild32 - winild32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

thanks in advance!

5
Contributors
12
Replies
15
Views
11 Years
Discussion Span
Last Post by pacian
0

Hi, and welcome to DaniWeb!

To start off you will need to boot windows into safe mode, and configure windows to show hidden filews and folders. To do this follow these instructions.


file 1 Click the Start Button

2 In the Start menu click Control Panel

3 In the Control panel Window click the Folder Options Icon

4 The folder Options Window will now Open

5 Click the View Tab

6 In the view tab window look down the list for a section marked Hidden Files and Folders

7 Enable the option Show Hidden Files and Folders by left clicking the radio button on the left of the option with your mouse. Then uncheck Hide protected operating system files. CLick yes to the dialog.

8 Press the Apply button

9 On the next screen press OK to exit

10 You should now be able to view the hidden files and folders.

------------------------

1. If the computer is running, shut down Windows, and then turn off the power
2. Wait 30 seconds, and then turn the computer on.
3. When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key. The Windows 2000 Advanced Options Menu appears.
4. Ensure that the Safe mode option is selected. In most cases, it is the first item in the list and is selected by default.
5. Press Enter. The computer then begins to start in Safe mode.

Then in safe mode scan again with HJT and put a check next to the following items.


C:\WINDOWS\System32\r?gedit.exe

O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\msoff.exe

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [Qotk] C:\WINDOWS\System32\r?gedit.exe

O9 - Extra button: Homepage - {8CE3E00A-AA4D-47A5-B422-55E32118AD43} - http://bt.yahoo.com (file missing) (HKCU)

O9 - Extra button: BT - {961FB8A9-2152-4CEE-920A-02E2D6A778EB} - http://www.bt.com (file missing) (HKCU)

O17 - HKLM\System\CCS\Services\Tcpip\..\{AF7F3482-AE63-4E26-ABE7-5CDE0A4104C2}: NameServer = 194.74.65.68 194.72.9.34

O20 - Winlogon Notify: winild32 - winild32.dll (file missing)

O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\l22slcf71f2.dll

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Now close All Browsers and choose Fix Checked

Now reset your Web settings
1.On the Tools menu, click Internet Options.

2.Click the Programs tab.

3.Click the Reset Web Settings button.


Then while your still in safe mode. Browse to and delete the following files/folders. (If they exist)

C:\WINDOWS\System32\msoff.exe

C:\WINDOWS\System32\r?gedit.exe

C:\WINDOWS\system32\l22slcf71f2.dll

Then while your still in safe mode delete the following folder. (if it exists)

X:\Documents and Settings\<username>\RavenJoker

where X is your root windows drive (Usally C:\), and username is the user logged on. If not there, do a search for RavenJoker, and if found delete the folder.

-------------------------------------------------------

After all that Empty your recycle bin. Rebbot normally, and post a new log.

-T

0

Hi, I will be out of town for a few days, and will not be able to get back to you until then. But im sure someone else will come along and finish the job.

0

Ya here's some more to fix: Basically, tayspern already mentioned nearly all of them (except for the one O4 I listed). I'm just clarifying to fix everything.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bt.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
R3 - URLSearchHook: (no name) - {9A592B60-E8D1-B274-F68E-E13B820722C3} - C:\WINDOWS\System32\fopeipbm.dll
O4 - HKCU\..\Run: [Lwra] "C:\WINDOWS\SKS~1\javaw.exe" -vt mt

After following tayspern's directions, reboot, and download Ewido and CCleaner (links for both are found in my signature below). After downloading, be sure to update definitons for both. Then, run both programs, and save the Ewido log to place into this thread.

After running both scans, fixing both, reboot the computer again, run HJT, and post a new scan, along with the Ewido scan data.

Thanks.

0

You should please not that you do not want to delete C:\WINDOWS\System32\regedit.exe

Also - this is a Look2Me infection, you will be deleting all week long ;)

Download the following two tools for me

Spysweeper
http://www.ianag.com/files/14/SpySweeperTrialSetup_EN-MajorGeeks.exe

WinPFind
http://www.bleepingcomputer.com/files/winpfind.php
-Follow step 9 here on how to properly run it:
http://wiki.castlecops.com/Vundo_Rootkit_Detection_and_Removal_Procedure

Attach the following logs when you return

New HijackThis log
Spysweeper log
WinPFind log

0

Lol, but I'm sure as hell happy he does too... :D

By the way,, I jus thougt I might mention I like working with 2 other moderators.

Alrite, no more thread-wasting, back to the task on hand.

0

ok, i've done all what you have said and heres the logs:

New HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 21:18:32, on 13/03/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\anvshell.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\BTopenworld NetHelp\bin\mpbtn.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\Jamie Griffiths\Desktop\hijackthis\HijackThis.exe


O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetHelp.lnk = C:\Program Files\BTopenworld NetHelp\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: BT Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra 'Tools' menuitem: BT &Yahoo! Sidebar - {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - C:\Program Files\Yahoo!\browser\ysidebarIE.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF7F3482-AE63-4E26-ABE7-5CDE0A4104C2}: NameServer = 194.74.65.68 194.72.9.34
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


WinPfind Log


WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.


If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build:     Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106


»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»


Checking %SystemDrive% folder...


Checking %ProgramFilesDir% folder...


Checking %WinDir% folder...
FSG!                 25/01/2006 18:40:54         32317      C:\WINDOWS\country.exe


Checking %System% folder...
aspack               18/03/2005 17:19:58         2337488    C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack               26/05/2005 15:34:52         2297552    C:\WINDOWS\SYSTEM32\d3dx9_26.dll
aspack               22/07/2005 19:59:04         2319568    C:\WINDOWS\SYSTEM32\d3dx9_27.dll
aspack               05/12/2005 18:09:18         2323664    C:\WINDOWS\SYSTEM32\d3dx9_28.dll
PEC2                 23/08/2001 12:00:00         41397      C:\WINDOWS\SYSTEM32\dfrg.msc
Umonitor             23/08/2001 12:00:00         630784     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              23/08/2001 12:00:00         1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu


Checking %System%\Drivers folder and sub-folders...
UPX!                 25/01/2006 19:15:38         752608     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG!                 25/01/2006 19:15:38         752608     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2                 25/01/2006 19:15:38         752608     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack               25/01/2006 19:15:38         752608     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2                 05/11/2004 11:39:08         82148      C:\WINDOWS\SYSTEM32\drivers\VcommMgr.sys


Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts127.0.0.1  www.qoologic.com127.0.0.1  www.urllogic.com



Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
13/03/2006 20:31:32       S 2048       C:\WINDOWS\bootstat.dat
12/03/2006 23:42:38       S 64         C:\WINDOWS\CSC\00000001
12/03/2006 23:40:00       S 64         C:\WINDOWS\CSC\00000002
13/03/2006 20:31:54      H  20480      C:\WINDOWS\system32\config\default.LOG
13/03/2006 20:31:48      H  1024       C:\WINDOWS\system32\config\SAM.LOG
13/03/2006 20:31:34      H  12288      C:\WINDOWS\system32\config\SECURITY.LOG
13/03/2006 20:32:46      H  86016      C:\WINDOWS\system32\config\software.LOG
13/03/2006 20:31:32      H  815104     C:\WINDOWS\system32\config\system.LOG
13/03/2006 20:19:02      HS 184        C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures\Desktop.ini
13/03/2006 20:29:56      H  6          C:\WINDOWS\Tasks\SA.DAT


Checking for CPL files...
Microsoft Corporation          23/08/2001 12:00:00         66048      C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation          23/08/2001 12:00:00         558592     C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation          23/08/2001 12:00:00         130048     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          23/08/2001 12:00:00         150016     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          29/08/2002 07:14:40         292352     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          23/08/2001 12:00:00         119808     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          17/08/2001 22:37:02         48128      C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation          29/08/2002 03:41:00         208896     C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc.         13/04/2005 03:48:52         49265      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          23/08/2001 12:00:00         187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          23/08/2001 12:00:00         559616     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          23/08/2001 12:00:00         35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          23/08/2001 12:00:00         256000     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation             09/07/2004 10:02:00     R   73728      C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation          23/08/2001 12:00:00         36864      C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation          23/08/2001 12:00:00         36864      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation          23/08/2001 12:00:00         109056     C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation          23/08/2001 12:00:00         270848     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          23/08/2001 12:00:00         28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          23/08/2001 12:00:00         90112      C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation          23/08/2001 12:00:00         66048      C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation          23/08/2001 12:00:00         558592     C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation          23/08/2001 12:00:00         130048     C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation          23/08/2001 12:00:00         150016     C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation          29/08/2002 07:14:40         292352     C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation          23/08/2001 12:00:00         119808     C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation          29/08/2002 03:41:00         208896     C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation          23/08/2001 12:00:00         187904     C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation          23/08/2001 12:00:00         559616     C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation          23/08/2001 12:00:00         35840      C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation          23/08/2001 12:00:00         256000     C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation          23/08/2001 12:00:00         36864      C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation          23/08/2001 12:00:00         36864      C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation          23/08/2001 12:00:00         109056     C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation          23/08/2001 12:00:00         147456     C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation          23/08/2001 12:00:00         270848     C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation          23/08/2001 12:00:00         28160      C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation          23/08/2001 12:00:00         90112      C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Socket Communications Inc.     20/01/2005 02:11:46     R   73728      C:\WINDOWS\SYSTEM32\drivers\SCBaud.cpl


»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»


Checking files in %ALLUSERSPROFILE%\Startup folder...
08/01/2006 13:50:28         1757       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
07/02/2006 21:25:06         1593       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
02/01/2006 22:10:52      HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
03/01/2006 17:11:50         1730       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
02/01/2006 22:51:06         1729       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetHelp.lnk


Checking files in %ALLUSERSPROFILE%\Application Data folder...
02/01/2006 21:58:32      HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini


Checking files in %USERPROFILE%\Startup folder...
04/01/2006 20:15:02         988        C:\Documents and Settings\Jamie Griffiths\Start Menu\Programs\Startup\Adobe Gamma.lnk
02/01/2006 22:10:52      HS 84         C:\Documents and Settings\Jamie Griffiths\Start Menu\Programs\Startup\desktop.ini


Checking files in %USERPROFILE%\Application Data folder...
08/01/2006 13:09:08         1688       C:\Documents and Settings\Jamie Griffiths\Application Data\AdobeDLM.log
02/01/2006 21:58:32      HS 62         C:\Documents and Settings\Jamie Griffiths\Application Data\desktop.ini
08/01/2006 13:09:08         0          C:\Documents and Settings\Jamie Griffiths\Application Data\dm.ini
15/01/2006 15:53:38         19552      C:\Documents and Settings\Jamie Griffiths\Application Data\GDIPFONTCACHEV1.DAT
25/01/2006 18:42:28         2140819    C:\Documents and Settings\Jamie Griffiths\Application Data\Install.dat


»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
BT Openworld BB  = IEAK


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{5DD59684-E870-4C87-AF01-4B091F8C63C7}   = C:\WINDOWS\system32\lfcmgr10.dll
{A75F5C24-C46D-4BD3-86AF-560646B1D56E}   =
{AB21BF63-D333-4642-A8ED-EE34420F9F09}   = C:\WINDOWS\system32\nowrsit.dll
{7AE2066D-14DC-4F31-9993-18852214CBDB}   =
{A75198B7-6129-4A20-9D82-2615BA5C8A4B}   =
{E6E5907A-775C-48A4-8CF6-719CF456B748}   = C:\WINDOWS\system32\wjploc.dll
{CF7AB3E0-13E1-4732-9A8E-8F5D70CD8B95}   = C:\WINDOWS\system32\ddprop.dll
{511D23E3-4988-47DD-80E2-48F66B4CBAB0}   = C:\WINDOWS\system32\csdial32.dll
{DB69803C-92C3-4D06-99C4-9232FB3BEF83}   = C:\WINDOWS\system32\ajkctrs.dll
{49FEFDB1-667D-4C3B-9BF0-D458D47FE1DB}   = C:\WINDOWS\system32\nimsmgr.dll
{F4AC0A08-760D-4F30-9FF1-7D5C7A93242B}   = C:\WINDOWS\system32\izakui.dll
{2690BBCF-FB9D-49F0-846A-8E47D46EF0B1}   = C:\WINDOWS\system32\duprop.dll
{0EE9EA1F-16E8-4340-891F-3A5B85BED085}   = C:\WINDOWS\system32\ifmontr.dll
{E15D59BE-5519-4C97-A760-E922983F1C72}   = C:\WINDOWS\system32\campstui.dll
{D0B56779-6550-4451-BFAE-4B3AEFA3FD16}   = C:\WINDOWS\system32\skripto.dll
{A8E31EF8-0433-4312-A5A3-620C04769BA7}   = C:\WINDOWS\system32\Atdio3D.dll
{C823762F-0A3B-46F1-892A-C847E5E6B0E1}   = C:\WINDOWS\system32\czedui.dll
{0CF6C717-F7C8-4926-A5B9-BF8403EA35BB}   = C:\WINDOWS\system32\rLsmontr.dll
{21CDF132-F412-4D2D-90D3-042E94C267AC}   = C:\WINDOWS\system32\ozbcbcp.dll
{3ECF167A-1563-4909-9DF9-0DE888D20959}   =
{0281BEB4-E698-4943-93B1-3891C4166E2F}   = C:\WINDOWS\system32\nlwrstr.dll
{DCC6D617-E8ED-4717-A33E-CC2BE4FCD6A5}   =
{6746F7C1-BE96-42DE-89C1-863B776FB62C}   = C:\WINDOWS\system32\kmdhu1.dll
{E8F89A29-5B31-4D10-9BD3-C10402FB3446}   = C:\WINDOWS\system32\mvrclr40.dll
{F11029C3-4C79-49B7-9A1B-A958E0DD3FE2}   =
{2E344936-FD5D-4458-A547-F40AE1855E44}   =
{6EDD67EE-A95C-451A-9E73-C39D8FA7AA13}   = C:\WINDOWS\system32\mirecr40.dll
{1A33D580-9933-4114-9501-D3D4E0538EFA}   =
{4AD6F594-DA07-4BD2-92E1-05033D64711F}   = C:\WINDOWS\system32\qpgrprxy.dll
{7DDED1D1-751A-45A0-8372-89B173F90DC6}   = C:\WINDOWS\system32\camdlg32.dll
{64BF2778-0BD0-4CD1-BFC4-AD365830123D}   = C:\WINDOWS\system32\wthisn.dll
{71383A5D-41AC-4A1F-BFFF-5DFA2AF2BFE3}   = C:\WINDOWS\system32\uzrcoina.dll
{6285540C-8513-45C5-A6F3-07666D896DE7}   =
{37744D84-C0DD-4960-BD45-98BB667D27A4}   = C:\WINDOWS\system32\cqbjmon.dll
{D17BB9E8-8374-453F-AE21-7A36BC80D1E8}   =
{98BC8BFE-7460-4ED6-BBDD-4B732F54F461}   =
{F4047001-9B3A-43FB-AF68-FFBF2A10F644}   = C:\WINDOWS\system32\tCpiperf.dll
{BC0135EF-F8C3-44A8-B271-1B18E4A5718A}   = C:\WINDOWS\system32\dgkquoui.dll
{13438E53-73B0-4C81-97A3-E530EAC97B9D}   = C:\WINDOWS\system32\ntwrsja.dll
{08587639-59EB-4A42-A51B-8ED3F3488D58}   = C:\WINDOWS\system32\malbui.dll
{8FB073E1-2013-4A6C-BADE-E99297183502}   =
{5498A2F6-C7D5-4D8D-8635-F361CFCFEA50}   = C:\WINDOWS\system32\csbcatex.dll
{2EE4E48C-EA53-4498-A647-5409CEAFACFE}   = C:\WINDOWS\system32\chl3d32.dll
{E1A6AC08-C380-4455-86DE-14F9E59FF8C6}   = C:\WINDOWS\system32\no4_disp.dll
{F626602E-DC8D-468C-B2BF-E5DED459C412}   = C:\WINDOWS\system32\bnowseui.dll
{631AAE12-88EC-44A4-A71F-D7748F3EF44B}   = C:\WINDOWS\system32\parfctrs.dll
{0146FA92-D2B2-4A07-B57B-5790E1A98EC6}   = C:\WINDOWS\system32\mywebdvd.dll
{46B5EDE5-9137-4E10-9B23-6F2D9368A4CC}   = C:\WINDOWS\system32\darawex.dll
{615D6D96-0FBB-421D-B5D7-6C38DD451040}   = C:\WINDOWS\system32\nkrspl.dll
{319E7900-35C3-4275-9F56-20D8A01BC692}   = C:\WINDOWS\system32\rDcpldlg.dll
{BF5F649B-B12A-4A9A-8C8E-12F7C4EC2C9D}   = C:\WINDOWS\system32\mIpi32.dll
{90C42B07-D62E-4701-ADC7-5D6158A92198}   = C:\WINDOWS\system32\rLsrad.dll
{05D5FE58-DA80-447C-A4B4-4CE473CE376F}   = C:\WINDOWS\system32\dsscript.dll
{C21C5A85-3F70-4483-91F0-1BC4EEC5CF51}   = C:\WINDOWS\system32\axstream.dll
{1F0C1556-FF5D-445A-B8D1-1860149D12CC}   = C:\WINDOWS\system32\dtsetup.dll
{C7B382C3-5DA5-4A23-BD64-C54F8A2FA061}   = C:\WINDOWS\system32\rgfsaps.dll
{A8231D82-FBFE-4009-8727-5EBA496FE52A}   = C:\WINDOWS\system32\dtband.dll
{53CF4A16-0BBA-467D-BE76-DF8A6E6D3D32}   = C:\WINDOWS\system32\iqakeng.dll
{1DACBDC7-7C5A-4D51-9375-CB70E6E598FB}   = C:\WINDOWS\system32\nnshell.dll
{0EDC4BAD-8D95-4F6D-B3C4-19372D11C0E6}   = C:\WINDOWS\system32\wupshell.dll
{76549A51-EA35-4F5E-9878-F31567C773A7}   =
{75F02086-84AC-44CB-83C7-1CCB7B8C2931}   = C:\WINDOWS\system32\pcbase.dll
{14152C67-3A60-4A33-AD04-9855897E0ADD}   = C:\WINDOWS\system32\MnPMSNSv.dll
{F7621966-0EA7-46D0-B140-BABABE2143AB}   = C:\WINDOWS\system32\dfcpmon.dll
{9F0B7260-1A73-4A19-8DCE-8A122CA2B1BC}   = C:\WINDOWS\system32\dJdramp.dll
{27BD3753-B2EE-433C-A832-BBF161311127}   = C:\WINDOWS\system32\kudgr1.dll
{F42FAF77-FE2F-4E88-9216-5FF776DF3A6D}   = C:\WINDOWS\system32\dl32gt.dll
{6B758944-80B8-427C-8FD2-006D2248D7C1}   = C:\WINDOWS\system32\mvdtctm.dll
{991F27DE-36BC-469D-87C7-E4F6693AD26D}   = C:\WINDOWS\system32\polmon.dll
{ED92A259-CAF4-48FF-923D-2572F4B0905C}   = C:\WINDOWS\system32\ikrtprio.dll
{177B457E-97B3-4F66-9343-96951619818B}   = C:\WINDOWS\system32\sgfolder.dll
{E7AA1ED7-8CC9-4CDD-98C8-B97B91D50115}   = C:\WINDOWS\system32\auusosdnt.dll
{7F59ADB7-7516-4FB7-A57C-354C06159338}   = C:\WINDOWS\system32\tHpi32.dll
{5175F771-F3D1-400C-8BBC-B71AC8EAF51D}   = C:\WINDOWS\system32\rucdll.dll
{35F0F677-087A-4A3B-AD78-253D1383641C}   = C:\WINDOWS\system32\ozpdx32.dll
{113BC25E-0BC6-480C-BFC3-D9D2DB114B78}   = C:\WINDOWS\system32\EjnClass.Dll
{98846BA4-8A39-4DD3-8E49-859465CF3A26}   = C:\WINDOWS\system32\uzbmon.dll
{B0DFFB4C-450F-4F41-B57B-59709CD4644F}   = C:\WINDOWS\system32\mbrapi.dll
{9F85312D-CEED-4A87-B481-B4C3D05FE604}   = C:\WINDOWS\system32\cCbview.dll
{155C783D-AFBF-4790-9AB1-5DECB94F9305}   = C:\WINDOWS\system32\lewmf11n.dll
{AB30D9D2-E03C-4AAC-9348-A468A7CF465C}   =
{3B1D6C38-0234-4767-B5DD-31E36FC94F02}   = C:\WINDOWS\system32\tzpmonui.dll
{A1A8C3D6-4EB5-468D-AB71-A630002693A3}   =
{A9B5F71C-299A-429C-A308-B19597A32B46}   = C:\WINDOWS\system32\nqrsfi.dll
{9FEFB84A-CE79-4AF3-B180-16DAB27154FF}   = C:\WINDOWS\system32\mkrecr40.dll
{CE962CEC-DAB8-44E3-84E6-99D7E6E2E36D}   = C:\WINDOWS\system32\obbc32.dll
{878D0658-B0BD-4411-A1E1-6F5CDD4015F2}   = C:\WINDOWS\system32\okeprn.dll
{8A1BA3EE-C7DE-49BC-A75B-F35AF3760145}   = C:\WINDOWS\system32\dzcdll.dll
{5DAEF4CD-155D-40FC-9A12-BA9FF892D036}   = C:\WINDOWS\system32\tkntsvrp.dll
{D09E6400-13AF-4D93-81CB-C3B19074C9CD}   = C:\WINDOWS\system32\tdpmib.dll
{4F6A7BD9-788E-474C-BC5B-01F3D4DEB943}   = C:\WINDOWS\system32\sstupdll.dll
{B39EF780-9E50-4D4E-9BE9-502D1EA9B8B6}   = C:\WINDOWS\system32\MHWMDM.dll
{85640F87-5ECA-4AEB-AE57-CDED22E38429}   = C:\WINDOWS\system32\cnnsole.dll
{CFF195B5-7640-4F59-9107-41B1C24AC1CC}   = C:\WINDOWS\system32\nxrszht.dll
{53E3715B-3C3A-447F-9CE0-62548D6A7E4D}   = C:\WINDOWS\system32\dEdramp.dll
{51A40F4C-CAAD-4492-934B-E349A4F24E76}   = C:\WINDOWS\system32\ipcvid.dll
{DA81D6E4-FB95-463B-B04B-9CA0F78A1EEE}   = C:\WINDOWS\system32\mmtime.dll
{BB561A49-ABAE-48A9-A1A6-DE289EFE7D1C}   = C:\WINDOWS\system32\ueimdmat.dll
{A44E62EF-8422-4796-AEBF-05159A834C11}   = C:\WINDOWS\system32\mrvidctl.dll
{59988A25-854D-4B8B-AAE1-DC52966CB8F0}   = C:\WINDOWS\system32\wbaueng.dll
{6D2514CF-3BD0-42BA-98E0-751624B962E5}   = C:\WINDOWS\system32\sorialui.dll
{73D15C13-68CD-46AB-8085-D36D8E38FBD0}   =


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]


[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AJC
{5071CDA5-D3E1-11D5-BFC0-005004A71005}   = C:\Program Files\Advanced JPEG Compressor\ContextMenuExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}   = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}   = C:\Program Files\ewido anti-malware\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}   = C:\Program Files\Yahoo!\common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin   = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}   = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B}   = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}   = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}   = C:\Program Files\ewido anti-malware\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}   = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}   = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}   = C:\Program Files\WinRAR\rarext.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll


[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467}   = &Radio   : C:\WINDOWS\System32\msdxm.ocx
{EF99BD32-C1FB-11D2-892F-0090271D4F88}   = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{51085E3D-A958-42A2-A6BE-A6A9B0BAF276}
ButtonText   = BT Yahoo! Sidebar    :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText   = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion   : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SpeedTouch USB Diagnostics  "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz    nwiz.exe /install
anvshell    anvshell.exe
WinampAgent C:\Program Files\Winamp\winampa.exe
NeroFilterCheck C:\WINDOWS\System32\NeroCheck.exe
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
SunJavaUpdateSched  C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
DAEMON Tools    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
SpySweeper  "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL   Installed = 1
MAPI    Installed = 1
MSFS    Installed = 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS  "C:\Program Files\Messenger\msmsgs.exe" /background
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}    "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
ctfmon.exe  C:\WINDOWS\System32\ctfmon.exe
Yahoo! Pager    "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon    1
undockwithoutlogon  1



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallpaper 0
NoComponents    0
NoAddingComponents  0
NoDeletingComponents    0
NoEditingComponents 0
NoHTMLWallPaper 1


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun  145
NoActiveDesktop 0
ClassicShell    0
ForceActiveDesktopOn    0


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder                {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn                          {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray                         {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit    = C:\WINDOWS\system32\userinit.exe,
Shell       = Explorer.exe
System      =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs



»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 13/03/2006 20:38:42


Spysweeper log


********
19:55: |       Start of Session, 13 March 2006       |
19:55: Spy Sweeper started
19:55: Sweep initiated using definitions version 630
19:55: Starting Memory Sweep
19:55:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
19:55:   The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
19:55:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
19:55:   The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
19:56:   Found Adware: icannnews
19:56:   Detected running threat: C:\WINDOWS\system32\fplo0333e.dll (ID = 83)
19:58:   Detected running threat: C:\WINDOWS\system32\pFqsp.dll (ID = 83)
19:58: Memory Sweep Complete, Elapsed Time: 00:03:21
19:58: Starting Registry Sweep
19:59:   Found Adware: purityscan
19:59:   HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\  (2 subtraces) (ID = 137986)
19:59:   HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
19:59:   Found Trojan Horse: trojan agent winlogonhook
19:59:   HKLM\software\microsoft\mssmgr\  (4 subtraces) (ID = 937101)
19:59:   Found Adware: accona toolbar accoona.com hijack
19:59:   HKU\WRSS_Profile_S-1-5-21-1960408961-1708537768-725345543-500\software\microsoft\internet explorer\searchurl\ || @ (ID = 955002)
19:59: Registry Sweep Complete, Elapsed Time:00:00:27
19:59: Starting Cookie Sweep
19:59: Cookie Sweep Complete, Elapsed Time: 00:00:00
19:59: Starting File Sweep
20:01:   Found Trojan Horse: trojan-dh
20:01:   dh9013.exe (ID = 208497)
20:04:   Found Adware: look2me
20:04:   pfqsp.dll (ID = 159)
20:04:   fplo0333e.dll (ID = 159)
20:07:   Found Adware: spysheriff fakealert
20:07:   secure32.html (ID = 184319)
20:07:   n46q0ej5eho.dll (ID = 159)
20:08:   guard.tmp (ID = 159)
20:09: File Sweep Complete, Elapsed Time: 00:10:38
20:09: Full Sweep has completed.  Elapsed time 00:14:33
20:09: Traces Found: 18
20:17: Removal process initiated
20:18:   Quarantining All Traces: icannnews
20:18:   icannnews is in use.  It will be removed on reboot.
20:18:     C:\WINDOWS\system32\fplo0333e.dll is in use.  It will be removed on reboot.
20:18:     C:\WINDOWS\system32\pFqsp.dll is in use.  It will be removed on reboot.
20:18:   Quarantining All Traces: look2me
20:18:   look2me is in use.  It will be removed on reboot.
20:18:     pfqsp.dll is in use.  It will be removed on reboot.
20:18:     fplo0333e.dll is in use.  It will be removed on reboot.
20:18:     n46q0ej5eho.dll is in use.  It will be removed on reboot.
20:18:   Quarantining All Traces: purityscan
20:18:   Quarantining All Traces: spysheriff fakealert
20:18:   Quarantining All Traces: trojan agent winlogonhook
20:18:   Quarantining All Traces: trojan-dh
20:18:   Quarantining All Traces: accona toolbar accoona.com hijack
20:18:   Warning: Launched explorer.exe
20:18:   Warning: Quarantine process could not restart Explorer.
20:20:   Preparing to restart your computer. Please wait...
20:20: Removal process completed.  Elapsed time 00:02:54
21:24: Updating spyware definitions
21:24: Your spyware definitions have been updated.
********
19:54: |       Start of Session, 13 March 2006       |
19:54: Spy Sweeper started
19:54: Warning: Access is denied
19:55: Your spyware definitions have been updated.
19:55: |       End of Session, 13 March 2006       |


ewido log


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           22:01:44, 13/03/2006
+ Report-Checksum:      F3B7A0F3


+ Scan result:


C:\Documents and Settings\Jamie Griffiths\Cookies\jamie [email]griffiths@rotator.adjuggler[1].txt[/email] -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Jamie Griffiths\Cookies\jamie [email]griffiths@www.myaffiliateprogram[1].txt[/email] -> TrackingCookie.Myaffiliateprogram : Cleaned with backup



::Report End

Edited by pritaeas: Fixed formatting

0

Your HJT log looks clean. Unless you dont reconize this IP in this entry.


O17 - HKLM\System\CCS\Services\Tcpip\..\{AF7F3482-AE63-4E26-ABE7-5CDE0A4104C2}: NameServer = 194.74.65.68 194.72.9.34

If you don't have HJT fix it.

0

ok, my comp seems to be ok now, thanks all for your help, i've left positive feedback for you all.

cheers again,

Jamie

0

I downloaded the same program the thread creator used, since I'm receiving the same problem, with much slower browser speeds as well. I used to be able to load pages in less than a second, now sometimes the page doesn't load at all. Regarding browsers opening up by itself... I use Mozilla Firefox for all my browsing butu random pages I've never been to open up on IE. Can someone help me fix this problem? Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 12:17:44 PM, on 4/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Garmin\gStart.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kyle Zhang\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O1 - Hosts: 69.60.124.19 L2authd.lineage2.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\myabaotc.dll",setvm
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero Super Play\MPURLGET.HTM
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O9 - Extra button: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://behappy2002.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.