Looks like you got it, your Hijack This log and the AVG_ AntiSpyware scan are clean. Is your computer running ok. Your java is out of date. Download the latest version of http://java.sun.com/javase/downloads/index.jsp Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed . Then from your desktop double-click on jre-1_6_0-windowsi586-p.exe to install the newest version. You should consider adding "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

0

thanks so much for your help. My computer is still pretty slow on startup. I just timed it and it too 1 min 25sec is thet normal? it is also taking a long time to things to respond. should i try defraging it now? and maybe that will help

0

i just got a message on my pc saying: Windows defender command line utility has encountered a problem and needs to close. Do you know why this woould happen?? I have had this before also

0

You might try uninstalling windows defender and run spywareblaster for a while it takes less resourses, that may help the start up time. That is slow for startup, mine takes about 30 seconds. And I would run "error checker" then "defrag". You can also remove these items with Hijack This as they are wasting resourses: F2 - REG:system.ini: UserInit=userinit.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) Your Nokia PcSuite should have an option not to load on startup and/or not to load to system tray, look for those options and turn them off. There should be an option not to run an AVG scan at startup. It looks as though your computer is set to do this. Go to AVG Control Center> Scheduling> and delete that option if possible then run the scans at your option. If that is not possible you would have to reinstall AVG and not check that option during installation. Let me know if that helped your startup time.

0

where would i find error checker? i have not used that before?

0

Go to start> my computer> right click local disk (c:)> properties> tools> click check now> check both boxes> start> follow the prompts to restart the computer and error checker will begin upon the restart. Usually takes 15 to 30 minutes.

0

Ok, i did all thet you recommended. error checker took only about 10 seconds ?? not minutes and said that it was clean. i timed the startup and it took 2 mins 10 sec and if it double click anything on the desktop it takes about 20 secs to open. this is so annoying

0

Maybe we are missing something but it is not apparent so far. We can look further. Please download Grinler's Pfind from this link: http://download.bleepingcomputer.com/oldtimer/winpfind.exe Unzip it to the desktop, by double-clicking on it and clicking Extract. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while. When it has finished it will product a text document. Please copy and paste the contents of that document into this thread.

0

ok ill do that now I re-tried error checker yesterday because it was way too fastbefore and this time it took almost 6 hours. i then defraged as you suggested but the pc is still slow

0

i just tried Pfind and it wont respond

0

On Pfind you got it downloaded, extracted the files, opened the new foler on your desktop and it would not respond? Please download Brute Force Uninstaller Unzip it to it’s own folder (c:\BFU) Double click BFU.exe to run it. When the "Brute Force Uninstaller" window appears, click the "globe" icon in the top right hand corner. In the "Download BFU script..." window, copy and paste the following and then click OK: http://metallica.geekstogo.com/alcanshorty.bfu You should see the file alcanshorty.bfu appear in the bfu folder next to BFU.exe. Reboot into safe mode. Open the bfu folder and double click BFU.exe. To select the scriptfile to execute, first double click the folder icon to the left of the globe. You should now see a window containing alcanshorty.bfu, simply double click it. Finally, click the Execute button to begin. When the tool has finished running, you will get a "BFU" window with the message "Completed script execution", click on OK. Please download Comboscan from this link: Comboscan Close all applications and windows. Double-click on comboscan.exe to run it, and follow the prompts. When the scan is complete, a text file will open - ComboScan.txt Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread in the HijackThis Log Help Forum. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt. Please attach Supplementary.txt to your post. Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

0

yes that is correct it says "not responding" across the top I downloaded brute force uninstaller and got to the part wher i had to start it in safe mode and this came up System error: the RPC server is not available. what should i do now?

0

Run Brute Force from normal mode. Post the comboscan results. Please download and run Catchme from this link http://www.gmer.net/catchme.php then post the results of the scan.

0

ComboScan v20070212.14 run by Olmi on 2007-02-19 at 08:49:06 Computer is in Normal Mode. ---------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis log (run as Olmi.--------------------- Logfile of HijackThis v1.99.1 Scan saved at 8:49:30 AM, on 19/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinZip\WZQKPICK.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.exe C:\Documents and Settings\Olmi\Desktop\comboscan.exe C:\DOCUME~1\Olmi\LOCALS~1\Temp\~sqqpkdr.tmp\Olmi.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.... O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar... O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lafreak666australia.spaces.l... O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US... O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows... O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar... O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active... O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUplo... O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar... O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g... O17 - HKLM\System\CCS\Services\Tcpip\..\{24B5DF9A-98A0-45E4-8B46-440EA892C260}: Domain = nsw.bigpond.net.au O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- HijackThis Fixed Entries (C:\Program Files\Hijackthis\backups\) -------------- backup-20061016-150920-125 O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\tgeraboj.dll (file missing) backup-20061016-150920-155 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.exe backup-20061016-150920-157 O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /min backup-20061016-150920-246 O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/s... backup-20061016-150920-822 O2 - BHO: (no name) - {DF2B7129-8A40-414F-8EE4-61FC074F245C} - C:\WINDOWS\Help\vddcac.dll (file missing) backup-20061016-150920-979 O15 - Trusted Zone: http://locator.cdn.imageservr.com backup-20061024-132112-163 O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe backup-20061024-132112-173 O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe backup-20061024-132112-348 O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe backup-20061024-132112-573 O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com... backup-20061024-132112-692 O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL backup-20061024-132112-878 O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - backup-20061024-132112-953 O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe backup-20061024-132112-985 O11 - Options group: [INTERNATIONAL] International* backup-20061030-134756-155 R3 - URLSearchHook: (no name) - - (no file) backup-20061030-134756-197 R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file) backup-20070215-144647-123 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll backup-20070215-144647-601 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll backup-20070215-144648-287 O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=0 backup-20070215-144648-472 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll backup-20070215-144648-641 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll backup-20070215-144648-984 O4 - Global Startup: LG SyncManager.lnk = ? backup-20070216-130023-168 O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe backup-20070216-130023-272 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba... backup-20070217-091300-140 F2 - REG:system.ini: UserInit=userinit.exe backup-20070217-091300-182 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) backup-20070217-091301-481 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) backup-20070217-092236-297 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot -- File Associat------- .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.exe %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.exe %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.exe %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 3 26381f68-0b0e-43df-a509-3db0aac8de0c - \??\D:\Player\cds300.dll 3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys 1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys 1 Avg7Core (AVG7 Kernel) - \SystemRoot\System32\Drivers\avg7core.sys 1 Avg7RsW (AVG7 Wrap Driver) - \SystemRoot\System32\Drivers\avg7rsw.sys 1 Avg7RsXP (AVG7 Rezident Driver) - \SystemRoot\System32\Drivers\avg7rsxp.sys 1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys 1 AvgClean (AVG7 Clean Driver) - \SystemRoot\System32\Drivers\avgclean.sys 3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - system32\DRIVERS\HDAudBus.sys 3 HSFHWBS2 - system32\DRIVERS\HSFHWBS2.sys 3 HSF_DPV - system32\DRIVERS\HSF_DPV.sys 3 ialm - system32\DRIVERS\ialmnt5.sys 3 IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - system32\drivers\RtkHDAud.sys 1 intelppm (Intel Processor Driver) - system32\DRIVERS\intelppm.sys 2 mdmxsdk - system32\DRIVERS\mdmxsdk.sys 3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys 3 Nokia USB Generic - system32\drivers\nmwcdc.sys 3 Nokia USB Modem - system32\drivers\nmwcdcm.sys 3 Nokia USB Phone Parent - system32\drivers\nmwcd.sys 0 ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys 0 PCIIde - system32\DRIVERS\pciide.sys 3 Pcouffin (Low level access layer for CD devices) - System32\Drivers\Pcouffin.sys 0 PxHelp20 - System32\Drivers\PxHelp20.sys 3 ROOTMODEM (Microsoft Legacy Modem Driver) - System32\Drivers\RootMdm.sys 1 sdcplh - System32\drivers\sdcplh.sys 2 tmcomm - \??\C:\WINDOWS\system32\drivers\tmcomm.sys 3 U81xbus (LGE U8XXX driver (WDM)) - system32\DRIVERS\U81xbus.sys 3 U81xmdfl (LGE U8XXX USB WMC Modem Filter) - system32\DRIVERS\U81xmdfl.sys 3 U81xmdm (LGE U8XXX USB WMC Modem Driver) - system32\DRIVERS\U81xmdm.sys 3 U81xmgmt (LGE U8XXX USB WMC Device Management Drivers (WDM)) - system32\DRIVERS\U81xmgmt.sys 3 U81xobex (LGE U8XXX USB WMC OBEX Interface) - system32\DRIVERS\U81xobex.sys 3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys 3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys 3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys 3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys 3 usbsermpt (Motorola USB Modem Driver for MPT) - system32\DRIVERS\usbsermpt.sys 3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS 3 winachsf - system32\DRIVERS\HSF_CNXT.sys 3 WpdUsb - system32\DRIVERS\wpdusb.sys 4 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - \SystemRoot\System32\drivers\ws2ifsl.sys 0 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys 3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys 3 yukonwxp (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller) - system32\DRIVERS\yk51x86.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe 2 Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe 2 Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe 2 LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" 3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - C:\Program Files\Windows Media Player\WMPNetwk.exe 2 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup -- Scheduled T--------- 2007-02-18 21:57:01 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job<CHECKU~1.JOB> -- Files created between 2007-01-19 and 20---------- 2007-02-19 08:45:40 0 d-------- C:\bintheredunthat<BINTHE~1> 2007-02-18 15:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2007-02-16 15:36:14 0 d-------- C:\Program Files\Java 2007-02-16 15:36:14 0 d-------- C:\Program Files\Common Files\Java 2007-02-16 10:25:50 3120 --a------ C:\WINDOWS\system32\tmp.reg 2007-02-15 09:39:22 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys<Signed: Trend Micro Inc.> 2007-02-14 14:28:00 0 d-------- C:\WINDOWS\pss 2007-02-11 08:58:08 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys<Unsigned: GRISOFT, s.r.o.> 2007-02-11 08:58:07 18432 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys<Unsigned: GRISOFT, s.r.o.> 2007-02-08 11:30:12 1385744 --a------ C:\WINDOWS\system32\MSVBVM60.DLL<Unsigned: Microsoft Corporation> 2007-02-06 09:29:27 0 d-------- C:\Program Files\Smart Desktop Calendar<SMARTD~2> 2007-02-06 09:22:42 27648 --a------ C:\WINDOWS\system32\SSUBTMR.DLL<Unsigned: <none>> 2007-02-01 15:05:16 0 d-------- C:\ffefdd18e00602e8e81c70678c6c244d<FFEFDD~1> 2007-01-31 23:04:19 0 d-------- C:\6d9f051d2bbd087d2ec8fc715ef1<6D9F05~1> 2007-01-30 23:36:52 0 d-------- C:\c4149a18bc15d1d31b169116a1<C4149A~1> 2007-01-30 15:03:35 0 d-------- C:\fb5efac2dc6fc7fc090f6be4<FB5EFA~1> 2007-01-30 08:25:41 0 d-------- C:\eb5fcf2cdf68cb91b7d4fac3<EB5FCF~1> 2007-01-30 08:20:19 0 d-------- C:\1dac3065adbe515f863b9c296bd9<1DAC30~1> 2007-01-29 19:11:54 675579 --a------ C:\WINDOWS\PROGRAM.exe<Unsigned: n/a> 2007-01-29 19:11:06 538 --a------ C:\Documents and Settings\Olmi\Application Data\internaldb8467.dat<INTERN~2.DAT> 2007-01-29 19:11:06 374 --a------ C:\Documents and Settings\Olmi\Application Data\internaldb6334.dat<INTERN~3.DAT> 2007-01-29 19:11:02 18432 --a------ C:\Documents and Settings\Olmi\Application Data\internaldb41.dat<INTERN~1.DAT> 2007-01-29 19:10:23 0 d-------- C:\WINDOWS\system32\UpMedia 2007-01-29 09:29:45 0 d-------- C:\50fc22ac6482d87c0d<50FC22~1> 2007-01-29 08:00:38 0 d-------- C:\9145f0641a67c1805dcc<9145F0~1> 2007-01-27 23:52:07 0 d-------- C:\21167a290a3348217037<21167A~1> 2007-01-27 08:00:50 0 d-------- C:\aaa060889da7b32c466cef<AAA060~1> 2007-01-26 21:56:16 0 d-------- C:\2b9a1fa8863b2c21b16db546<2B9A1F~1> 2007-01-26 19:57:15 0 d-------- C:\6103aeaa2b944c345222<6103AE~1> 2007-01-26 18:09:53 0 d-------- C:\cbe5c1288db2e8f48384b6a0<CBE5C1~1> 2007-01-26 13:40:45 0 d-------- C:\b2377a5524dd213af9ed25<B2377A~1> 2007-01-26 08:00:38 0 d-------- C:\b539e16e2c642e7a4dd50edcf667<B539E1~1> 2007-01-26 00:06:38 0 d-------- C:\d9ea396de0f6adf4b102<D9EA39~1> 2007-01-24 23:40:41 0 d-------- C:\554569eaf4528952974e8e43bba4<554569~1> 2007-01-24 08:43:04 0 d-------- C:\b2084e20c80eb6746fdf87<B2084E~1> 2007-01-24 08:41:51 0 d-------- C:\5e30cd433b5250eb54223e082e4960<5E30CD~1> 2007-01-22 23:33:14 0 d-------- C:\eb17a3b6cf4fdd5c784ed5ea<EB17A3~1> 2007-01-22 17:35:19 0 d-------- C:\2867063938d9a693bd<286706~1> 2007-01-22 17:32:40 0 d-------- C:\011b2bd103119efba32c<011B2B~1> 2007-01-22 17:31:56 0 d-------- C:\7ce7ad33e1b4b4f4ac75777603<7CE7AD~1> 2007-01-22 17:31:13 0 d-------- C:\5f72aec3dce4af1a8e65db8e19ddc803<5F72AE~1> 2007-01-22 17:29:23 0 d-------- C:\99ef941e9f610c8de2de<99EF94~1> 2007-01-22 17:27:20 0 d-------- C:\78dec8c560f488721a<78DEC8~1> 2007-01-22 09:57:33 0 d-------- C:\f37a062d9319d4240bc549a8<F37A06~1> 2007-01-22 09:51:45 0 d-------- C:\aef0aab3299c2d52af58eb7b8c5149<AEF0AA~1> 2007-01-21 08:01:03 0 d-------- C:\599cee8ad9a66ad41ede<599CEE~1> 2007-01-20 20:16:30 0 d-------- C:\be90f6ee5f9a59af3d1eca480938d8<BE90F6~1> 2007-01-20 09:45:00 0 d-------- C:\d3a8ba856b1ce5cb9eea834a<D3A8BA~1> 2007-01-19 23:04:13 0 d-------- C:\ae239060d31601f6a6be38d602995d<AE2390~1> 2007-01-19 21:27:56 0 d-------- C:\db49a4b01907f62582fe19b7<DB49A4~1> 2007-01-19 13:55:35 180224 --a------ C:\WINDOWS\system32\DSKernel2.dll<DSKERN~1.DLL><Unsigned: LEAD Technologies, Inc.> 2007-01-19 00:38:49 0 d-------- C:\fbaad322b5cec36db8beb9b6<FBAAD3~1> -- Find3M Re----------- 2007-02-19 08:44:42 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-02-17 11:31:14 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1> 2007-02-17 09:21:20 0 d-------- C:\Program Files\Hijackthis<HIJACK~1> 2007-02-16 21:36:30 0 d-------- C:\Documents and Settings\Olmi\Application Data\AVG7 2007-02-15 18:05:43 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1> 2007-02-15 18:03:34 0 d-------- C:\Program Files\Messenger<MESSEN~1> 2007-02-15 17:56:12 0 d-------- C:\Program Files\Common Files\LightScribe<LIGHTS~1> 2007-02-15 17:12:56 0 d-------- C:\Program Files\Windows Live Toolbar<WI81E8~1> 2007-02-15 17:12:54 0 d-------- C:\Program Files\Windows Live Favorites<WI48FA~1> 2007-02-15 14:48:44 0 d-------- C:\Program Files\Yahoo! 2007-02-15 07:14:46 0 d-------- C:\Program Files\Google 2007-02-11 08:58:15 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys<Unsigned: GRISOFT, s.r.o.> 2007-02-11 08:58:15 839936 --a------ C:\WINDOWS\system32\drivers\avg7core.sys<Unsigned: GRISOFT, s.r.o.> 2007-02-11 08:58:07 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys<Unsigned: GRISOFT, s.r.o.> 2007-02-11 08:57:49 0 d-------- C:\Program Files\Grisoft 2007-02-08 10:23:42 0 d-------- C:\Program Files\Swift Software Group<SWIFTS~1> 2007-02-08 10:22:52 0 d-------- C:\Program Files\POK 2007-02-08 10:21:21 0 d-------- C:\Program Files\First Names 2005<FIRSTN~2> 2007-02-08 10:20:59 0 d-------- C:\Program Files\EasyDVDClone<EASYDV~1> 2007-02-08 10:19:02 0 d-------- C:\Program Files\3gpConvert<3GPCON~1> 2007-01-31 20:13:13 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-01-31 20:13:13 0 d-------- C:\Program Files\Cheetah Burner<CHEETA~1> 2007-01-16 18:52:16 1060 --a------ C:\3gp.dat 2007-01-15 17:00:13 0 d-------- C:\Program Files\Common Files\Companion Wizard<COMPAN~1> 2007-01-15 17:00:12 0 d-------- C:\Program Files\Common Files\{00BD8C7C-0BB0-1033-1223-05031120003d}<{00BD8~1> 2007-01-11 12:27:55 0 d-------- C:\Documents and Settings\Olmi\Application Data\AdobeUM 2007-01-08 15:38:23 0 d-------- C:\Documents and Settings\Olmi\Application Data\NeroDCTemplates<NERODC~1> 2007-01-07 12:32:54 0 d-------- C:\Program Files\Ahead 2007-01-07 12:29:58 0 d-------- C:\Program Files\Common Files\Ahead 2007-01-06 12:37:59 0 d-------- C:\Documents and Settings\Olmi\Application Data\SoundSpectrum<SOUNDS~1> 2007-01-06 12:37:12 0 d-------- C:\Program Files\SoundSpectrum<SOUNDS~1> 2007-01-06 11:48:59 313 --a------ C:\WINDOWS\EReg515.dat 2007-01-01 13:18:55 0 d-------- C:\Program Files\WinAVIVideoConverter<WINAVI~1> 2006-12-30 19:01:10 0 d-------- C:\Documents and Settings\Olmi\Application Data\DivX 2006-12-28 13:22:18 0 d-------- C:\Program Files\DivX 2006-12-26 20:06:43 0 d-------- C:\Program Files\Common Files\SWF Studio<SWFSTU~1> 2006-12-26 20:06:35 0 d-------- C:\Program Files\Riva 2006-12-13 03:30:29 520192 --a------ C:\WINDOWS\system32\DivXsm.exe<Unsigned: n/a> 2006-12-13 03:30:26 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll<Unsigned: n/a> 2006-12-13 03:30:22 109568 -----n--- C:\WINDOWS\system32\pxinsi64.exe<Unsigned: Sonic Solutions> 2006-12-13 03:30:22 108544 -----n--- C:\WINDOWS\system32\pxcpyi64.exe<Unsigned: Sonic Solutions> 2006-12-13 03:30:18 200704 --a------ C:\WINDOWS\system32\ssldivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/> 2006-12-13 03:30:18 1044480 --a------ C:\WINDOWS\system32\libdivx.dll<Unsigned: The OpenSSL Project, http://www.openssl.org/> 2006-12-13 03:25:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll<Unsigned: DivX, Inc.> 2006-12-13 03:25:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll<Unsigned: DivX, Inc.> 2006-12-13 03:25:24 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll<Unsigned: DivXNetworks> 2006-12-13 03:25:22 57344 --a------ C:\WINDOWS\system32\dpv11.dll<Unsigned: DivXNetworks> 2006-12-13 03:25:22 344064 --a------ C:\WINDOWS\system32\dpus11.dll<Unsigned: DivXNetworks> 2006-12-13 03:25:22 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll<Unsigned: DivXNetworks> 2006-12-13 03:25:22 294912 --a------ C:\WINDOWS\system32\dpu11.dll<Unsigned: DivXNetworks> 2006-12-13 03:25:22 294912 --a------ C:\WINDOWS\system32\dpu10.dll<Unsigned: DivXNetworks> 2006-12-13 03:25:20 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL><Unsigned: DivX, Inc.> 2006-12-13 03:25:20 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL><Unsigned: DivX, Inc.> 2006-12-13 03:25:19 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL><Unsigned: DivX, Inc.> 2006-12-13 03:25:19 635486 --a------ C:\WINDOWS\system32\DivX.dll<Unsigned: DivX, Inc.> 2006-12-13 03:24:42 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL><Unsigned: n/a> 2006-12-13 03:24:42 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE><Unsigned: DivX, Inc.> 2006-12-01 13:16:09 2150 -----n--- C:\WINDOWS\system32\InetLock.dat -- Registry ----------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.4156\\GoogleToolbarNotifier.exe" "NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\"" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\"" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe" "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "DataLayer"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe" "Blubster"="C:\\Program Files\\Blubster\\Blubster.exe SILENT" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.exe" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.exe" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" "DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- End of ComboScan: finished at 2007-02-19 at 08:5- ComboScan v20070212.14 run by Olmi on 2007-02-19 at 08:49:06 Supplementary logfile - please post this as an attachment with your post. ---------------------- -- System Informa------ Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz Percentage of Memory in Use: 38% Physical Memory (total/avail): 1015.48 MiB / 628.35 MiB Pagefile Memory (total/avail): 2442.71 MiB / 2152.31 MiB Virtual Memory (total/avail): 2047.88 MiB / 2002.82 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 186.3 GiB total, 148.56 GiB free. D: is CDROM (UDF) E: is Removable (No Media) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) -- Security Ce--------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: AVG 7.5.441 v7.5.441 (GRISOFT) -- Environment Varia--- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Olmi\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=OLMI-84EFACFCF2 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Olmi LOGONSERVER=\\OLMI-84EFACFCF2 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Mozilla Firefox\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0403 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Olmi\LOCALS~1\Temp TMP=C:\DOCUME~1\Olmi\LOCALS~1\Temp USERDOMAIN=OLMI-84EFACFCF2 USERNAME=Olmi USERPROFILE=C:\Documents and Settings\Olmi windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Prof----------- Olmi [I](admin)[/I] Administrator [I](new local, admin)[/I] -- Add/Remove Prog----- --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNNMP.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf a-squared Free 2.0 --> "C:\Program Files\a-squared Free\unins000.exe" Acoustica MP3 Audio Mixer --> C:\PROGRA~1\ACOUST~1\UNWISE.exe C:\PROGRA~1\ACOUST~1\INSTALL.LOG Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.exe C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Address Book Standard Edition --> c:\Program Files\Address Book Standard Edition\uninstal.exe Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.exe -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Ashampoo Photo Commander 3 --> "C:\Program Files\Ashampoo\Ashampoo Photo Commander 3\Uninstall\APHC_Uninstall.exe" AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe BigPond Broadband ADSL FAQ --> MsiExec.exe /I{86EAA5D0-3445-4945-993A-98F128C9299E} Bob the Builder - Bob Builds a Park --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C13AD07-5129-11D5-96DB-AE99AF79C743}\SETUP.exe" -l0x9 Broderbund Home Design 5.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9024562E-CBEC-48B5-894A-1C59269302FE} Cheetah Audio Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1914510-38B5-4835-83D8-A188073E542F}\Setup.exe" Cheetah WMA Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDB7CDB2-40E6-4893-95E9-7A551AF865CD}\Setup.exe" CoreVorbis Audio Decoder (remove only) --> "C:\WINDOWS\system32\CoreVorbis-uninstall.exe" DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" e-tax 2006 --> C:\etax2006\e-tax 2006_uninstall.exe EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.exe" -l0x9 -UnInstall EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.exe" -l0x9 UNINST EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST EPSON Image Clip Palette --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x9 -u EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.exe /R EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.exe" -l0x9 -anything ESCX4700_4100 User's Guide --> C:\Program Files\EPSON\TPMANUAL\ESCX4700_4100\USE_G\DOCUNINS.exe Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{8C35A8EC-1BA2-4F3F-8A45-67C0520DC4A7} G-Force --> C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll" High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe" HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall Indeo® Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll" Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.exe C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772 Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} LG PC Sync --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0E3469E7-E33A-4A79-99B7-24883BE62EC9} /l1033 LG Phone Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D130E8E3-C39F-4572-A622-8636BBB09865} /l1033 LiveUpdate BVRP Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9 Madeline Rainy Day Activities --> C:\CWONDERS\MRDA\CWRUN.exe MadelineRainyDayActivities UninstallExe Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7C79323D-E881-4290-B64E-0AB74464EF5A} Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8} mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9 Monsters, Inc. Scare Island --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\MONSTE~1\DeIsL2.isu Mozilla Firefox (1.5.0.9) --> C:\PROGRA~1\MOZILL~1\uninstall\uninstall.exe /ua "1.5.0.9 (en-US)" MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5} Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" Nokia Connectivity Cable Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C1599DA-9ED9-4090-930F-B8BC4D99D6B0} Nokia PC Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{FBD6A335-7E02-43B0-AF58-1B472F9BD3E1} OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7} Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan Personal Ancestral File 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94A8E22-DF2B-4107-9E51-608A60A7671D}\Setup.exe" PIF DESIGNER --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.exe" -l0x9 anything Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{8CB86494-F15E-4DEC-8A7A-54AD5256790A} PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9 -removeonly Replay Converter 2.20 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Converter\irunin.ini" Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe" Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{63BCC5DB-1371-4C0B-9123-F2B4DDF9F9B8} Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.exe -U -IPDRSLSM5K.inf Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" UpTown Engine --> C:\WINDOWS\system32\UpMedia\uninstallSE.exe vanBasco's Karaoke Player --> C:\Program Files\vanBasco's Karaoke Player\uninst.exe Video-AVI to GIF Converter v3.03 (Release date: 06-04-13 Free) --> "C:\Documents and Settings\Olmi\My Documents\brendan\Video-AVI to GIF Converter\unins000.exe" WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe" Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B} Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{3F171960-DA83-4259-99AF-9DD8C6F6BA52} Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA} Windows Live Toolbar --> MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA} Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{62CCEC33-5BA7-4890-A06C-34B8844462CE} Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WinXMedia AVI/WMV MP4 Converter 2.1 --> C:\Program Files\WinXMedia\WinXMedia WMV MP4 Converter\WinXMedia WMV MP4 Converter\uninst.exe WinZip --> "C:\Program Files\WinZip\WINZIP32.exe" /uninstall -- End of ComboScan: finished at 2007-02-19 at 08:5-

0

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0

0

There are some strange things in the comboscan that I cannot identify. Try these scan and see if they can pick out the baddies. Please download VundoFix.exe to your C:\. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. Post the log located at C:Vundofix.txt. Please download Dr Web CureIt to your desktop from this link ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable. This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log on your desktop.

0

VundoFix V6.2.2 Checking Java version... Java version is 1.5.0.2 Java version is 1.5.0.6 Scan started at 11:08:29 AM 16/10/2006 Listing files found while scanning.... C:\WINDOWS\system32\shhwfcju.exe C:\WINDOWS\Help\vddcac.dll C:\WINDOWS\Help\cacddv.ini C:\WINDOWS\Help\cacddv.bak1 C:\WINDOWS\Help\cacddv.bak2 C:\WINDOWS\Help\cacddv.ini2 C:\WINDOWS\Help\cacddv.tmp Beginning removal... Attempting to delete C:\WINDOWS\system32\shhwfcju.exe C:\WINDOWS\system32\shhwfcju.exe Has been deleted! Attempting to delete C:\WINDOWS\Help\vddcac.dll C:\WINDOWS\Help\vddcac.dll Could not be deleted. Attempting to delete C:\WINDOWS\Help\cacddv.ini C:\WINDOWS\Help\cacddv.ini Has been deleted! Attempting to delete C:\WINDOWS\Help\cacddv.bak1 C:\WINDOWS\Help\cacddv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\Help\cacddv.bak2 C:\WINDOWS\Help\cacddv.bak2 Has been deleted! Attempting to delete C:\WINDOWS\Help\cacddv.ini2 C:\WINDOWS\Help\cacddv.ini2 Has been deleted! Attempting to delete C:\WINDOWS\Help\cacddv.tmp C:\WINDOWS\Help\cacddv.tmp Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\Help\vddcac.dll C:\WINDOWS\Help\vddcac.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.2.2 Checking Java version... Java version is 1.5.0.2 Java version is 1.5.0.6 Scan started at 11:44:58 AM 16/10/2006 Listing files found while scanning.... No infected files were found. VundoFix V6.2.2 Checking Java version... Java version is 1.5.0.2 Java version is 1.5.0.6 Scan started at 11:51:10 AM 16/10/2006 Listing files found while scanning.... No infected files were found. VundoFix V6.3.7 Checking Java version... Scan started at 3:27:25 PM 19/02/2007 Listing files found while scanning.... C:\WINDOWS\system32\gyfwvtev.dll C:\WINDOWS\system32\jqsydaln.dll Beginning removal... Performing Repairs to the registry. Done!

0

Process.exe;C:\Documents and Settings\Olmi\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.; restart.exe;C:\Documents and Settings\Olmi\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.; Process.exe;C:\Documents and Settings\Olmi\My Documents\Unzipped\SmitfraudFix\SmitfraudFix;Tool.Prockill;Incurable.Moved.; restart.exe;C:\Documents and Settings\Olmi\My Documents\Unzipped\SmitfraudFix\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;

0

Looks like you had some success. See if You can run Brute Force Uninstall (response 17) and Pfind (response 14) in that order please.

0

ok. i used brute force but pfind still does not respond on my pc

0

Has your startup speed increased? See if this tool will run. Please download SilentRunners from this link http://www.silentrunners.org/Silent%20Runners.zip. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.

0

No, the startup speed is pretty much the same. "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: ---- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1" ["Adobe Systems Incorporated"] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe" ["Google Inc."] "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Free Download Manager" = "C:\Program Files\Free Download Manager\fdm.exe -autorun" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0\bin\jusched.exe"" ["Sun Microsystems, Inc."] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"] "PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray" ["Nokia"] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" [null data] "DataLayer" = "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."] "Blubster" = "C:\Program Files\Blubster\Blubster.exe SILENT" [file not found] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided) -> {HKLM...CLSID} = "EpsonToolBandKicker Class" \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {HKLM...CLSID} = "Message View" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{792F0537-F929-4eb7-AC1D-FB6334C71550}" = "LG Phone" -> {HKLM...CLSID} = "LG Phone" \InProcServer32\(Default) = "C:\DOCUME~1\Olmi\MYDOCU~1\brendan\mobile\Phone.dll" ["LG Electornics"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" [null data] HKLM\System\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"stera" [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] Group Policies {policy setting}: --- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Startup items in "Olmi" & "All Users" startup folders: ------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.exe -b -l" [MS] "WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.exe" ["WinZip Computing LP"] Enabled Scheduled Tasks: ------------------------ "Check Updates for Windows Live Toolbar" -> launches: "C:\Program Files\Windows Live Toolbar\MSNTBUP.exe" [MS] Winsock2 Service Provider DLLs: -- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 12 - 13 Toolbars, Explorer Bars, Extensions: ------- Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "&Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" -> {HKLM...CLSID} = "Windows Live Toolbar" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided) -> {HKLM...CLSID} = "EPSON Web-To-Page" \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}\(Default) = "PrintView" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL" [file not found] HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7}\(Default) = "Disclosure Bar" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\WINDOWS\system32\UpMedia\SearchTool.dll" [null data] HKLM\Software\Classes\CLSID\{90FE6C53-F8B4-4631-B42A-02D63D1C949C}\(Default) = "PrintView" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL" [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): -------- AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ EPSON Stylus CX4100 Series 2KMonitor5P\Driver = "E_FLMAEP.DLL" ["SEIKO EPSON CORPORATION"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 51 seconds, including 18 seconds for message boxes)

0

Reboot in to safe mode and make sure you can view hidden files. Navigate to and delete these files if found: C:\WINDOWS\system32\UpMedia\SearchTool.dll C:\Program Files\PrintView\PRINTH~1.DLL(this file will begin with printh and end with .dll, any assortment of charactors could be in between but it will be in the "PrintView" folder) Next Navigate to and delete these folders if found: C:\WINDOWS\system32\UpMedia C:\Program Files\PrintView Post a new Silentrunners log. Let me know if that helped with your startup speed.

0

it is still pretty much the same. ill time my startup next time and let you know how long it takes. should i time it from the time the computer is turned on or when windows starts? "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: ---- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1" ["Adobe Systems Incorporated"] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe" ["Google Inc."] "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Free Download Manager" = "C:\Program Files\Free Download Manager\fdm.exe -autorun" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0\bin\jusched.exe"" ["Sun Microsystems, Inc."] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"] "PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray" ["Nokia"] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" [null data] "DataLayer" = "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."] "Blubster" = "C:\Program Files\Blubster\Blubster.exe SILENT" [file not found] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided) -> {HKLM...CLSID} = "EpsonToolBandKicker Class" \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {HKLM...CLSID} = "Message View" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{792F0537-F929-4eb7-AC1D-FB6334C71550}" = "LG Phone" -> {HKLM...CLSID} = "LG Phone" \InProcServer32\(Default) = "C:\DOCUME~1\Olmi\MYDOCU~1\brendan\mobile\Phone.dll" ["LG Electornics"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" [null data] HKLM\System\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"stera" [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] Group Policies {policy setting}: --- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Startup items in "Olmi" & "All Users" startup folders: ------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.exe -b -l" [MS] "WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.exe" ["WinZip Computing LP"] Enabled Scheduled Tasks: ------------------------ "Check Updates for Windows Live Toolbar" -> launches: "C:\Program Files\Windows Live Toolbar\MSNTBUP.exe" [MS] Winsock2 Service Provider DLLs: -- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 12 - 13 Toolbars, Explorer Bars, Extensions: ------- Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "&Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" -> {HKLM...CLSID} = "Windows Live Toolbar" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided) -> {HKLM...CLSID} = "EPSON Web-To-Page" \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}\(Default) = "PrintView" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL" [file not found] HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7}\(Default) = "Disclosure Bar" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\WINDOWS\system32\UpMedia\SearchTool.dll" [file not found] HKLM\Software\Classes\CLSID\{90FE6C53-F8B4-4631-B42A-02D63D1C949C}\(Default) = "PrintView" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL" [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): -------- AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ EPSON Stylus CX4100 Series 2KMonitor5P\Driver = "E_FLMAEP.DLL" ["SEIKO EPSON CORPORATION"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 35 seconds, including 4 seconds for message boxes)

0

I see "stera" a downloader trojan that may still be on the computer. Please download and install SuperAntiSpyware Load SUPERAntiSpyware and click the Check for Updates button. Once the update has finished, click the Scan your Computer button. Check Perform Complete Scan and then click Next. SUPERAntiSpyware will now scan your computer, and when it’s finished it will list all the infections it has found. Make sure that they all have a check next to them, and then click Next. Click Finish and you will be taken back to the main interface. It could be possible that it will ask you to reboot your computer in order to delete some files after reboot. I'll need a log afterwards of what has been found. To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear. Please post the results of the SUPERAntiSpyware log and a new HijackThis log in your next reply.

0

SUPERAntiSpyware Scan Log Generated 02/21/2007 at 01:35 PM Application Version : 3.5.1016 Core Rules Database Version : 3186 Trace Rules Database Version: 1196 Scan type : Complete Scan Total Scan Time : 00:41:08 Memory items scanned : 430 Memory threats detected : 0 Registry items scanned : 5633 Registry threats detected : 36 File items scanned : 29254 File threats detected : 4 Adware.Tracking Cookie C:\Documents and Settings\Olmi\Cookies\olmi@revsci[1].txt C:\Documents and Settings\Olmi\Cookies\olmi@ad.yieldmanager[2].txt Unclassified.Unknown Origin HKCR\CLSID\{849B9523-785F-4014-9CAF-079FB4A74C61} HKCR\CLSID\{849B9523-785F-4014-9CAF-079FB4A74C61}\InprocServer32 HKCR\CLSID\{849B9523-785F-4014-9CAF-079FB4A74C61}\InprocServer32#ThreadingModel HKCR\CLSID\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C} HKCR\CLSID\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}\InprocServer32 HKCR\CLSID\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}\InprocServer32#ThreadingModel Trojan.WinAntiSpyware/WinAntiVirus 2006/2007 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000\LogConf HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000\LogConf Trojan.SysProtect HKCR\CheckProd.CheckProduct HKCR\CheckProd.CheckProduct\CLSID HKCR\CheckProd.CheckProduct\CurVer HKCR\CheckProd.CheckProduct.1 HKCR\CheckProd.CheckProduct.1\CLSID HKCR\AppId\CheckProduct2_1.DLL HKCR\AppId\CheckProduct2_1.DLL#AppID Adware.DeluxeCommunications HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks#{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} Trojan.WinAntiSpyware/WinAntiVirus 2006 C:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20061024-132112-573.INF Trojan.SearchTool C:\SYSTEM VOLUME INFORMATION\_RESTORE{657AEB4E-C55F-4D84-B634-634D8259F7B1}\RP279\A0019794.DLL

0

Logfile of HijackThis v1.99.1 Scan saved at 2:07:27 PM, on 21/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\WinZip\WZQKPICK.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\show.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.... O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar... O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lafreak666australia.spaces.l... O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US... O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows... O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar... O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active... O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUplo... O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar... O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g... O17 - HKLM\System\CCS\Services\Tcpip\..\{24B5DF9A-98A0-45E4-8B46-440EA892C260}: Domain = nsw.bigpond.net.au O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

0

The Hijack This log is clean. Is your computer starting up better?

0

Unfortunatly its no better but no worse either. I really appreciatle all of your help. Did the last program i used catch the "stera" that you mentioned? I wouldnt have a clue want all those letters mean in the logs :)

0

I did nbot see it listed in the registry entries that were removed. Please download Grinler's Pfind from this link: http://download.bleepingcomputer.com/oldtimer/winpfind.exe Unzip it to the desktop, by double-clicking on it and clicking Extract. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while. When it has finished it will product a text document. Please copy and paste the contents of that document into this thread.

0

We have tried that program many times . It says there is no disk in the drive - please insert disk. Then it stops responding.

0

WinPFind logfile created on: 22/02/2007 8:14:11 AM WinPFind by OldTimer - v2.0.1 Folder = C:\Documents and Settings\Olmi\Desktop\WinPFind\ »»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600 Internet Explorer Version: 7.0.5730.11 »»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»» 1039852 Kb Total Physical Memory | 473568 Kb Available Physical Memory | 45.54% Memory free 2501336 Kb Paging File | 2063296 Kb Available in Paging File | 82.49% Paging File free Paging file location: C:\pagefile.sys 1524 3048 %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 195350368 Kb Total Space | 155361512 Kb Free Space | 79.53% Space Free D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded »»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»» C:\Documents and Settings\Olmi\Desktop\WinPFind\WinPFind.exe () C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe (Google Inc.) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.) C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.) C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.) C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.) C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.) C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) C:\Program Files\WinZip\WZQKPICK.exe (WinZip Computing LP) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) »»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»» (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.) (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] = C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.) (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] = C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.) (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] = C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software) (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] = C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) »»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»» >>>>> Run Keys and Auto-Start Folders <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] AVG7_CC = C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.) Blubster = C:\Program Files\Blubster\Blubster.exe (File not found) DataLayer = C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) Google Desktop Search = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe () HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) IgfxTray = C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) PCSuiteTrayApplication = C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) Persistence = C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) RemoteControl = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) SunJavaUpdateSched = C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.) TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Free Download Manager = C:\Program Files\Free Download Manager\fdm.exe (File not found) NBJ = C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) swg = C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe (Google Inc.) updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] Installed = 1 < Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup > C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini () C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe (WinZip Computing LP) < User Startup Folder = C:\Documents and Settings\Olmi\Start Menu\Programs\Startup > C:\Documents and Settings\Olmi\Start Menu\Programs\Startup\desktop.ini () >>>>> MsConfig Disabled Items <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state] system.ini = 0 win.ini = 0 bootini = 0 services = 0 startup = 0 >>>>> Disabled Startup Folder Items <<<<< >>>>> Items Started Through Miscellaneous Registry Keys <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs] C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll () [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] {57B86673-276A-48B2-BAE7-C6DBB3020EB8} = AVG Anti-Spyware 7.5 ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.) ) {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = ( HKLM = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) ) >>>>> Security Providers <<<<< >>>>> Winlogon Keys <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet] Control_RunDLL (File not found) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] DllName = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] DllName = C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) >>>>> Policy Keys <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID] {17492023-C23A-453E-A040-C7C580BBF700} = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum] {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1 {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857 {0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] dontdisplaylastusername = 0 legalnoticecaption = legalnoticetext = shutdownwithoutlogon = 1 undockwithoutlogon = 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] NoDriveTypeAutoRun = 145 >>>>> Desktop Components <<<<< >>>>> HOSTS File <<<<< HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 734 bytes | Modified Date: 4/08/2004 11:00:00 PM) 127.0.0.1 localhost >>>>> Internet Explorer Settings <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] Default_Page_URL = http://www.microsoft.com/isapi/redi... Default_Search_URL = http://www.microsoft.com/isapi/redi... Local Page = C:\windows\system32\blank.htm Search Page = http://www.microsoft.com/isapi/redi... Start Page = http://www.microsoft.com/isapi/redi... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] CustomizeSearch = http://ie.search.msn.com/{SUB_RFC17... Default_Search_URL = http://www.microsoft.com/isapi/redi... SearchAssistant = http://ie.search.msn.com/{SUB_RFC17... [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] Default_Search_URL = http://www.microsoft.com/isapi/redi... Local Page = C:\windows\system32\blank.htm Search Page = http://www.microsoft.com/isapi/redi... Start Page = www.google.com.au [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] ProxyEnable = 0 >>>>> Browser Helper Objects <<<<< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] - Adobe PDF Reader Link Helper ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) ) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] - Reg Data - Value does not exist ( HKLM = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) ) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] - SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) ) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] - EpsonToolBandKicker Class ( HKLM = C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) ) >>>>> Bars, Toolbars and Extensions <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page ( HKLM = C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) ) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser] {2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google ( HKLM = c:\program files\Google\googletoolbar3.dll (Google Inc.) ) {EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Toolbar ( HKLM = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (File not found) ) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} = 8193 - Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) ) {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} = 8194 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) ) {FB5F1910-F110-11d2-BB9E-00C04F795683} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) ) NextId = 8195 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}] MenuText = Sun Java Console ClsidExtension = {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - Java Plug-in 1.6.0 ( HKLM C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) ) ClsidExtension = {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - Java Plug-in 1.6.0 ( HKCU C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) ) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Windows Live Search] @ = C:\Program Files\Windows Live Toolbar\msntb.dll\search.htm (File not found) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites] @ = http:\favorites.live.com\quickadd.asp (File not found) >>>>> Approved Shell Extensions <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) ) {04055D60-93D3-11D1-B8CC-00409524F097} = Image Folder ( CLSID not found! ) {0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) ) {280CFDE1-1354-4431-92F3-03073BA593FB} = TotalConverter Context Menu Shell Extension ( CLSID not found! ) {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} = Nokia Phone Browser ( HKLM = C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll (Nokia) ) {42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( HKLM = deskpan.dll (File not found) ) {764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! ) {792F0537-F929-4eb7-AC1D-FB6334C71550} = LG Phone ( HKLM = C:\Documents and Settings\Olmi\My Documents\brendan\mobile\Phone.dll (LG Electornics) ) {7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) ) {7FC7C9B0-FED7-11D1-8F70-00409524F097} = PackedImageFolder ( CLSID not found! ) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! ) {88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) ) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG7 Shell Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) ) {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} = AVG7 Find Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) ) {A155339D-CCCD-4714-85EB-3754B804C9DF} = a-squared Free Context Menu ( HKLM = C:\Program Files\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) ) {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR ( HKLM = C:\Program Files\WinRAR\RarExt.dll () ) {BDAF2439-A7F5-4E9E-8EAB-579F0929D0A6} = ( CLSID not found! ) {C0C4375A-5B72-4efe-929D-3B848C3A1E91} = Message View ( HKLM = C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll (Nokia) ) {E0D79304-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing LP) ) {E0D79305-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing LP) ) {E0D79306-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing LP) ) {E0D79307-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing LP) ) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) ) {F93F5F63-423F-11D2-8D61-00605206619F} = Search Result ( CLSID not found! ) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] {BDEADF00-C265-11d0-BCED-00A0C90AB50F} = Web Folders ( HKLM = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL () ) >>>>> Context Menu Handlers / Column Handlers <<<<< [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}] - SASContextMenu Class ( HKLM = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) ) [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG Anti-Spyware] @ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) ) [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension] @ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) ) [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR] @ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () ) [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinZip] @ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing LP) ) [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\a2FreeContMenu] @ = {A155339D-CCCD-4714-85EB-3754B804C9DF} ( HKLM = C:\Program Files\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) ) [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}] - SASContextMenu Class ( HKLM = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) ) [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware] @ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) ) [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR] @ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () ) [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip] @ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing LP) ) [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\igfxcui] @ = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} ( HKLM = C:\WINDOWS\system32\igfxpph.dll (Intel Corporation) ) [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\a2FreeContMenu] @ = {A155339D-CCCD-4714-85EB-3754B804C9DF} ( HKLM = C:\Program Files\a-squared Free\a2freecontmenu.dll (Emsi Software GmbH) ) [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension] @ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) ) [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR] @ = {B41DB860-8EE4-11D2-9906-E49FADC173CA} ( HKLM = C:\Program Files\WinRAR\RarExt.dll () ) [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip] @ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing LP) ) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}] - PDF Shell Extension ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) ) >>>>> User Agent Post Platform <<<<< >>>>> TCP/IP Configuration <<<<< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24B5DF9A-98A0-45E4-8B46-440EA892C260}] ( Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller ) DefaultGateway = DhcpDefaultGateway = 10.0.0.138; DhcpIPAddress = 10.0.0.1 DhcpNameServer = 10.0.0.138 DhcpServer = 10.0.0.138 DhcpSubnetMask = 255.255.255.0 Domain = nsw.bigpond.net.au EnableDHCP = 1 IPAddress = 0.0.0.0; IPAutoconfigurationAddress = 0.0.0.0 NameServer = SubnetMask = 0.0.0.0; [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA144C1D-D0FB-4ADD-9196-751E89DD825B}] ( 1394 Net Adapter ) DefaultGateway = Domain = EnableDHCP = 1 IPAddress = 0.0.0.0; NameServer = SubnetMask = 0.0.0.0; >>>>> WinSock2 Parameters <<<<< >>>>> Protocol Handlers <<<<< >>>>> Protocol Filters <<<<< >>>>> Downloaded Program Files <<<<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14B87622-7E19-4EA8-93B3-97215F77A6BC}\DownloadInformation] CODEBASE = http://messenger.zone.msn.com/binar... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\DownloadInformation] CODEBASE = http://lafreak666australia.spaces.l... INF = C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D6F45B3-9043-443D-A792-115447494D24}\DownloadInformation] CODEBASE = http://messenger.zone.msn.com/EN-US... INF = C:\WINDOWS\Downloaded Program Files\GAME_UNO1.INF [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\DownloadInformation] CODEBASE = http://update.microsoft.com/windows... INF = C:\WINDOWS\Downloaded Program Files\wuweb.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation] CODEBASE = http://java.sun.com/update/1.6.0/ji... INF = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}\DownloadInformation] CODEBASE = http://messenger.zone.msn.com/binar... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation] CODEBASE = http://acs.pandasoftware.com/active... INF = C:\WINDOWS\Downloaded Program Files\asinst.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8}\DownloadInformation] CODEBASE = http://filelodge.bolt.com/ImageUplo... INF = C:\WINDOWS\Downloaded Program Files\ImageUploader3.inf [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}\DownloadInformation] CODEBASE = http://messenger.zone.msn.com/binar... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\DownloadInformation] CODEBASE = http://java.sun.com/update/1.6.0/ji... INF = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation] CODEBASE = http://java.sun.com/update/1.6.0/ji... INF = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation] CODEBASE = http://fpdownload2.macromedia.com/g... INF = C:\WINDOWS\Downloaded Program Files\swflash.inf »»»»»»»»»»»»»»»»»»»» Files Created Within 30 Days »»»»»»»»»»»»» C:\351.tmp [Ver = | Size = 457179136 bytes | Created Date = 15/02/2007 7:25:09 AM | Attr = ] C:\48D.tmp [Ver = | Size = 978952192 bytes | Created Date = 14/02/2007 9:14:41 PM | Attr = ] C:\SimplePIM.hen [Ver = | Size = 47104 bytes | Created Date = 6/02/2007 8:23:26 AM | Attr = ] C:\Documents and Settings\Olmi\Application Data\internaldb41.dat [Ver = | Size = 18432 bytes | Created Date = 29/01/2007 6:11:02 PM | Attr = ] C:\Documents and Settings\Olmi\Application Data\internaldb6334.dat [Ver = | Size = 374 bytes | Created Date = 29/01/2007 6:11:06 PM | Attr = ] C:\Documents and Settings\Olmi\Application Data\internaldb8467.dat [Ver = | Size = 538 bytes | Created Date = 29/01/2007 6:11:06 PM | Attr = ] C:\Documents and Settings\Olmi\My Documents\17042006012.mp4 [Ver = | Size = 9689922 bytes | Created Date = 17/02/2007 5:42:15 PM | Attr = ] C:\Documents and Settings\Olmi\My Documents\How to Play Pokemon.doc [Ver = | Size = 51200 bytes | Created Date = 3/02/2007 12:01:04 PM | Attr = ] C:\Documents and Settings\Olmi\My Documents\New_Cardlist.pdf [Ver = | Size = 559541 bytes | Created Date = 3/02/2007 11:53:36 AM | Attr = ] C:\Documents and Settings\Olmi\My Documents\shane.nr3 [Ver = | Size = 10195 bytes | Created Date = 28/01/2007 12:07:27 PM | Attr = ] C:\Documents and Settings\Olmi\My Documents\The book of philosophy.doc [Ver = | Size = 12711424 bytes | Created Date = 15/02/2007 11:00:04 PM | Attr = ] C:\Documents and Settings\All Users\Desktop\AVG 7.5.lnk [Ver = | Size = 1542 bytes | Created Date = 11/02/2007 7:58:09 AM | Attr = ] C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [Ver = | Size = 790 bytes | Created Date = 21/02/2007 11:49:21 AM | Attr = ] C:\Documents and Settings\All Users\Desktop\WinZip.lnk [Ver = | Size = 746 bytes | Created Date = 18/02/2007 2:11:52 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\avg75free_441a944.exe [Ver = | Size = 19170000 bytes | Created Date = 11/02/2007 7:39:46 AM | Attr = ] C:\Documents and Settings\Olmi\Desktop\bfu.zip [Ver = | Size = 62862 bytes | Created Date = 18/02/2007 2:15:46 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\catchme.exe [Ver = | Size = 28160 bytes | Created Date = 19/02/2007 7:59:36 AM | Attr = ] C:\Documents and Settings\Olmi\Desktop\comboscan.exe [Ver = 3, 2, 2, 0 | Size = 672889 bytes | Created Date = 19/02/2007 7:46:58 AM | Attr = ] C:\Documents and Settings\Olmi\Desktop\drweb-cureit.exe [Ver = | Size = 5754744 bytes | Created Date = 19/02/2007 2:41:40 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\DrWeb.csv [Ver = | Size = 448 bytes | Created Date = 19/02/2007 3:48:57 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\jre-6-windows-i586.exe [Ver = | Size = 13170312 bytes | Created Date = 16/02/2007 2:19:22 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\shane.jpg [Ver = | Size = 162993 bytes | Created Date = 15/02/2007 5:44:28 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\Shortcut to BFU.exe.lnk [Ver = | Size = 460 bytes | Created Date = 18/02/2007 2:24:50 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\Shortcut to electric.lnk [Ver = | Size = 781 bytes | Created Date = 10/02/2007 10:01:58 AM | Attr = ] C:\Documents and Settings\Olmi\Desktop\Silent Runners.zip [Ver = | Size = 86155 bytes | Created Date = 20/02/2007 1:48:10 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\SUPERAntiSpyware.exe [Ver = | Size = 5743392 bytes | Created Date = 21/02/2007 11:43:46 AM | Attr = ] C:\Documents and Settings\Olmi\Desktop\VundoFix.exe Atribune.org [Ver = 6.03.0007 | Size = 91648 bytes | Created Date = 19/02/2007 2:27:14 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\winpfind(2).exe [Ver = | Size = 262159 bytes | Created Date = 22/02/2007 7:11:23 AM | Attr = ] C:\Documents and Settings\Olmi\Desktop\winpfind.exe [Ver = | Size = 262159 bytes | Created Date = 20/02/2007 9:22:39 AM | Attr = ] C:\Documents and Settings\Olmi\Desktop\winzip110.exe [Ver = | Size = 7718504 bytes | Created Date = 18/02/2007 2:06:19 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\WMAInstaller.exe Cheetah Burner [Ver = 1.0 | Size = 6563097 bytes | Created Date = 31/01/2007 6:46:19 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\zippack2.zip [Ver = | Size = 22 bytes | Created Date = 8/02/2007 5:46:50 PM | Attr = ] @Alternate Data Stream - C:\Documents and Settings\Olmi\Desktop\zippack2.zip:SummaryInformation (88 bytes) @Alternate Data Stream - C:\Documents and Settings\Olmi\Desktop\zippack2.zip:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [Ver = | Size = 1757 bytes | Created Date = 17/02/2007 8:16:31 AM | Attr = ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [Ver = | Size = 1725 bytes | Created Date = 17/02/2007 8:16:31 AM | Attr = ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [Ver = | Size = 1528 bytes | Created Date = 18/02/2007 2:11:52 PM | Attr = ] C:\WINDOWS\PROGRAM.exe [Ver = | Size = 675579 bytes | Created Date = 29/01/2007 6:11:54 PM | Attr = ] C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Created Date = 21/02/2007 1:34:20 PM | Attr = ] C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Created Date = 21/02/2007 1:34:20 PM | Attr = H ] C:\WINDOWS\System32\CMMGR32.exe [Ver = | Size = 0 bytes | Created Date = 21/02/2007 12:02:18 PM | Attr = ] C:\WINDOWS\System32\java.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 16/02/2007 2:36:55 PM | Attr = ] C:\WINDOWS\System32\javacpl.cpl Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Created Date = 16/02/2007 2:36:55 PM | Attr = ] C:\WINDOWS\System32\javaw.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Created Date = 16/02/2007 2:36:55 PM | Attr = ] C:\WINDOWS\System32\javaws.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Created Date = 16/02/2007 2:36:55 PM | Attr = ] C:\WINDOWS\System32\SSUBTMR.DLL <none> [Ver = 1.00.0017 | Size = 27648 bytes | Created Date = 6/02/2007 8:22:42 AM | Attr = ] C:\WINDOWS\System32\tmp.reg [Ver = | Size = 3120 bytes | Created Date = 16/02/2007 9:25:50 AM | Attr = ] C:\WINDOWS\System32\vbalgrid.OCX vbAccelerator [Ver = 1.00.0048 | Size = 294912 bytes | Created Date = 6/02/2007 8:23:25 AM | Attr = ] C:\WINDOWS\System32\vbaliml6.OCX vbAccelerator [Ver = 1.04.0001 | Size = 94208 bytes | Created Date = 6/02/2007 8:23:25 AM | Attr = ] C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 11/02/2007 7:58:08 AM | Attr = ] C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Created Date = 11/02/2007 7:58:07 AM | Attr = ] C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 15/02/2007 8:39:22 AM | Attr = ] »»»»»»»»»»»»»»»»»»»» Files Modified Within 30 Days »»»»»»»»»»»»» C:\351.tmp [Ver = | Size = 457179136 bytes | Modified Date = 15/02/2007 9:19:48 AM | Attr = ] C:\48D.tmp [Ver = | Size = 978952192 bytes | Modified Date = 14/02/2007 10:28:40 PM | Attr = ] C:\boot.ini [Ver = | Size = 211 bytes | Modified Date = 17/02/2007 9:16:34 AM | Attr = HS] C:\SimplePIM.hen [Ver = | Size = 47104 bytes | Modified Date = 6/02/2007 9:23:28 AM | Attr = ] C:\Documents and Settings\Olmi\Application Data\internaldb41.dat [Ver = | Size = 18432 bytes | Modified Date = 7/02/2007 10:46:16 AM | Attr = ] C:\Documents and Settings\Olmi\Application Data\internaldb6334.dat [Ver = | Size = 374 bytes | Modified Date = 7/02/2007 10:46:40 AM | Attr = ] C:\Documents and Settings\Olmi\Application Data\internaldb8467.dat [Ver = | Size = 538 bytes | Modified Date = 7/02/2007 10:46:12 AM | Attr = ] C:\Documents and Settings\Olmi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 129024 bytes | Modified Date = 21/02/2007 1:56:02 AM | Attr = ] C:\Documents and Settings\Olmi\Local Settings\Application Data\IconCache.db [Ver = | Size = 6898918 bytes | Modified Date = 10/02/2007 2:46:58 PM | Attr = H ] C:\Documents and Settings\Olmi\My Documents\How to Play Pokemon.doc [Ver = | Size = 51200 bytes | Modified Date = 3/02/2007 1:01:06 PM | Attr = ] C:\Documents and Settings\Olmi\My Documents\New_Cardlist.pdf [Ver = | Size = 559541 bytes | Modified Date = 3/02/2007 12:53:38 PM | Attr = ] C:\Documents and Settings\Olmi\My Documents\shane.nr3 [Ver = | Size = 10195 bytes | Modified Date = 28/01/2007 1:07:28 PM | Attr = ] C:\Documents and Settings\Olmi\My Documents\The book of philosophy.doc [Ver = | Size = 12711424 bytes | Modified Date = 16/02/2007 7:01:58 PM | Attr = ] C:\Documents and Settings\Olmi\My Documents\Thumbs.db [Ver = | Size = 95232 bytes | Modified Date = 21/02/2007 7:02:08 PM | Attr = HS] @Alternate Data Stream - C:\Documents and Settings\Olmi\My Documents\Thumbs.db:encryptable (0 bytes) C:\Documents and Settings\All Users\Desktop\AVG 7.5.lnk [Ver = | Size = 1542 bytes | Modified Date = 11/02/2007 8:58:10 AM | Attr = ] C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [Ver = | Size = 790 bytes | Modified Date = 21/02/2007 12:49:22 PM | Attr = ] C:\Documents and Settings\All Users\Desktop\WinZip.lnk [Ver = | Size = 746 bytes | Modified Date = 18/02/2007 3:11:54 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\avg75free_441a944.exe [Ver = | Size = 19170000 bytes | Modified Date = 11/02/2007 8:51:50 AM | Attr = ] C:\Documents and Settings\Olmi\Desktop\bfu.zip [Ver = | Size = 62862 bytes | Modified Date = 18/02/2007 3:15:40 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\catchme.exe [Ver = | Size = 28160 bytes | Modified Date = 19/02/2007 8:59:36 AM | Attr = ] C:\Documents and Settings\Olmi\Desktop\comboscan.exe [Ver = 3, 2, 2, 0 | Size = 672889 bytes | Modified Date = 19/02/2007 8:47:22 AM | Attr = ] C:\Documents and Settings\Olmi\Desktop\drweb-cureit.exe [Ver = | Size = 5754744 bytes | Modified Date = 19/02/2007 3:45:10 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\DrWeb.csv [Ver = | Size = 448 bytes | Modified Date = 19/02/2007 4:48:58 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\jre-6-windows-i586.exe [Ver = | Size = 13170312 bytes | Modified Date = 16/02/2007 3:27:22 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\shane.jpg [Ver = | Size = 162993 bytes | Modified Date = 15/02/2007 6:44:34 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\Shortcut to BFU.exe.lnk [Ver = | Size = 460 bytes | Modified Date = 18/02/2007 3:24:52 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\Shortcut to electric.lnk [Ver = | Size = 781 bytes | Modified Date = 10/02/2007 11:02:00 AM | Attr = ] C:\Documents and Settings\Olmi\Desktop\Silent Runners.zip [Ver = | Size = 86155 bytes | Modified Date = 20/02/2007 2:48:12 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\SUPERAntiSpyware.exe [Ver = | Size = 5743392 bytes | Modified Date = 21/02/2007 12:47:14 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\VundoFix.exe Atribune.org [Ver = 6.03.0007 | Size = 91648 bytes | Modified Date = 19/02/2007 3:27:16 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\winpfind(2).exe [Ver = | Size = 262159 bytes | Modified Date = 22/02/2007 8:11:30 AM | Attr = ] C:\Documents and Settings\Olmi\Desktop\winpfind.exe [Ver = | Size = 262159 bytes | Modified Date = 20/02/2007 10:22:38 AM | Attr = ] C:\Documents and Settings\Olmi\Desktop\winzip110.exe [Ver = | Size = 7718504 bytes | Modified Date = 18/02/2007 3:10:56 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\WMAInstaller.exe Cheetah Burner [Ver = 1.0 | Size = 6563097 bytes | Modified Date = 31/01/2007 7:51:08 PM | Attr = ] C:\Documents and Settings\Olmi\Desktop\zippack2.zip [Ver = | Size = 22 bytes | Modified Date = 14/02/2007 2:12:06 PM | Attr = ] @Alternate Data Stream - C:\Documents and Settings\Olmi\Desktop\zippack2.zip:SummaryInformation (88 bytes) @Alternate Data Stream - C:\Documents and Settings\Olmi\Desktop\zippack2.zip:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes) C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [Ver = | Size = 1528 bytes | Modified Date = 18/02/2007 3:11:54 PM | Attr = ] C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 22/02/2007 7:20:22 AM | Attr = S] C:\WINDOWS\EPISME00.SWB [Ver = | Size = 9662 bytes | Modified Date = 1/02/2007 6:13:50 PM | Attr = ] C:\WINDOWS\imsins.BAK [Ver = | Size = 1374 bytes | Modified Date = 15/02/2007 2:39:06 PM | Attr = ] C:\WINDOWS\NeroDigital.ini [Ver = | Size = 116 bytes | Modified Date = 21/02/2007 2:49:42 AM | Attr = ] C:\WINDOWS\PROGRAM.exe [Ver = | Size = 675579 bytes | Modified Date = 29/01/2007 7:11:56 PM | Attr = ] C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Modified Date = 21/02/2007 2:34:22 PM | Attr = ] C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Modified Date = 21/02/2007 2:34:22 PM | Attr = H ] C:\WINDOWS\system.ini [Ver = | Size = 227 bytes | Modified Date = 17/02/2007 9:16:34 AM | Attr = ] C:\WINDOWS\win.ini [Ver = | Size = 734 bytes | Modified Date = 17/02/2007 9:16:34 AM | Attr = ] C:\WINDOWS\System32\CMMGR32.exe [Ver = | Size = 0 bytes | Modified Date = 21/02/2007 1:02:20 PM | Attr = ] C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Modified Date = 15/02/2007 5:10:30 PM | Attr = ] C:\WINDOWS\System32\java.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 16/02/2007 3:36:28 PM | Attr = ] C:\WINDOWS\System32\javacpl.cpl Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 69632 bytes | Modified Date = 16/02/2007 3:36:28 PM | Attr = ] C:\WINDOWS\System32\javaw.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 135168 bytes | Modified Date = 16/02/2007 3:36:28 PM | Attr = ] C:\WINDOWS\System32\javaws.exe Sun Microsystems, Inc. [Ver = 6.0.0.105 | Size = 139264 bytes | Modified Date = 16/02/2007 3:36:28 PM | Attr = ] C:\WINDOWS\System32\pavas.ico [Ver = | Size = 30590 bytes | Modified Date = 15/02/2007 5:10:28 PM | Attr = ] C:\WINDOWS\System32\Thumbs.db [Ver = | Size = 7168 bytes | Modified Date = 20/02/2007 3:38:48 PM | Attr = HS] @Alternate Data Stream - C:\WINDOWS\System32\Thumbs.db:encryptable (0 bytes) C:\WINDOWS\System32\tmp.reg [Ver = | Size = 3120 bytes | Modified Date = 16/02/2007 10:25:52 AM | Attr = ] C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Modified Date = 15/02/2007 5:10:30 PM | Attr = ] C:\WINDOWS\System32\vbalgrid.OCX vbAccelerator [Ver = 1.00.0048 | Size = 294912 bytes | Modified Date = 6/02/2007 9:23:26 AM | Attr = ] C:\WINDOWS\System32\vbaliml6.OCX vbAccelerator [Ver = 1.04.0001 | Size = 94208 bytes | Modified Date = 6/02/2007 9:23:26 AM | Attr = ] C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 13646 bytes | Modified Date = 22/02/2007 7:20:42 AM | Attr = ] C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Modified Date = 11/02/2007 8:58:16 AM | Attr = ] C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 11/02/2007 8:58:16 AM | Attr = ] C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 27776 bytes | Modified Date = 11/02/2007 8:58:08 AM | Attr = ] C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 11/02/2007 8:58:10 AM | Attr = ] C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Modified Date = 11/02/2007 8:58:08 AM | Attr = ] »»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»» File scan skipped for file C:\351.tmp. File size too big (457179136 bytes) File scan skipped for file C:\48D.tmp. File size too big (978952192 bytes) [WSUD , ]C:\Documents and Settings\Olmi\My Documents\17042006012.mp4 () @Alternate Data Stream - C:\Documents and Settings\Olmi\My Documents\baby.jpg:Zone.Identifier (26 bytes) @Alternate Data Stream - C:\Documents and Settings\Olmi\My Documents\PAF5EnglishSetup.exe:Zone.Identifier (26 bytes) @Alternate Data Stream - C:\Documents and Settings\Olmi\My Documents\Thumbs.db:encryptable (0 bytes) [UPX! , UPX0 , ]C:\Documents and Settings\Olmi\Desktop\comboscan.exe () [UPX! , UPX0 , ]C:\Documents and Settings\Olmi\Desktop\LS_HSI.exe () File scan skipped for file C:\Documents and Settings\Olmi\Desktop\Nero-7.5.7.0_eng(2).exe. File size too big (135916824 bytes) [UPX! , UPX0 , USERTRUST , ]C:\Documents and Settings\Olmi\Desktop\RCSetup.exe () [Thawte Consulting , ]C:\Documents and Settings\Olmi\Desktop\SUPERAntiSpyware.exe () @Alternate Data Stream - C:\Documents and Settings\Olmi\Desktop\Thumbs.db:encryptable (0 bytes) [PEC2 , PECompact2 , ]C:\Documents and Settings\Olmi\Desktop\VundoFix.exe (Atribune.org) [PTech , ]C:\Documents and Settings\Olmi\Desktop\WindowsDefender.msi () [PECompact2 , ]C:\Documents and Settings\Olmi\Desktop\winzip100.exe () [PECompact2 , ]C:\Documents and Settings\Olmi\Desktop\winzip110.exe () @Alternate Data Stream - C:\Documents and Settings\Olmi\Desktop\zippack2.zip:SummaryInformation (88 bytes) @Alternate Data Stream - C:\Documents and Settings\Olmi\Desktop\zippack2.zip:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes) File scan skipped for file C:\WINDOWS\dp2_log.txt. File size too big (117564352 bytes) [UPX0 , ]C:\WINDOWS\RTLCPL.exe (Realtek Semiconductor Corp.) [UPX! , UPX0 , ]C:\WINDOWS\System32\avisynth.dll (The Public) [UPX! , UPX0 , ]C:\WINDOWS\System32\CoreAAC.ax () [PEC2 , ]C:\WINDOWS\System32\dfrg.msc () [PEC2 , PECompact2 , ]C:\WINDOWS\System32\DivX.dll (DivX, Inc.) @Alternate Data Stream - C:\WINDOWS\System32\Thumbs.db:encryptable (0 bytes) [winsync , ]C:\WINDOWS\System32\wbdbase.deu () [UPX0 , WSUD , ]C:\WINDOWS\System32\dllcache\hwxjpn.dll () [aspack , FSG! , PEC2 , UPX! , ]C:\WINDOWS\System32\drivers\avg7core.sys (GRISOFT, s.r.o.) < End of report >

0

Please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Navigate to and delete these files if found: C:\WINDOWS\dp2_log.txt C:\Documents and Settings\Olmi\Application Data\internaldb8467.dat C:\Documents and Settings\Olmi\Application Data\internaldb6334.dat C:\Documents and Settings\Olmi\Application Data\internaldb41.dat Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Then try to defrag and let us know how you are running.

0

Sorry but it seems to be the same.

0

Go to this link, http://virusscan.jotti.org/ copy the following file into the "upload and scan box", click submit then post the results. C:\WINDOWS\PROGRAM.exe Just use the browse button at the Jotti's site to navigate to the file on your computer, double click the file, click submit.

0

ok i did that and is says nothing found in the scanner results

0

Please check these files on the Jotti's site. C:\ffefdd18e00602e8e81c70678c6c244d C:\6d9f051d2bbd087d2ec8fc715ef1 C:\c4149a18bc15d1d31b169116a1 C:\fb5efac2dc6fc7fc090f6be4 C:\eb5fcf2cdf68cb91b7d4fac3 C:\1dac3065adbe515f863b9c296bd9 navigate to and make sure this folder was deleted: C:\WINDOWS\system32\UpMedia

0

when im scanning in jottis site, am i supposed to look at the scanner results or the statistics???

0

Typically only scanner results are needed but in this case please post at least two statistic reports amd let me know if you found the Upmedia folder.

0

Upmedia was deleted. As for the scans They all say that nothing was found. Here are two statistics files. t file scanned at least one scanner reported something about: asw.exe (MD5: 3b135886688c3bb20f01ce28e8519d48), detected by: Scanner Malware name AntiVir HEUR/Crypted ArcaVir X Avast X AVG Antivirus X BitDefender X Last file scanned at least one scanner reported something about: hxdef100r.zip (MD5: 094284a17df95da67693fe4767a03134), detected by: Scanner Malware name AntiVir BDC/Hacdef.084 backdoor ArcaVir Trojan.Hacdef.073.B Avast Win32:Hacdef-DX AVG Antivirus BackDoor.Agent.10.AR BitDefender X ClamAV Trojan.Hacdef-29 Dr.Web BackDoor.HackDef.84 F-Prot Antivirus W32/Backdoor.EXT F-Secure Anti-Virus Backdoor.Win32.HacDef.084 Fortinet W32/HacDef.084!tr.bdr Kaspersky Anti-Virus X NOD32 Win32/HacDef.084 Norman Virus Control W32/Hacdef.0_84A VirusBuster Backdoor.Hacdef.C VBA32 Backdoor.Win32.HacDef.084 ClamAV Trojan.BO2K Dr.Web WIN.PWS.WORM.Virus F-Prot Antivirus X F-Secure Anti-Virus X Fortinet X Kaspersky Anti-Virus X NOD32 probably unknown NewHeur_PE Norman Virus Control X VirusBuster X VBA32 X

0

Download "Autoruns" from here: http://download.sysinternals.com/Files/Autoruns.zip Save it and unzip it to its own folder. Open folder and double click autoruns.exe Wait for scan to finish. Click the "options" menu and check "include empty sections" & "varify code signatures". click the "users" menu and checkmark "Fire" If it does not scan again automatically; click the "file" menu and click "refresh". Wait for scan to finish. Click the floppy icon> save log> post log. It may take more than one post to get it all in.

0

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms + rdpclip RDP Clip Monitor (Verified) Microsoft Windows Publisher c:\windows\system32\rdpclip.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit + C:\WINDOWS\SYSTEM32\Userinit.exe Userinit Logon Application (Verified) Microsoft Windows Publisher c:\windows\system32\userinit.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell + Explorer.exe Windows Explorer (Verified) Microsoft Windows Publisher c:\windows\explorer.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + AVG7_CC AVG Control Center (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgcc.exe + Blubster File not found: C:\Program Files\Blubster\Blubster.exe SILENT + DataLayer DataLayer 2.0 Module (Not verified) Nokia Mobile Phones Ltd. c:\program files\common files\pcsuite\datalayer\datalayer.exe + Google Desktop Search c:\program files\google\google desktop search\googledesktop.exe + HotKeysCmds hkcmd Module (Verified) Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\hkcmd.exe + IgfxTray igfxTray Module (Verified) Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\igfxtray.exe + NeroFilterCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe + PCSuiteTrayApplication Launch Application (Not verified) Nokia c:\program files\nokia\nokia pc suite 6\launchapplication.exe + Persistence persistence Module (Verified) Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\igfxpers.exe + RemoteControl PowerDVD RC Service (Not verified) Cyberlink Corp. c:\program files\cyberlink\powerdvd\pdvdserv.exe + SunJavaUpdateSched Java(TM) Platform SE binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0\bin\jusched.exe + TkBellExe RealNetworks Scheduler (Not verified) RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce C:\Documents and Settings\All Users\Start Menu\Programs\Startup + Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher (Not verified) Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe + Microsoft Office.lnk Microsoft Office 2000 component (Not verified) Microsoft Corporation c:\program files\microsoft office\office\osa9.exe + WinZip Quick Pick.lnk WinZip Executable (Not verified) WinZip Computing LP c:\program files\winzip\wzqkpick.exe C:\Documents and Settings\Olmi\Start Menu\Programs\Startup HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Run + ctfmon.exe CTF Loader (Verified) Microsoft Windows Publisher c:\windows\system32\ctfmon.exe + Free Download Manager File not found: C:\Program Files\Free Download Manager\fdm.exe + MSMSGS Windows Messenger (Verified) Microsoft Windows XP Publisher c:\program files\messenger\msmsgs.exe + NBJ Nero BackItUp Scheduler Application (Not verified) Ahead Software AG c:\program files\ahead\nero backitup\nbj.exe + SUPERAntiSpyware SUPERAntiSpyware (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\superantispyware.exe + swg GoogleToolbarNotifier (Verified) Google Inc c:\program files\google\googletoolbarnotifier\1.0.720.4156\googletoolbarnotifier.exe + updateMgr Adobe Update Manager (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\reader\adobeupdatemanager.exe HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\RunonceEx HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run HKLM\SOFTWARE\Classes\Protocols\Filter + Class Install Handler OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher c:\windows\system32\urlmon.dll + deflate OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher c:\windows\system32\urlmon.dll + gzip OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher c:\windows\system32\urlmon.dll + lzdhtml OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher c:\windows\system32\urlmon.dll + text/webviewhtml Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher c:\windows\system32\shell32.dll HKLM\SOFTWARE\Classes\Protocols\Handler + about Microsoft (R) HTML Viewer (Verified) Microsoft Windows Component Publisher c:\windows\system32\mshtml.dll + cdl OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher c:\windows\system32\urlmon.dll + dvd ActiveX control for streaming video (Verified) Microsoft Windows Publisher c:\windows\system32\msvidctl.dll + file OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher c:\windows\system32\urlmon.dll + ftp OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher c:\windows\system32\urlmon.dll + gopher OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher c:\windows\system32\urlmon.dll + http OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher c:\windows\system32\urlmon.dll + https OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher c:\windows\system32\urlmon.dll + its Microsoft® InfoTech Storage System Library (Verified) Microsoft Windows XP Publisher c:\windows\system32\itss.dll + javascript Microsoft (R) HTML Viewer (Verified) Microsoft Windows Component Publisher c:\windows\system32\mshtml.dll + local OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher c:\windows\system32\urlmon.dll + mailto Microsoft (R) HTML Viewer (Verified) Microsoft Windows Component Publisher c:\windows\system32\mshtml.dll + mhtml Microsoft Internet Messaging API (Verified) Microsoft Windows Component Publisher c:\windows\system32\inetcomm.dll + mk OLE32 Extensions for Win32 (Verified) Microsoft Windows Component Publisher c:\windows\system32\urlmon.dll + ms-its Microsoft® InfoTech Storage System Library (Verified) Microsoft Windows XP Publisher c:\windows\system32\itss.dll + msnim MSN Messenger Protocol Handler (Not verified) Microsoft Corporation c:\program files\msn messenger\msgrapp.dll + res Microsoft (R) HTML Viewer (Verified) Microsoft Windows Component Publisher c:\windows\system32\mshtml.dll + sysimage Microsoft (R) HTML Viewer (Verified) Microsoft Windows Component Publisher c:\windows\system32\mshtml.dll + tv ActiveX control for streaming video (Verified) Microsoft Windows Publisher c:\windows\system32\msvidctl.dll + vbscript Microsoft (R) HTML Viewer (Verified) Microsoft Windows Component Publisher c:\windows\system32\mshtml.dll + wia WIA Scripting Layer (Verified) Microsoft Windows Publisher c:\windows\system32\wiascr.dll HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components + Address Book 6 Outlook Express Setup Library (Verified) Microsoft Windows Publisher c:\program files\outlook express\setup50.exe + Browser Customizations IEAK branding (Verified) Microsoft Windows Component Publisher c:\windows\system32\iedkcs32.dll + Browser Customizations IEAK branding (Verified) Microsoft Windows Component Publisher c:\windows\system32\iedkcs32.dll + IE7 Uninstall Stub IE Per User Active Setup Uninstall Utility (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieudinit.exe + Internet Explorer IE Per-User Initialization Utility (Verified) Microsoft Windows Component Publisher c:\windows\system32\ie4uinit.exe + Internet Explorer IE Per-User Initialization Utility (Verified) Microsoft Windows Component Publisher c:\windows\system32\ie4uinit.exe + Microsoft Outlook Express 6 Outlook Express Setup Library (Verified) Microsoft Windows Publisher c:\program files\outlook express\setup50.exe + Microsoft Windows Media Player Microsoft Windows Media Player Setup Utility (Verified) Microsoft Windows Component Publisher c:\windows\inf\unregmp2.exe + Microsoft Windows Media Player ADVPACK (Verified) Microsoft Windows Component Publisher c:\windows\system32\advpack.dll + NetMeeting 3.01 ADVPACK (Verified) Microsoft Windows Component Publisher c:\windows\system32\advpack.dll + Outlook Express Windows NT User Data Migration Tool (Verified) Microsoft Windows Publisher c:\windows\system32\shmgrate.exe + Themes Setup Microsoft(C) Register Server (Verified) Microsoft Windows Publisher c:\windows\system32\regsvr32.exe + Windows Desktop Update Microsoft(C) Register Server (Verified) Microsoft Windows Publisher c:\windows\system32\regsvr32.exe + Windows Messenger 4.7 ADVPACK (Verified) Microsoft Windows Component Publisher c:\windows\system32\advpack.dll HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler + Browseui preloader Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Component Categories cache daemon Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad + CDBurn Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher c:\windows\system32\shell32.dll + PostBootReminder Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher c:\windows\system32\shell32.dll + SysTray Systray shell service object (Verified) Microsoft Windows Publisher c:\windows\system32\stobject.dll + WebCheck Web Site Monitor (Verified) Microsoft Windows Component Publisher c:\windows\system32\webcheck.dll + WPDShServiceObj Windows Portable Device Shell Service Object (Verified) Microsoft Windows Component Publisher c:\windows\system32\wpdshserviceobj.dll HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks + AVG Anti-Spyware 7.5 AVG Anti-Spyware shellexecutehook (Not verified) Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll + sasseh.dll ShellExecuteHook (Not verified) SuperAdBlocker.com c:\program files\superantispyware\sasseh.dll + shell32.dll Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher c:\windows\system32\shell32.dll HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + Web Folders c:\program files\common files\microsoft shared\web folders\msonsext.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + %DESC_PublishDropTarget% Photo Printing Wizard (Verified) Microsoft Windows Publisher c:\windows\system32\photowiz.dll + &Address Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + &Links Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + .CAB file viewer Cabinet File Viewer Shell Extension (Verified) Microsoft Windows Publisher c:\windows\system32\cabview.dll + a-squared Free Context Menu Shell Extension a-squared Free (Not verified) Emsi Software GmbH c:\program files\a-squared free\a2freecontmenu.dll + Accessible Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + ActiveX Cache Folder Object Control Viewer (Verified) Microsoft Windows Component Publisher c:\windows\system32\occache.dll + Address EditBox Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Administrative Tools Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + Audio Media Properties Handler Media File Property Extractor Shell Extension (Verified) Microsoft Windows Publisher c:\windows\system32\shmedia.dll + Augmented Shell Folder Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Augmented Shell Folder 2 Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Auto Update Property Sheet Extension Automatic Updates Control Panel (Verified) Microsoft Windows XP Publisher c:\windows\system32\wuaucpl.cpl + AVG7 Find Extension AVG Shell Extension (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgse.dll + AVG7 Shell Extension AVG Shell Extension (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgse.dll + Avi Properties Handler Media File Property Extractor Shell Extension (Verified) Microsoft Windows Publisher c:\windows\system32\shmedia.dll + BandProxy Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Briefcase Windows Briefcase (Verified) Microsoft Windows Publisher c:\windows\system32\syncui.dll + CDF Extension Copy Hook Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + Code Download Agent Web Site Monitor (Verified) Microsoft Windows Component Publisher c:\windows\system32\webcheck.dll + Compatibility Page Compatibility Tab Shell Extension DLL (Verified) Microsoft Windows Publisher c:\windows\system32\slayerxp.dll + Compressed (zipped) Folder Compressed (zipped) Folders (Verified) Microsoft Windows Publisher c:\windows\system32\zipfldr.dll + Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders (Verified) Microsoft Windows Publisher c:\windows\system32\zipfldr.dll + Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders (Verified) Microsoft Windows Publisher c:\windows\system32\zipfldr.dll + ConnectionAgent Web Site Monitor (Verified) Microsoft Windows Component Publisher c:\windows\system32\webcheck.dll + Crypto PKO Extension Crypto Shell Extensions (Verified) Microsoft Windows Publisher c:\windows\system32\cryptext.dll + Crypto Sign Extension Crypto Shell Extensions (Verified) Microsoft Windows Publisher c:\windows\system32\cryptext.dll + Custom MRU AutoCompleted List Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Darwin App Publisher Shell Application Manager (Verified) Microsoft Windows Publisher c:\windows\system32\appwiz.cpl + DfsShell Distributed File System shell extension (Verified) Microsoft Windows Publisher c:\windows\system32\dfsshlex.dll + Directory Context Menu Verbs Directory Service Common UI (Verified) Microsoft Windows Publisher c:\windows\system32\dsuiext.dll + Directory Object Find Directory Service Find (Verified) Microsoft Windows Publisher c:\windows\system32\dsquery.dll + Directory Property UI Directory Service Common UI (Verified) Microsoft Windows Publisher c:\windows\system32\dsuiext.dll + Directory Query UI Directory Service Find (Verified) Microsoft Windows Publisher c:\windows\system32\dsquery.dll + Directory Start/Search Find Directory Service Find (Verified) Microsoft Windows Publisher c:\windows\system32\dsquery.dll + Disk Copy Extension Windows DiskCopy (Verified) Microsoft Windows Publisher c:\windows\system32\diskcopy.dll + Disk Quota UI Windows Shell Disk Quota UI DLL (Verified) Microsoft Windows Publisher c:\windows\system32\dskquoui.dll + Display Adapter CPL Extension Advanced display adapter properties (Verified) Microsoft Windows Publisher c:\windows\system32\deskadp.dll + Display Monitor CPL Extension Advanced display monitor properties (Verified) Microsoft Windows Publisher c:\windows\system32\deskmon.dll + Display Panning CPL Extension File not found: deskpan.dll + Display TroubleShoot CPL Extension Advanced display performance properties (Verified) Microsoft Windows Publisher c:\windows\system32\deskperf.dll + Download Status Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + DS Security Page Directory Service Security UI (Verified) Microsoft Windows Publisher c:\windows\system32\dssec.dll + E-mail Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + Explorer Band Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + Extensions Manager Folder Extensions Manager (Verified) Microsoft Windows Component Publisher c:\windows\system32\extmgr.dll + Favorites Band Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + Fonts Windows Font Folder (Verified) Microsoft Windows Publisher c:\windows\system32\fontext.dll + Fonts Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + For &People... Find People (Verified) Microsoft Windows Publisher c:\program files\outlook express\wabfind.dll + FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension (Verified) Microsoft Windows Publisher c:\windows\system32\msieftp.dll + GDI+ file thumbnail extractor Windows Picture and Fax Viewer (Verified) Microsoft Windows Publisher c:\windows\system32\shimgvw.dll + Get a Passport Wizard Map Network Drives/Network Places Wizard (Verified) Microsoft Windows Publisher c:\windows\system32\netplwiz.dll + Global Folder Settings Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Help and Support Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + Help and Support Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + History Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + HTML Thumbnail Extractor Windows Picture and Fax Viewer (Verified) Microsoft Windows Publisher c:\windows\system32\shimgvw.dll + HyperTerminal Icon Ext HyperTerminal Applet Library (Verified) Microsoft Windows Publisher c:\windows\system32\hticons.dll + ICC Profile Microsoft Color Matching System User Interface DLL (Verified) Microsoft Windows Publisher c:\windows\system32\icmui.dll + ICM Monitor Management Microsoft Color Matching System User Interface DLL (Verified) Microsoft Windows Publisher c:\windows\system32\icmui.dll + ICM Printer Management Microsoft Color Matching System User Interface DLL (Verified) Microsoft Windows Publisher c:\windows\system32\icmui.dll + ICM Scanner Management Microsoft Color Matching System User Interface DLL (Verified) Microsoft Windows Publisher c:\windows\system32\icmui.dll + IE AutoComplete Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE BandProxy Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Custom MRU AutoCompleted List Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Fade Task Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE IShellFolderBand Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Menu Band Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Menu Desk Bar Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Menu Site Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Microsoft BrowserBand Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Microsoft History AutoComplete List Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Microsoft Multiple AutoComplete List Container Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Microsoft Shell Folder AutoComplete List Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE MRU AutoComplete List Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Navigation Bar Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Registry Tree Options Utility Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE RSS Feeder Folder Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Search Band Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Shell Band Site Menu Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Shell Rebar BandSite Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE Tracking Shell Menu Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE User Assist Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + IE4 Suite Splash Screen Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + In-pane search Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Installed Apps Enumerator Shell Application Manager (Verified) Microsoft Windows Publisher c:\windows\system32\appwiz.cpl + Internet Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + Internet Name Space Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + InternetShortcut Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + ISFBand OC Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + LG Phone Phone Module (Not verified) LG Electornics c:\documents and settings\olmi\my documents\brendan\mobile\phone.dll + Message View Phone Browser Message View (Not verified) Nokia c:\program files\nokia\nokia pc suite 6\messageview.dll + Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler (Verified) Microsoft Windows Publisher c:\windows\msagent\agentpsh.dll + Microsoft AutoComplete Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Microsoft Browser Architecture Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + Microsoft Browser Architecture Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + Microsoft BrowserBand Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Microsoft Data Link Microsoft Data Access - OLE DB Core Services (Verified) Microsoft Windows Publisher c:\program files\common files\system\ole db\oledb32.dll + Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext (Verified) Microsoft Windows Publisher c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext (Verified) Microsoft Windows Publisher c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext (Verified) Microsoft Windows Publisher c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext (Verified) Microsoft Windows Publisher c:\windows\system32\docprop2.dll + Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext (Verified) Microsoft Windows Publisher c:\windows\system32\docprop2.dll + Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext (Verified) Microsoft Windows Publisher c:\windows\system32\docprop2.dll + Microsoft History AutoComplete List Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Microsoft Internet Toolbar Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Microsoft Multiple AutoComplete List Container Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Microsoft Outlook Custom Icon Handler Microsoft Outlook Shell Hook for Start/Find (Not verified) Microsoft Corporation c:\program files\microsoft office\office\olkfstub.dll + Microsoft Shell Folder AutoComplete List Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Microsoft Url History Service Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + Microsoft Url Search Hook Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + Midi Properties Handler Media File Property Extractor Shell Extension (Verified) Microsoft Windows Publisher c:\windows\system32\shmedia.dll + MMC Icon Handler MMC Shell Extension DLL (Verified) Microsoft Windows Publisher c:\windows\system32\mmcshext.dll + MRU AutoComplete List Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Multimedia File Property Sheet Control Panel Drivers Applet (Verified) Microsoft Windows Publisher c:\windows\system32\mmsys.cpl + MyDocs Copy Hook My Documents Folder UI (Verified) Microsoft Windows Publisher c:\windows\system32\mydocs.dll + MyDocs Drop Target My Documents Folder UI (Verified) Microsoft Windows Publisher c:\windows\system32\mydocs.dll + MyDocs Properties My Documents Folder UI (Verified) Microsoft Windows Publisher c:\windows\system32\mydocs.dll + Network Connections Network Connections Shell (Verified) Microsoft Windows Publisher c:\windows\system32\netshell.dll + Network Connections Network Connections Shell (Verified) Microsoft Windows Publisher c:\windows\system32\netshell.dll + NTFS Security Page Security Shell Extension (Verified) Microsoft Windows Publisher c:\windows\system32\rshx32.dll + Offline Files Folder Client Side Caching UI (Verified) Microsoft Windows Publisher c:\windows\system32\cscui.dll + Offline Files Folder Options Client Side Caching UI (Verified) Microsoft Windows Publisher c:\windows\system32\cscui.dll + Offline Files Menu Client Side Caching UI (Verified) Microsoft Windows Publisher c:\windows\system32\cscui.dll + OLE Docfile Property Page OLE DocFile Property Page (Verified) Microsoft Windows Publisher c:\windows\system32\docprop.dll + PhoneBrowser Phone Browser (Not verified) Nokia c:\program files\nokia\nokia pc suite 6\phonebrowser.dll + PlusPack CPL Extension Windows Theme API (Verified) Microsoft Windows Publisher c:\windows\system32\themeui.dll + Portable Devices Portable Devices Shell Extension (Verified) Microsoft Windows Component Publisher c:\windows\system32\wpdshext.dll + Portable Devices Menu Portable Devices Shell Extension (Verified) Microsoft Windows Component Publisher c:\windows\system32\wpdshext.dll + Portable Media Devices Portable Media Devices Shell Extension (Verified) Microsoft Windows Component Publisher c:\windows\system32\audiodev.dll + PostAgent Web Site Monitor (Verified) Microsoft Windows Component Publisher c:\windows\system32\webcheck.dll + Previous Versions Previous Versions property page (Verified) Microsoft Windows Publisher c:\windows\system32\twext.dll + Previous Versions Property Page Previous Versions property page (Verified) Microsoft Windows Publisher c:\windows\system32\twext.dll + Print Ordering via the Web Map Network Drives/Network Places Wizard (Verified) Microsoft Windows Publisher c:\windows\system32\netplwiz.dll + Printers Security Page Security Shell Extension (Verified) Microsoft Windows Publisher c:\windows\system32\rshx32.dll + Registry Tree Options Utility Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Remote Sessions CPL Extension Remote Sessions CPL Extension (Verified) Microsoft Windows Publisher c:\windows\system32\remotepg.dll + Run... Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + Scanners & Cameras Imaging Devices Shell Folder UI (Verified) Microsoft Windows Publisher c:\windows\system32\wiashext.dll + Scanners & Cameras Imaging Devices Shell Folder UI (Verified) Microsoft Windows Publisher c:\windows\system32\wiashext.dll + Scanners & Cameras Imaging Devices Shell Folder UI (Verified) Microsoft Windows Publisher c:\windows\system32\wiashext.dll + Scanners & Cameras Imaging Devices Shell Folder UI (Verified) Microsoft Windows Publisher c:\windows\system32\wiashext.dll + Scanners & Cameras Imaging Devices Shell Folder UI (Verified) Microsoft Windows Publisher c:\windows\system32\wiashext.dll + Scheduled Tasks Task Scheduler interface DLL (Verified) Microsoft Windows Publisher c:\windows\system32\mstask.dll + Search Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + Search Assistant OC Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + Sendmail service Send Mail (Verified) Microsoft Windows Publisher c:\windows\system32\sendmail.dll + Sendmail service Send Mail (Verified) Microsoft Windows Publisher c:\windows\system32\sendmail.dll + Set Program Access and Defaults Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + Shell Application Manager Shell Application Manager (Verified) Microsoft Windows Publisher c:\windows\system32\appwiz.cpl + Shell Automation Inproc Service Shell Doc Object and Control Library (Verified) Microsoft Windows Component Publisher c:\windows\system32\shdocvw.dll + Shell Band Site Menu Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Shell DeskBar Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Shell DeskBarApp Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Shell DocObject Viewer Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + Shell extensions for Microsoft Windows Network objects Network object shell UI (Verified) Microsoft Windows Publisher c:\windows\system32\ntlanui2.dll + Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll + Shell extensions for sharing Shell extensions for sharing (Verified) Microsoft Windows Publisher c:\windows\system32\ntshrui.dll + Shell extensions for sharing Shell extensions for sharing (Verified) Microsoft Windows Publisher c:\windows\system32\ntshrui.dll + Shell extensions for Windows Script Host Microsoft (r) Shell Extension for Windows Script Host (Verified) Microsoft Windows Publisher c:\windows\system32\wshext.dll + Shell Image Data Factory Windows Picture and Fax Viewer (Verified) Microsoft Windows Publisher c:\windows\system32\shimgvw.dll + Shell Image Property Handler Windows Picture and Fax Viewer (Verified) Microsoft Windows Publisher c:\windows\system32\shimgvw.dll + Shell Image Verbs Windows Picture and Fax Viewer (Verified) Microsoft Windows Publisher c:\windows\system32\shimgvw.dll + Shell properties for a DS object Directory Service Find (Verified) Microsoft Windows Publisher c:\windows\system32\dsquery.dll + Shell Publishing Wizard Object Map Network Drives/Network Places Wizard (Verified) Microsoft Windows Publisher c:\windows\system32\netplwiz.dll + Shell Rebar BandSite Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Shell Scrap DataHandler Shell scrap object handler (Verified) Microsoft Windows Publisher c:\windows\system32\shscrap.dll + Shell Search Band Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Subscription Folder Web Site Monitor (Verified) Microsoft Windows Component Publisher c:\windows\system32\webcheck.dll + Subscription Mgr Web Site Monitor (Verified) Microsoft Windows Component Publisher c:\windows\system32\webcheck.dll + Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer (Verified) Microsoft Windows Publisher c:\windows\system32\shimgvw.dll + Taskbar and Start Menu Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher c:\windows\system32\shell32.dll + Tasks Folder Icon Handler Task Scheduler interface DLL (Verified) Microsoft Windows Publisher c:\windows\system32\mstask.dll + Tasks Folder Shell Extension Task Scheduler interface DLL (Verified) Microsoft Windows Publisher c:\windows\system32\mstask.dll + Temporary Internet Files Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + Temporary Internet Files Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + The Internet Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll + Track Popup Bar Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + TrayAgent Web Site Monitor (Verified) Microsoft Windows Component Publisher c:\windows\system32\webcheck.dll + TridentImageExtractor Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + User Accounts Map Network Drives/Network Places Wizard (Verified) Microsoft Windows Publisher c:\windows\system32\netplwiz.dll + User Assist Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + Video Media Properties Handler Media File Property Extractor Shell Extension (Verified) Microsoft Windows Publisher c:\windows\system32\shmedia.dll + Video Thumbnail Extractor Media File Property Extractor Shell Extension (Verified) Microsoft Windows Publisher c:\windows\system32\shmedia.dll + Wav Properties Handler Media File Property Extractor Shell Extension (Verified) Microsoft Windows Publisher c:\windows\system32\shmedia.dll + Web Printer Shell Extension Print UI DLL (Verified) Microsoft Windows Publisher c:\windows\system32\printui.dll + Web Publishing Wizard Map Network Drives/Network Places Wizard (Verified) Microsoft Windows Publisher c:\windows\system32\netplwiz.dll + Web Search Shell Browser UI Library (Verified) Microsoft Windows c:\windows\system32\browseui.dll + WebCheck Web Site Monitor (Verified) Microsoft Windows Component Publisher c:\windows\system32\webcheck.dll + WebCheck SyncMgr Handler Web Site Monitor (Verified) Microsoft Windows Component Publisher c:\windows\system32\webcheck.dll + WebCheckChannelAgent Web Site Monitor (Verified) Microsoft Windows Component Publisher c:\windows\system32\webcheck.dll + WebCheckWebCrawler Web Site Monitor (Verified) Microsoft Windows Component Publisher c:\windows\system32\webcheck.dll + Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher (Verified) Microsoft Windows Component Publisher c:\windows\system32\wmpshell.dll + Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher (Verified) Microsoft Windows Component Publisher c:\windows\system32\wmpshell.dll + Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher (Verified) Microsoft Windows Component Publisher c:\windows\system32\wmpshell.dll + WinRAR shell extension c:\program files\winrar\rarext.dll + WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll + WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll + WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll + WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing LP c:\program files\winzip\wzshlstb.dll HKCU\Software\Classes\Folder\Shellex\ColumnHandlers HKLM\Software\Classes\Folder\Shellex\ColumnHandlers + PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll + {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher c:\windows\system32\shell32.dll + {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher c:\windows\system32\shell32.dll + {24F14F02-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher c:\windows\system32\shell32.dll + {66742402-F9B9-11D1-A202-0000F81FEDEE} Windows Shell Common Dll (Verified) Microsoft Windows Component Publisher c:\windows\system32\shell32.dll HKCU\Software\Microsoft\Ctf\LangBarAddin HKLM\Software\Microsoft\Ctf\LangBarAddin HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll + EpsonToolBandKicker Class EPSON Web-To-Page (Not verified) SEIKO EPSON CORPORATION c:\program files\epson\epson web-to-page\epson web-to-page.dll + SSVHelper Class Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0\bin\ssv.dll + Windows Live Toolbar Helper Windows Live Toolbar for Internet Explorer (Verified) Microsoft Corporation MSN c:\program files\windows live toolbar\msntb.dll + {53707962-6F74-2D53-2644-206D7942484F} Bad download blocker (Verified) Safer Networking Ltd. c:\program files\spybot - search & destroy\sdhelper.dll HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks + ieframe.dll Internet Explorer (Verified) Microsoft Windows Component Publisher c:\windows\system32\ieframe.dll HKLM\Software\Microsoft\Internet Explorer\Toolbar + epson web-to-page.dll EPSON Web-To-Page (Not verified) SEIKO EPSON CORPORATION c:\program files\epson\epson web-to-page\epson web-to-page.dll + msntb.dll Windows Live Toolbar for Internet Explorer (Verified) Microsoft Corporation MSN c:\program files\windows live toolbar\msntb.dll HKCU\Software\Microsoft\Internet Explorer\Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Extensions HKLM\Software\Microsoft\Internet Explorer\Extensions + Windows Messenger Windows Messenger (Verified) Microsoft Windows XP Publisher c:\program files\messenger\msmsgs.exe Task Scheduler + Check Updates for Windows Live Toolbar.job MSN Search Toolbar Scheduled Update Utility (Not verified) Microsoft Corporation c:\program files\windows live toolbar\msntbup.exe HKLM\System\CurrentControlSet\Services + AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher c:\windows\system32\audiosrv.dll + AVG Anti-Spyware Guard AVG Anti-Spyware guard (Not verified) Anti-Malware Development a.s. c:\program files\grisoft\avg anti-spyware 7.5\guard.exe + Avg7Alrt AVG Alert Manager (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgamsvr.exe + Avg7UpdSvc AVG Update Service (Not verified) GRISOFT, s.r.o. c:\program files\grisoft\avg7\avgupsvc.exe + BITS Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. (Verified) Microsoft Windows Publisher c:\windows\system32\qmgr.dll + Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher c:\windows\system32\browser.dll + CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher c:\windows\system32\cryptsvc.dll + DcomLaunch Provides launch functionality for DCOM services. (Verified) Microsoft Windows XP Publisher c:\windows\system32\rpcss.dll + Dhcp Manages network configuration by registering and updating IP addresses and DNS names. (Verified) Microsoft Windows Component Publisher c:\windows\system32\dhcpcsvc.dll + Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher c:\windows\system32\dnsrslvr.dll + ERSvc Allows error reporting for services and applictions running in non-standard environments. (Verified) Microsoft Windows Publisher c:\windows\system32\ersvc.dll + Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. (Verified) Microsoft Windows Publisher c:\windows\system32\services.exe + helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher c:\windows\pchealth\helpctr\binaries\pchsvc.dll + lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows XP Publisher c:\windows\system32\srvsvc.dll + lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Component Publisher c:\windows\system32\wkssvc.dll + LightScribeService Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work. (Not verified) Hewlett-Packard Company c:\program files\common files\lightscribe\lssrvc.exe + LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. (Verified) Microsoft Windows Publisher c:\windows\system32\lmhsvc.dll + PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. (Verified) Microsoft Windows Publisher c:\windows\system32\services.exe + PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. (Verified) Microsoft Windows Publisher c:\windows\system32\lsass.exe + ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. (Verified) Microsoft Windows Publisher c:\windows\system32\lsass.exe + RpcSs Provides the endpoint mapper and other miscellaneous RPC services. (Verified) Microsoft Windows XP Publisher c:\windows\system32\rpcss.dll + SamSs Stores security information for local user accounts. (Verified) Microsoft Windows Publisher c:\windows\system32\lsass.exe + Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher c:\windows\system32\schedsvc.dll + seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher c:\windows\system32\seclogon.dll + SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. (Verified) Microsoft Windows Publisher c:\windows\system32\sens.dll + SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. (Verified) Microsoft Windows Publisher c:\windows\system32\ipnathlp.dll + ShellHWDetection Provides notifications for AutoPlay hardware events. (Verified) Microsoft Windows Component Publisher c:\windows\system32\shsvcs.dll + Spooler Loads files to memory for later printing. (Verified) Microsoft Windows XP Publisher c:\windows\system32\spoolsv.exe + srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties (Verified) Microsoft Windows Publisher c:\windows\system32\srsvc.dll + stisvc Provides image acquisition services for scanners and cameras. (Verified) Microsoft Windows Component Publisher c:\windows\system32\wiaservc.dll + Themes Provides user experience theme management. (Verified) Microsoft Windows Component Publisher c:\windows\system32\shsvcs.dll + TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. (Verified) Microsoft Windows Publisher c:\windows\system32\trkwks.dll + W32Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher c:\windows\system32\w32time.dll + WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Component Publisher c:\windows\system32\webclnt.dll + winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Publisher c:\windows\system32\wbem\wmisvc.dll + wscsvc Monitors system security settings and configurations. (Verified) Microsoft Windows Publisher c:\windows\system32\wscsvc.dll + wuauserv Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. (Verified) Microsoft Windows Publisher c:\windows\system32\wuauserv.dll + WudfSvc Manages user-mode driver host processes (Verified) Microsoft Windows c:\windows\system32\wudfsvc.dll + WZCSVC Provides automatic configuration for the 802.11 adapters (Verified) Microsoft Windows Publisher c:\windows\system32\wzcsvc.dll HKLM\System\CurrentControlSet\Services + 26381f68-0b0e-43df-a509-3db0aac8de0c File not found: D:\Player\cds300.dll + ACPI ACPI Driver for NT (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\acpi.sys + aec Microsoft Acoustic Echo Canceller (Verified) Microsoft Windows Component Publisher c:\windows\system32\drivers\aec.sys + AFD AFD Networking Support Environment (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\afd.sys + Arp1394 1394 ARP Client Protocol (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\arp1394.sys + AsyncMac RAS Asynchronous Media Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\asyncmac.sys + atapi IDE/ATAPI Port Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\atapi.sys + Atmarpc ATM ARP Client Protocol (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\atmarpc.sys + audstub AudStub Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\audstub.sys + AVG Anti-Spyware Driver c:\program files\grisoft\avg anti-spyware 7.5\guard.sys + Avg7Core AVG Scanning Engine (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avg7core.sys + Avg7RsW AVG Resident Shield Unload Helper (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsw.sys + Avg7RsXP AVG Resident Anti-Virus Shield (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avg7rsxp.sys + AvgAsCln AVG7 Clean Driver (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avgascln.sys + AvgClean AVG7 Clean Driver (Not verified) GRISOFT, s.r.o. c:\windows\system32\drivers\avgclean.sys + Cdrom SCSI CD-ROM Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\cdrom.sys + Disk PnP Disk Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\disk.sys + DMusic Microsoft Kernel DLS Synthesizer (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\dmusic.sys + drmkaud Microsoft Kernel DRM Audio Descrambler Filter (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\drmkaud.sys + Fdc Floppy Disk Controller Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\fdc.sys + Flpydisk Floppy Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\flpydisk.sys + Ftdisk FT Disk Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\ftdisk.sys + Gpc Generic Packet Classifier (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\msgpc.sys + HDAudBus High Definition Audio Bus Driver v1.0a (Verified) Microsoft Windows XP Publisher c:\windows\system32\drivers\hdaudbus.sys + HSF_DPV HSF_DP driver (Verified) Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\drivers\hsf_dpv.sys + HSFHWBS2 HSF_HWB2 WDM driver (Verified) Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\drivers\hsfhwbs2.sys + HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. (Verified) Microsoft Windows Component Publisher c:\windows\system32\drivers\http.sys + i8042prt i8042 Port Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\i8042prt.sys + ialm Intel Graphics Miniport Driver (Verified) Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\drivers\ialmnt5.sys + Imapi IMAPI Kernel Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\imapi.sys + IntcAzAudAddService Realtek(r) High Definition Audio Function Driver (Verified) Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\drivers\rtkhdaud.sys + intelppm Processor Device Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\intelppm.sys + Ip6Fw Provides intrusion prevention service for a home or small office network. (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\ip6fw.sys + IpFilterDriver IP Traffic Filter Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\ipfltdrv.sys + IpInIp IP in IP Tunnel Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\ipinip.sys + IpNat IP Network Address Translator (Verified) Microsoft Windows XP Publisher c:\windows\system32\drivers\ipnat.sys + IPSec IPSEC driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\ipsec.sys + IRENUM Infra-Red Bus Enumerator (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\irenum.sys + isapnp PNP ISA Bus Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\isapnp.sys + Kbdclass Keyboard Class Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\kbdclass.sys + kmixer Kernel Mode Audio Mixer (Verified) Microsoft Windows Component Publisher c:\windows\system32\drivers\kmixer.sys + mdmxsdk Diagnostic Interface DRIVER (Verified) Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\drivers\mdmxsdk.sys + Mouclass Mouse Class Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\mouclass.sys + MSKSSRV MS KS Server (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\mskssrv.sys + MSPCLOCK MS Proxy Clock (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\mspclock.sys + MSPQM MS Proxy Quality Manager (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\mspqm.sys + mssmbios System Management BIOS Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\mssmbios.sys + NdisTapi Remote Access NDIS TAPI Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\ndistapi.sys + Ndisuio NDIS Usermode I/O Protocol (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\ndisuio.sys + NdisWan Remote Access NDIS WAN Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\ndiswan.sys + NetBT NetBios over Tcpip (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\netbt.sys + NIC1394 IEEE1394 Ndis Miniport and Call Manager (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\nic1394.sys + Nokia USB Generic Nokia USB Phone Generic Client (Verified) Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\drivers\nmwcdc.sys + Nokia USB Modem Nokia USB Phone Modem Client (Verified) Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\drivers\nmwcdcm.sys + Nokia USB Phone Parent Nokia USB Phone Bus Driver (Verified) Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\drivers\nmwcd.sys + NwlnkFlt IPX Traffic Filter Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\nwlnkflt.sys + NwlnkFwd IPX Traffic Forwarder Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\nwlnkfwd.sys + ohci1394 1394 OpenHCI Port Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\ohci1394.sys + Parport Parallel Port Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\parport.sys + PCI NT Plug and Play PCI Enumerator (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\pci.sys + PCIIde Generic PCI IDE Bus Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\pciide.sys + Pcouffin File not found: System32\Drivers\Pcouffin.sys + PptpMiniport WAN Miniport (PPTP) (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\raspptp.sys + PSched QoS Packet Scheduler (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\psched.sys + Ptilink Direct Parallel Link Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\ptilink.sys + PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys + RasAcd Remote Access Auto Connection Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\rasacd.sys + Rasl2tp WAN Miniport (L2TP) (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\rasl2tp.sys + RasPppoe Remote Access PPPOE Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\raspppoe.sys + Raspti Direct Parallel (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\raspti.sys + RDPCDD RDP Miniport (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\rdpcdd.sys + redbook Redbook Audio Filter Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\redbook.sys + ROOTMODEM Legacy Non-Pnp Modem Device Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\rootmdm.sys + SASDIFSV SASDIFSV c:\program files\superantispyware\sasdifsv.sys + SASENUM SuperAntiSpyware (Not verified) SuperAdBlocker, Inc. c:\program files\superantispyware\sasenum.sys + SASKUTIL SASKUTIL.SYS c:\program files\superantispyware\saskutil.sys + sdcplh SDCPLH (Not verified) Macrovision Europe Ltd c:\windows\system32\drivers\sdcplh.sys + Secdrv SafeDisc driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\secdrv.sys + serenum Serial Port Enumerator (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\serenum.sys + Serial Serial Device Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\serial.sys + splitter Microsoft Kernel Audio Splitter (Verified) Microsoft Windows Component Publisher c:\windows\system32\drivers\splitter.sys + swenum Plug and Play Software Device Enumerator (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\swenum.sys + swmidi Microsoft GS Wavetable Synthesizer (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\swmidi.sys + sysaudio System Audio WDM Filter (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\sysaudio.sys + Tcpip TCP/IP Protocol Driver (Verified) Microsoft Windows Component Publisher c:\windows\system32\drivers\tcpip.sys + TermDD Terminal Server Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\termdd.sys + tmcomm TrendMicro Common Module (Verified) Trend Micro, Inc. c:\windows\system32\drivers\tmcomm.sys + U81xbus LG Electronics U8110 Driver (Not verified) MCCI c:\windows\system32\drivers\u81xbus.sys + U81xmdfl LGE U8XXX USB WMC Modem Filter (Not verified) MCCI c:\windows\system32\drivers\u81xmdfl.sys + U81xmdm LGE U8XXX USB WMC Modem Driver (Not verified) MCCI c:\windows\system32\drivers\u81xmdm.sys + U81xmgmt LGE U8XXX USB WMC Device Management Drivers (WDM) (Not verified) MCCI c:\windows\system32\drivers\u81xmgmt.sys + U81xobex LGE U8XXX USB WMC OBEX Interface (Not verified) MCCI c:\windows\system32\drivers\u81xobex.sys + Update Update Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\update.sys + usbccgp USB Common Class Generic Parent Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\usbccgp.sys + usbehci EHCI eUSB Miniport Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\usbehci.sys + usbhub Default Hub Driver for USB (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\usbhub.sys + usbprint USB Printer driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\usbprint.sys + usbscan USB Scanner Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\usbscan.sys + usbsermpt USB Modem Driver (Not verified) Microsoft Corporation c:\windows\system32\drivers\usbsermpt.sys + USBSTOR USB Mass Storage Class Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\usbstor.sys + usbuhci UHCI USB Miniport Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\usbuhci.sys + VgaSave VGA/Super VGA Video Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\vga.sys + Wanarp Remote Access IP ARP Driver (Verified) Microsoft Windows Publisher c:\windows\system32\drivers\wanarp.sys + wdmaud MMSYSTEM Wave/Midi API mapper (Verified) Microsoft Windows Component Publisher c:\windows\system32\drivers\wdmaud.sys + winachsf HSF_CNXT driver (Verified) Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\drivers\hsf_cnxt.sys + WpdUsb WPD USB Driver (Verified) Microsoft Windows Component Publisher c:\windows\system32\drivers\wpdusb.sys + WudfPf Provide communciation services for UMDF components. (Verified) Microsoft Windows c:\windows\system32\drivers\wudfpf.sys + WudfRd Reflect device requests to user-mode driver drivers (Verified) Microsoft Windows c:\windows\system32\drivers\wudfrd.sys + yukonwxp NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller (Verified) Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\drivers\yk51x86.sys HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute + autocheck autochk * Auto Check Utility (Verified) Microsoft Windows Publisher c:\windows\system32\autochk.exe + stera File not found: stera HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options + Your Image File Name Here without a path Symbolic Debugger for Windows 2000 (Verified) Microsoft Windows Publisher c:\windows\system32\ntsd.exe HKLM\Software\Microsoft\Command Processor\Autorun HKCU\Software\Microsoft\Command Processor\Autorun HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls + C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL c:\program files\google\google desktop search\googledesktopnetwork3.dll HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls + advapi32 Advanced Windows 32 Base API (Verified) Microsoft Windows Publisher c:\windows\system32\advapi32.dll + comdlg32 Common Dialogs DLL (Verified) Microsoft Windows Publisher c:\windows\system32\comdlg32.dll + gdi32 GDI Client DLL (Verified) Microsoft Windows Component Publisher c:\windows\system32\gdi32.dll + imagehlp Windows NT Image Helper (Verified) Microsoft Windows Publisher c:\windows\system32\imagehlp.dll + kernel32 Windows NT BASE API Client DLL (Verified) Microsoft Windows Component Publisher c:\windows\system32\kernel32.dll + lz32 LZ Expand/Compress API DLL (Verified) Microsoft Windows Publisher c:\windows\system32\lz32.dll + ole32 Microsoft OLE for Windows (Verified) Microsoft Windows XP Publisher c:\windows\system32\ole32.dll + oleaut32 (Verified) Microsoft Windows Publisher c:\windows\system32\oleaut32.dll + olecli32 Object Linking and Embedding Client Library (Verified) Microsoft Windows XP Publisher c:\windows\system32\olecli32.dll + olecnv32 Microsoft OLE for Windows (Verified) Microsoft Windows XP Publisher c:\windows\system32\olecnv32.dll + olesvr32 Object Linking and Embedding Server Library (Verified) Microsoft Windows Publisher c:\windows\system32\olesvr32.dll + olethk32 Microsoft OLE for Windows (Verified) Microsoft Windows Publisher c:\w

0

Start autoruns.exe Wait for scan to finish Careful to get the right lines. Autoruns delete function makes no backups. Click the "BootExecute tab You should see this: HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute + autocheck autochk * Auto Check Utility (Verified) Microsoft Windows Publisher c:\windows\system32\autochk.exe Locate & Hilight this line: + stera File not found: stera Click the red X in the toolbar. Answer yes when prompted. No need for immediate reboot since the files don't exist any more. Open notepad (Start Menu > Run > Type notepad and press "ok". Copy and paste everything into notepad between the x's making regedit4 the top line. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX REGEDIT4 [-HKLM\Software\Classes\CLSID\{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}] [-HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7}] [-HKLM\Software\Classes\CLSID\{90FE6C53-F8B4-4631-B42A-02D63D1C949C}] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop. Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes. Reboot into safe mode. navigate to and delete these files if found: C:\WINDOWS\PROGRAM.exe navigate to and delete these folders if found; C:\Program Files\Common Files\{00BD8C7C-0BB0-1033-1223-05031120003d} C:\fbaad322b5cec36db8beb9b6 C:\50fc22ac6482d87c0d C:\9145f0641a67c1805dcc C:\21167a290a3348217037 C:\aaa060889da7b32c466cef C:\2b9a1fa8863b2c21b16db546 C:\6103aeaa2b944c345222 C:\cbe5c1288db2e8f48384b6a0 C:\b2377a5524dd213af9ed25 C:\b539e16e2c642e7a4dd50edcf667 C:\d9ea396de0f6adf4b102 C:\554569eaf4528952974e8e43bba4 C:\b2084e20c80eb6746fdf87 C:\5e30cd433b5250eb54223e082e4960 C:\eb17a3b6cf4fdd5c784ed5ea C:\2867063938d9a693bd C:\011b2bd103119efba32c C:\7ce7ad33e1b4b4f4ac75777603 C:\5f72aec3dce4af1a8e65db8e19ddc803 C:\99ef941e9f610c8de2de C:\78dec8c560f488721a C:\f37a062d9319d4240bc549a8 C:\aef0aab3299c2d52af58eb7b8c5149 C:\599cee8ad9a66ad41ede C:\be90f6ee5f9a59af3d1eca480938d8 C:\d3a8ba856b1ce5cb9eea834a C:\ae239060d31601f6a6be38d602995d C:\db49a4b01907f62582fe19b7 Download rustbfix.exe and save it to your desktop. Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). If needed (still infected), post the content of these logfiles along with a new HijackThis log. Post a new silentrunners scan please.

0

Logfile of HijackThis v1.99.1 Scan saved at 4:07:46 PM, on 23/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\WinZip\WZQKPICK.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis\show.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.au O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.... O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar... O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lafreak666australia.spaces.l... O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US... O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows... O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar... O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active... O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUplo... O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar... O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g... O17 - HKLM\System\CCS\Services\Tcpip\..\{24B5DF9A-98A0-45E4-8B46-440EA892C260}: Domain = nsw.bigpond.net.au O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\Player\__CDS2.dll (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

0

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: ---- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1" ["Adobe Systems Incorporated"] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe" ["Google Inc."] "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Free Download Manager" = "C:\Program Files\Free Download Manager\fdm.exe -autorun" [file not found] "SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0\bin\jusched.exe"" ["Sun Microsystems, Inc."] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"] "PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray" ["Nokia"] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" [null data] "DataLayer" = "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."] "Blubster" = "C:\Program Files\Blubster\Blubster.exe SILENT" [file not found] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided) -> {HKLM...CLSID} = "EpsonToolBandKicker Class" \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {HKLM...CLSID} = "Message View" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{792F0537-F929-4eb7-AC1D-FB6334C71550}" = "LG Phone" -> {HKLM...CLSID} = "LG Phone" \InProcServer32\(Default) = "C:\DOCUME~1\Olmi\MYDOCU~1\brendan\mobile\Phone.dll" ["LG Electornics"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] <<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided) -> {HKLM...CLSID} = "SABShellExecuteHook Class" \InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"] <<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] Group Policies {policy setting}: --- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Startup items in "Olmi" & "All Users" startup folders: ------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.exe -b -l" [MS] "WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.exe" ["WinZip Computing LP"] Enabled Scheduled Tasks: ------------------------ "Check Updates for Windows Live Toolbar" -> launches: "C:\Program Files\Windows Live Toolbar\MSNTBUP.exe" [MS] Winsock2 Service Provider DLLs: -- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 12 - 13 Toolbars, Explorer Bars, Extensions: ------- Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "&Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" -> {HKLM...CLSID} = "Windows Live Toolbar" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided) -> {HKLM...CLSID} = "EPSON Web-To-Page" \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}\(Default) = "PrintView" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL" [file not found] HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7}\(Default) = "Disclosure Bar" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\WINDOWS\system32\UpMedia\SearchTool.dll" [file not found] HKLM\Software\Classes\CLSID\{90FE6C53-F8B4-4631-B42A-02D63D1C949C}\(Default) = "PrintView" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL" [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): -------- AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ EPSON Stylus CX4100 Series 2KMonitor5P\Driver = "E_FLMAEP.DLL" ["SEIKO EPSON CORPORATION"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 73 seconds. ---------- (total run time: 119 seconds)

0

Open notepad (Start Menu > Run > Type notepad and press "ok". Copy and paste everything into notepad between the x's making regedit4 the top line. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4E0C464-30CE-4075-9A10-71FD106C2847}] [-HKEY_CURRENT_USER\Software\PrintView] [-HKEY_CLASSES_ROOT\CLSID\{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}] [-HKEY_CLASSES_ROOT\CLSID\{51C5191A-9880-442f-897B-E96987522FBC}] [-HKEY_CLASSES_ROOT\CLSID\{90FE6C53-F8B4-4631-B42A-02D63D1C949C}] [-HKEY_CLASSES_ROOT\CLSID\{D4E0C464-30CE-4075-9A10-71FD106C2847}] [-HKEY_CLASSES_ROOT\Interface\{6C07AC9A-A018-492B-9B55-6892254E09BF}] [-HKEY_CLASSES_ROOT\Interface\{7B8AC03E-DAA5-441E-A480-78E743F63018}] [-HKEY_CLASSES_ROOT\Interface\{A9B2B3D8-E6A7-49A0-BBAF-F27B7A500B54}] [-HKEY_CLASSES_ROOT\Interface\{B0CDC23A-77FA-4B6D-A8A1-DECFE715A56D}] [-HKEY_CLASSES_ROOT\PrintView.CSInstallInformation_PV] [-HKEY_CLASSES_ROOT\PrintView.CSInstallInformation_PV.1] [-HKEY_CLASSES_ROOT\PrintView.PrintViewBar] [-HKEY_CLASSES_ROOT\PrintView.PrintViewBar.1] [-HKEY_CLASSES_ROOT\PrintView.PrintViewBarH] [-HKEY_CLASSES_ROOT\PrintView.PrintViewBarH.1] [-HKEY_CLASSES_ROOT\PrintViewBar.PrintViewBHO] [-HKEY_CLASSES_ROOT\PrintViewBar.PrintViewBHO.1] [-HKEY_CLASSES_ROOT\PrintViewBHO Class] [-HKEY_CLASSES_ROOT\TypeLib\{24723349-C5C0-44C2-837D-84250E6B2A12}] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop. Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes. And post a new silentrunners scan please.

0

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: ---- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1" ["Adobe Systems Incorporated"] "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe" ["Google Inc."] "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Free Download Manager" = "C:\Program Files\Free Download Manager\fdm.exe -autorun" [file not found] "SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0\bin\jusched.exe"" ["Sun Microsystems, Inc."] "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."] "Persistence" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"] "PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray" ["Nokia"] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" [null data] "DataLayer" = "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."] "Blubster" = "C:\Program Files\Blubster\Blubster.exe SILENT" [file not found] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided) -> {HKLM...CLSID} = "EpsonToolBandKicker Class" \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {HKLM...CLSID} = "Message View" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{792F0537-F929-4eb7-AC1D-FB6334C71550}" = "LG Phone" -> {HKLM...CLSID} = "LG Phone" \InProcServer32\(Default) = "C:\DOCUME~1\Olmi\MYDOCU~1\brendan\mobile\Phone.dll" ["LG Electornics"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] <<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided) -> {HKLM...CLSID} = "SABShellExecuteHook Class" \InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"] <<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] Group Policies {policy setting}: --- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Startup items in "Olmi" & "All Users" startup folders: ------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.exe -b -l" [MS] "WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.exe" ["WinZip Computing LP"] Enabled Scheduled Tasks: ------------------------ "Check Updates for Windows Live Toolbar" -> launches: "C:\Program Files\Windows Live Toolbar\MSNTBUP.exe" [MS] Winsock2 Service Provider DLLs: -- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 12 - 13 Toolbars, Explorer Bars, Extensions: ------- Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "&Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" -> {HKLM...CLSID} = "Windows Live Toolbar" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided) -> {HKLM...CLSID} = "EPSON Web-To-Page" \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar" \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348A7}\(Default) = "Disclosure Bar" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\WINDOWS\system32\UpMedia\SearchTool.dll" [file not found] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): -------- AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ EPSON Stylus CX4100 Series 2KMonitor5P\Driver = "E_FLMAEP.DLL" ["SEIKO EPSON CORPORATION"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 28 seconds, including 4 seconds for message boxes)

0

Go to this link http://www.gmer.net/ and download load GMER Application, run it and post the results please.

0

GMER 1.0.12.12027 - http://www.gmer.net Rootkit scan 2007-02-24 12:28:29 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess ---- Devices - GMER 1.0.12 ---- Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL [EF74EA08] sdcplh.sys Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [EF74E684] sdcplh.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL [EF74EA08] sdcplh.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [EF74E684] sdcplh.sys Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL [EF74EA08] sdcplh.sys Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [EF74E684] sdcplh.sys Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL [EF74EA08] sdcplh.sys Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL [EF74E684] sdcplh.sys ---- EOF - GMER 1.0.12 ----

0

Still not much, have your performance increase any. Perform an online scan with Panda ActiveScan Dowanload from this link Panda Acticescan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on Local Disks to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

0

This is most likely the problem. You can find this on "Bleeping's" uninstall list. Go to add/remove programs and uninstall this program Blubster Run hijack This and remove this item: O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT

0

panda found nothing and i uninstalled blubster. pc is still running the same

0

Go to add/remove programes and uninstall this program: UpTown Engine Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok. Navigate to and delete this folder if found:(may have been hidden) C:\WINDOWS\system32\UpMedia Other than this program I don't see anything, but this may help as it is spyware.

0

Logfile of HijackThis v1.99.1 Scan saved at 2:26:06 PM, on 3/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.exe C:\WINDOWS\Explorer.exe C:\Program Files\Video Access ActiveX Object\isamntr.exe C:\Program Files\Video Access ActiveX Object\pmsnrr.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\sppqtrsp\cIwDEAQN.exe C:\Program Files\Common Files\AOL\1111452651\ee\AOLHostManager.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\sppqtrsp\NQAEDwIc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Video Access ActiveX Object\isamini.exe C:\Program Files\Video Access ActiveX Object\pmmnt.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Common Files\AOL\1111452651\ee\AOLServiceHost.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\WINDOWS\SYSTEM32\sistray.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Video Access ActiveX Object\isamini.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\altera\quartus51\bin\JTAGServer.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MOZILL~1\FIREFOX.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nba.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.commonname.com/english/t... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.commonname.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111452651\ee\AOLHostManager.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKLM\..\Run: [5etvn4fb] C:\WINDOWS\system32\5etvn4fb.exe O4 - HKLM\..\Run: [salm] c:\temp\salm.exe O4 - HKLM\..\Run: [ibwtyd] C:\WINDOWS\ibwtyd.exe O4 - HKLM\..\Run: [t3rT35l] rcbofmt.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM32\sistray.exe O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/open... (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c... O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuit... O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - C:\altera\quartus51\bin\JTAGServer.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

0

SmitFraudFix v2.158 Scan done at 14:44:43.19, Wed 03/28/2007 Run from C:\Documents and Settings\Amir Brgulja\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.exe C:\WINDOWS\Explorer.exe C:\Program Files\Video Access ActiveX Object\isamntr.exe C:\Program Files\Video Access ActiveX Object\pmsnrr.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\keyhook.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\sppqtrsp\cIwDEAQN.exe C:\Program Files\Common Files\AOL\1111452651\ee\AOLHostManager.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\sppqtrsp\NQAEDwIc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Video Access ActiveX Object\isamini.exe C:\Program Files\Video Access ActiveX Object\pmmnt.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Common Files\AOL\1111452651\ee\AOLServiceHost.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\WINDOWS\SYSTEM32\sistray.exe C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Video Access ActiveX Object\isamini.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\altera\quartus51\bin\JTAGServer.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MOZILL~1\FIREFOX.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\logo.gif FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\geplxss.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Amir Brgulja »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Amir Brgulja\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\AMIRBR~1\FAVORI~1 C:\DOCUME~1\AMIRBR~1\FAVORI~1\Online Security Test.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Video Access ActiveX Object\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies" [HKEY_CLASSES_ROOT\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32] @="C:\WINDOWS\system32\geplxss.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32] @="C:\WINDOWS\system32\geplxss.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{9d6fac42-a7be-4702-87ef-75d8dc14249e}"="hemine" [HKEY_CLASSES_ROOT\CLSID\{9d6fac42-a7be-4702-87ef-75d8dc14249e}\InProcServer32] @="C:\WINDOWS\system32\tahxqcj.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9d6fac42-a7be-4702-87ef-75d8dc14249e}\InProcServer32] @="C:\WINDOWS\system32\tahxqcj.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

0