Hi,

I need help desperately. I have no clue what happened. I have AVG installed, and the Beta antispyware from microsoft. I cannot work for mor then one minute or a popup shows up. I have read many articles and tried everything but nothing works. I ran the full list on geekstogo and have performed all the scans (some didn't work because I couldn't install the program) Here is what I have done so far. I ran adaware, CWShredder I couldn't install, ran spybot search and destroy, ran ewido, ran full scan again with AVG, after all that did a reboot as well. Still no luck. Please can someone help me get rid of this virus?



Logfile of HijackThis v1.99.1
Scan saved at 10:09:06, on 14-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\dllhost.exe
\?\C:\WINDOWS\microsoft.net\framework\v1.1.4322\aspnet_wp.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\system32\inetsrv\DavCData.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Zoeken - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ImageUploader - http://www.albumservice.nl/ImageUploader.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn200...erInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://81.205.150.70:10000/activex/AMC.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\e8200ifme82a0.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing)

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Topic reopened

well sam g'luck hope you can help... it looks like my system is damaged quite a bit... I have some funny thingss (blue scarry screens, reboots)....

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\hrns0557e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read INGEBOUWD\Gebruikers
(ID-IO) ALLOW Read INGEBOUWD\Gebruikers
(ID-NI) ALLOW Read INGEBOUWD\Hoofdgebruikers
(ID-IO) ALLOW Read INGEBOUWD\Hoofdgebruikers
(ID-NI) ALLOW Full access INGEBOUWD\Administrators
(ID-IO) ALLOW Full access INGEBOUWD\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access MAKER EIGENAAR


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{133B3618-488C-4398-AE3D-E34B90DE9542}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschappenvenster van multimediabestand"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerbeheer"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Het tabblad Beveiliging"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Eigenschappenblad voor OLE-docbestand"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell-uitbreidingen voor delen"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldschermadapter"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Monitor"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Configuratiescherm-uitbreiding Beeldscherm-panning"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Het tabblad Beveiliging"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibiliteitspagina"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Knipselgegevensverwerker van shell"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Schijfkopieer-uitbreiding"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell-uitbreidingen voor Microsoft Windows Network-objecten"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-monitorbeheer"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerbeheer"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell-uitbreidingen voor bestandscompressie"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shell-uitbreiding voor Web Printer"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Snelmenu Codering"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Werkmap"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-pictogramuitbreiding"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiel"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Het tabblad Beveiliging voor printers"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell-uitbreidingen voor delen"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-extensie"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto-handtekeningextensie"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netwerkverbindingen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netwerkverbindingen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners en camera's"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners en camera's"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners en camera's"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners en camera's"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners en camera's"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-uitbreidingen voor Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplande taken"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taakbalk en menu Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Zoeken"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help en ondersteuning"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Uitvoeren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Lettertypen"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Systeembeheer"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-werkbalk"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Downloadstatus"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Uitgebreide shell-map"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Uitgebreide shell-map 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft-browserbalk"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Zoekbalk"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Mediabalk"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Zoeken binnen deelvenster"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Zoeken op het web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Hulpprogramma met opties voor registerboomstructuur"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoAanvullen"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU-lijst voor AutoAanvullen"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Aangepaste MRU-lijst voor AutoAanvullen"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Toegankelijk"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Pop-upbalk Volgen"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Parser voor adresbalk"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Lijst voor AutoAanvullen: Microsoft Geschiedenis"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Lijst voor AutoAanvullen: Microsoft Shell-map"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft-container met meervoudige lijst voor AutoAanvullen"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Sitemenu van shell-band"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Gebruikersondersteuning"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Globale mapinstellingen"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url-geschiedenisservice"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Geschiedenis"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Tijdelijke Internet-bestanden"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url-zoeken Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-welkomstscherm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Het Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Cachemap van ActiveX"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Map met abonnementen"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Toepassingsbeheer"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Programma voor inventarisatie van ge‹nstalleerde toepassingen"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI- en bestandsextractieprogramma voor miniaturen"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Informatie over de handler voor miniatuurweergaven (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-extractie voor miniatuurweergaven"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Wizard Webpublicaties"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Afdrukken via het web bestellen"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell-object voor publicatiewizard"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Wizard Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Gebruikersaccounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanaal-bestand"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanaal-snelkoppeling"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Handler-object voor kanalen"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Map Off line bestanden"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{B8323370-FF27-11D2-97B6-204C4F4F5020}"="SmartFTP Shell Extension DLL"
@=""
"{6af09ec9-b429-11d4-a1fb-0090960218cb}"="My Bluetooth Places"
"{5a61f7a0-cde1-11cf-9113-00aa00425c62}"="IIS Shell Extension"
"{6B19FEC2-A45B-11CF-9045-00A0C9039735}"="Registered ActiveX Controls"
"{D545EBD1-BD92-11CF-8772-00A0C9039735}"="Developer Studio Components"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"Zinio Magazine Column Provider"="{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}"
"Zinio Shell Extension"="{AC0B5D2E-B691-4E12-A4F9-CA88492579A2}"
"Zinio Shell Extension UI Object"="{091D66CD-24B7-4210-A790-78463B1B3D7A}"
"{AC0B5D2E-B691-4E12-A4F9-CA88492579A2}"="Zinio Shell Extension"
"{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}"="Zinio Magazine Column Provider"
"{091D66CD-24B7-4210-A790-78463B1B3D7A}"="Zinio Shell Extension UI Object"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-3FB6980118CF}"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{60AE3118-1605-46F4-AC97-5F5F0A4BD10C}"=""
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{3B13168A-AFB9-4542-9D5D-A6BF758B9A34}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{60AE3118-1605-46F4-AC97-5F5F0A4BD10C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60AE3118-1605-46F4-AC97-5F5F0A4BD10C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60AE3118-1605-46F4-AC97-5F5F0A4BD10C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60AE3118-1605-46F4-AC97-5F5F0A4BD10C}\InprocServer32]
@="C:\\WINDOWS\\system32\\snclogon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3B13168A-AFB9-4542-9D5D-A6BF758B9A34}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B13168A-AFB9-4542-9D5D-A6BF758B9A34}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B13168A-AFB9-4542-9D5D-A6BF758B9A34}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B13168A-AFB9-4542-9D5D-A6BF758B9A34}\InprocServer32]
@="C:\\WINDOWS\\system32\\dknet.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Sat 3 Sep 2005 0:54:56 A.... 1.020.416 996,50 K
cdfview.dll Sat 3 Sep 2005 0:54:56 A.... 151.552 148,00 K
cdosys.dll Sat 10 Sep 2005 2:55:38 A.... 2.067.968 1,97 M
danim.dll Sat 3 Sep 2005 0:54:58 A.... 1.056.768 1,01 M
dknet.dll Fri 14 Oct 2005 12:21:04 ..S.R 235.693 230,17 K
dxtrans.dll Sat 3 Sep 2005 0:54:58 A.... 205.312 200,50 K
extmgr.dll Sat 3 Sep 2005 0:54:58 ..... 55.808 54,50 K
gdi32.dll Thu 6 Oct 2005 4:19:02 A.... 280.064 273,50 K
iepeers.dll Sat 3 Sep 2005 0:54:58 A.... 251.392 245,50 K
inseng.dll Sat 3 Sep 2005 0:54:58 A.... 96.768 94,50 K
ir5dpsnd.dll Thu 3 Nov 2005 16:45:54 A.... 45.056 44,00 K
linkinfo.dll Thu 1 Sep 2005 3:28:26 A.... 19.968 19,50 K
lvjo09~1.dll Tue 18 Oct 2005 18:15:48 ..S.R 233.944 228,46 K
lvju09~1.dll Fri 14 Oct 2005 13:00:06 ..S.R 235.693 230,17 K
mshtml.dll Wed 5 Oct 2005 1:27:34 A.... 3.013.120 2,87 M
mshtmled.dll Sat 3 Sep 2005 0:55:02 A.... 448.512 438,00 K
msrating.dll Sat 3 Sep 2005 0:55:02 A.... 146.432 143,00 K
mstime.dll Sat 3 Sep 2005 0:55:04 A.... 530.432 518,00 K
netman.dll Mon 22 Aug 2005 19:36:16 A.... 197.632 193,00 K
pngfilt.dll Sat 3 Sep 2005 0:55:04 A.... 39.424 38,50 K
quartz.dll Tue 30 Aug 2005 4:56:40 A.... 1.291.264 1,23 M
shdocvw.dll Sat 3 Sep 2005 0:55:06 A.... 1.483.776 1,41 M
shell32.dll Fri 23 Sep 2005 4:08:06 A.... 8.497.664 8,10 M
shlwapi.dll Sat 3 Sep 2005 0:55:06 A.... 474.112 463,00 K
umpnpmgr.dll Tue 23 Aug 2005 4:40:36 A.... 124.416 121,50 K
urlmon.dll Sat 3 Sep 2005 0:55:08 A.... 605.184 591,00 K
wininet.dll Sat 3 Sep 2005 0:55:08 A.... 661.504 646,00 K
winsrv.dll Thu 1 Sep 2005 3:28:26 A.... 292.352 285,50 K

28 items found: 28 files (3 H/S), 0 directories.
Total of file sizes: 23.762.226 bytes 22,66 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Het volume in station C heeft geen naam.
Het volumenummer is 94AF-DAEC

Map van C:\WINDOWS\System32

12-11-2005 00:36 <DIR> ..
12-11-2005 00:36 <DIR> .
03-11-2005 17:00 <DIR> dllcache
18-10-2005 18:15 233.944 lvjo0913e.dll
14-10-2005 13:00 235.693 lvju0919e.dll
14-10-2005 12:21 235.693 dknet.dll
22-12-2004 11:21 <DIR> Microsoft
05-04-2001 18:43 94.208 msstkprp.dll
4 bestand(en) 799.538 bytes
4 map(pen) 16.922.923.008 bytes beschikbaar

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
If after the reboot the desktop icons dont dissappear or the log does not pop up then in the l2mfix folder double click the second.bat file to continue with the fix.

Hi Sam,

I first ran lm2fix with option 2. My desktop icons dissapeared but didn't come back. I waited 30 minutes or so and did a reboot cause it looked like the system was frozen. Same thing happened with second.bat icons dissapeared after the reboot but did't come back not even after 40 minutes. So I did't get a report.

What to do next ? I did a hjt scan again see below.

Logfile of HijackThis v1.99.1
Scan saved at 13:20:34, on 12-11-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Zoeken - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://localhost/ASPNET/ImageUploader3.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\hrns0557e.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing)

No problem on the log. It looks like maybe you got it!

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\hrns0557e.dll (file missing)


Reboot and post a new hijackthis log.
Are you getting any popups now?

Well Sam it looks like I am saved...
Haven't had a popup so far today.

I'll let you know how things will go rest of the day and tomorrow.

Thanx so far.


Logfile of HijackThis v1.99.1
Scan saved at 15:34:05, on 13-11-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Zoeken - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://localhost/ASPNET/ImageUploader3.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing)

Your log is clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.
   
   You can find instructions on how to enable and reenable system restore here:
   
   Managing Windows Millenium System Restore
   
   or
   
   Windows XP System Restore Guide
   
   Renable system restore with instructions from tutorial above
   
   
2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
   1. From within Internet Explorer click on the Tools menu and then click on Options.
   2. Click once on the Security tab
   3. Click once on the Internet icon so it becomes highlighted.
   4. Click once on the Custom Level button.
      
      1. Change the Download signed ActiveX controls to Prompt
         
      2. Change the Download unsigned ActiveX controls to Disable
         
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
         
      4. Change the Installation of desktop items to Prompt
         
      5. Change the Launching programs and files in an IFRAME to Prompt
         
      6. Change the Navigate sub-frames across different domains to Prompt
         
      7. When all these settings have been made, click on the OK button.
         
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
   5. Next press the Apply button and then the OK to exit the Internet Properties page.
   
   
3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
   
   See this link for a listing of some online & their stand-alone antivirus programs:
   
   Virus, Spyware, and Malware Protection and Removal Resources
   
   
4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
   
   For a tutorial on Firewalls and a listing of some available ones see the link below:
   
   Understanding and Using Firewalls
   
   
6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
   
   A tutorial on installing & using this product can be found here:
   
   Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
   
   
8. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
   
   A tutorial on installing & using this product can be found here:
   
   Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
   
   
9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
   
   A tutorial on installing & using this product can be found here:
   
   Using SpywareBlaster to protect your computer from Spyware and Malware
   
   
10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Hi Sam,

I don't think I am completely clean. See the attachement. I will do all the following above and see if that helps..

If you are still having problems, please post a new hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 12:22:48, on 15-11-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\dllhost.exe
\?\C:\WINDOWS\microsoft.net\framework\v1.1.4322\aspnet_wp.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Zoeken - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://localhost/ASPNET/ImageUploader3.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing)

That log still looks clean. Let's take a look at a different log.

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

* if you have trouble getting into Safe mode go here for more info.


Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
WinShutDown 12-11-2005 12:22:32 9353 C:\log.txt

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
ad-w-a-r-e.com 8-11-2005 11:27:48 1056743 C:\WINDOWS\setupapi.log.0.old

Checking %System% folder...
PEC2 19-3-2003 4:05:48 2052096 C:\WINDOWS\SYSTEM32\atl71.pdb
PEC2 7-9-2001 13:00:00 41122 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 3-8-2005 9:33:42 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PEC2 17-6-1998 8015872 C:\WINDOWS\SYSTEM32\MFC42.PDB
PEC2 17-6-1998 3944448 C:\WINDOWS\SYSTEM32\MFC42D.PDB
PEC2 19-3-2003 6:20:00 10357760 C:\WINDOWS\SYSTEM32\mfc71.pdb
PEC2 19-3-2003 5:28:40 8252416 C:\WINDOWS\SYSTEM32\MFC71d.pdb
PEC2 19-3-2003 6:12:12 10333184 C:\WINDOWS\SYSTEM32\mfc71u.pdb
PEC2 19-3-2003 5:31:58 8293376 C:\WINDOWS\SYSTEM32\mfc71ud.pdb
PEC2 17-6-1998 2052096 C:\WINDOWS\SYSTEM32\MFCD42D.PDB
PEC2 17-6-1998 1454080 C:\WINDOWS\SYSTEM32\MFCN42D.PDB
PEC2 17-6-1998 4395008 C:\WINDOWS\SYSTEM32\MFCO42D.PDB
PECompact2 2-11-2005 6:34:42 2376032 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 2-11-2005 6:34:42 2376032 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4-8-2004 1:03:00 729088 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 4-8-2004 1:03:20 676864 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 7-9-2001 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 23-10-2005 14:06:26 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 23-10-2005 14:06:26 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 23-10-2005 14:06:26 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 23-10-2005 14:06:26 726592 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 3-8-2004 22:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
15-11-2005 23:04:10 S 2048 C:\WINDOWS\bootstat.dat
15-11-2005 23:00:46 H 24 C:\WINDOWS\pyc0J
25-10-2005 22:46:44 HS 8192 C:\WINDOWS\Thumbs.db
14-10-2005 19:58:18 H 0 C:\WINDOWS\inf\oem74.inf
5-10-2005 20:33:32 S 12849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
4-10-2005 17:17:38 S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
28-9-2005 10:53:24 S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
15-11-2005 23:03:58 H 8192 C:\WINDOWS\system32\config\default.LOG
15-11-2005 23:04:20 H 1024 C:\WINDOWS\system32\config\SAM.LOG
15-11-2005 23:04:12 H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
15-11-2005 23:09:04 H 114688 C:\WINDOWS\system32\config\software.LOG
15-11-2005 23:08:58 H 987136 C:\WINDOWS\system32\config\system.LOG
11-11-2005 11:03:36 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
3-10-2005 9:42:02 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\284a5ea6-af46-42c1-84fa-1db0a11d9778
3-10-2005 9:42:02 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
15-11-2005 23:02:52 H 6 C:\WINDOWS\Tasks\SA.DAT
11-10-2005 13:32:20 HS 113 C:\WINDOWS\Temp\Geschiedenis\History.IE5\desktop.ini
11-10-2005 16:20:46 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
12-10-2005 14:11:50 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GHENGPMZ\desktop.ini
12-10-2005 14:11:50 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\K52VGPIF\desktop.ini
12-10-2005 14:07:46 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S5M38XAR\desktop.ini
12-10-2005 14:07:48 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SLI7K9MF\desktop.ini

Checking for CPL files...
Microsoft Corporation 4-8-2004 1:03:38 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 4-8-2004 1:03:38 554496 C:\WINDOWS\SYSTEM32\appwiz.cpl
WIDCOMM, Inc. 1-12-2003 15:25:00 245825 C:\WINDOWS\SYSTEM32\btcpl.cpl
Microsoft Corporation 4-8-2004 1:03:38 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 4-8-2004 1:03:38 137728 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 4-8-2004 1:03:38 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 4-8-2004 1:03:38 156672 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 30-10-2003 9:41:28 98304 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 4-8-2004 1:03:38 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 4-8-2004 1:03:38 132608 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 4-8-2004 1:03:38 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 4-8-2004 1:03:38 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 25-7-2005 23:17:34 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 7-9-2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 4-8-2004 1:03:38 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 7-9-2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 4-8-2004 1:03:38 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 4-8-2004 1:03:38 260608 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 7-9-2001 13:00:00 37888 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 4-8-2004 1:03:38 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 4-8-2004 1:03:38 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 30-9-2004 15:24:08 324608 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 4-8-2004 1:03:38 302592 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 7-9-2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 4-8-2004 1:03:38 94720 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 4-8-2004 1:03:38 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26-5-2005 3:16:34 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 7-9-2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 7-9-2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 7-9-2001 13:00:00 37888 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 7-9-2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26-5-2005 3:16:34 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
23-12-2004 21:01:46 1824 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Acrobat Assistant.lnk
21-12-2004 14:54:48 986 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
22-12-2004 11:21:08 691 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\BTTray.lnk
21-12-2004 12:32:08 HS 84 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\desktop.ini
23-12-2004 20:05:22 1852 C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Service Manager.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
21-12-2004 13:21:08 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
21-12-2004 12:32:08 HS 84 C:\Documents and Settings\Andy\Menu Start\Programma's\Opstarten\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
21-12-2004 13:21:08 HS 62 C:\Documents and Settings\Andy\Application Data\desktop.ini
22-12-2004 12:52:12 0 C:\Documents and Settings\Andy\Application Data\dm.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\StuffIt Compress Menu
{3FBFD0B0-EB46-4797-9101-615610E87DA6} = C:\Program Files\Allume Systems\StuffIt\CompressMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\StuffIt Compress Menu
{3FBFD0B0-EB46-4797-9101-615610E87DA6} = C:\Program Files\Allume Systems\StuffIt\CompressMenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{A9AACA72-1C51-4F84-804D-90EDBA0D58F4}
= C:\Program Files\Common Files\Zinio\ZSHExt.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
Adobe PDF = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip van de dag = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\system32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}
ButtonText = @btrez.dll,-4015 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adres : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Koppelingen : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
{47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
Error Nuker C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
KernelFaultCheck %systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
btwdins 2
BthServ 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PCSuiteForNokia6600 Detect.lnk
path C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PCSuiteForNokia6600 Detect.lnk
backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE
item PCSuiteForNokia6600 Detect
path C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PCSuiteForNokia6600 Detect.lnk
backup C:\WINDOWS\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE
item PCSuiteForNokia6600 Detect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PCSuiteForNokia6600 TS.lnk
path C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PCSuiteForNokia6600 TS.lnk
backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE
item PCSuiteForNokia6600 TS
path C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\PCSuiteForNokia6600 TS.lnk
backup C:\WINDOWS\pss\PCSuiteForNokia6600 TS.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE
item PCSuiteForNokia6600 TS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BluetoothAuthenticationAgent
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32
hkey HKLM
command rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32
hkey HKLM
command rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Cpqset
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cpqset
hkey HKLM
command C:\Program Files\HPQ\Default Settings\cpqset.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cpqset
hkey HKLM
command C:\Program Files\HPQ\Default Settings\cpqset.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DXM6Patch_981116
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item p_981116
hkey HKLM
command C:\WINDOWS\p_981116.exe /Q:A
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item p_981116
hkey HKLM
command C:\WINDOWS\p_981116.exe /Q:A
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GoogleDesktop
hkey HKCU
command "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GoogleDesktop
hkey HKCU
command "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkcmd
hkey HKLM
command C:\WINDOWS\System32\hkcmd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkcmd
hkey HKLM
command C:\WINDOWS\System32\hkcmd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igfxtray
hkey HKLM
command C:\WINDOWS\System32\igfxtray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igfxtray
hkey HKLM
command C:\WINDOWS\System32\igfxtray.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Skype
hkey HKCU
command "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Skype
hkey HKCU
command "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrustInstaller
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Setup
hkey HKLM
command D:\Setup.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Setup
hkey HKLM
command D:\Setup.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdateManager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sgtray
hkey HKLM
command "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sgtray
hkey HKLM
command "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit =
Shell =
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 15-11-2005 23:21:51