Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow broadband connection/popups


  • Please log in to reply

#1
kpykpy

kpykpy

    New Member

  • Member
  • Pip
  • 6 posts
Dear Users

Please help me.

My comp (windows xp) had a virus attack about a month ago, which wiped out all my mp3s and somehow reverted all my comp settings to factory status (eg internet browser was an old version etc). I was also not able to get into Windows Update page. After using many software (Spybot, Avast, Prevx1 etc), I can now access those pages. Somehow connection is still slow - some pages take ages to load/show or the screen just freezes. I find myself having to reboot the comp many times.

I read on the net that this could be due to fpr2039oe.dll. I have managed to locate this file and deleted it. So far, it has improved slightly but the speed of the connection still isnt what it used to be.

I have run Hijack and below is the report. Would appreciate if someone can help me decipher what files are corrupted and guide me on how to resolve this problem

Many thanks.

----------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:13:16 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\R-TT\R-Firewall\R-Firewall.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\R-TT\R-Firewall\Service\RTT_CRC_Service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [R-Firewall] C:\Program Files\R-TT\R-Firewall\R-Firewall.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000226.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1143983482812
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143994921375
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\dnjo0113e.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RTT CRC Service (RTT_CRC_Service) - Unknown owner - C:\Program Files\R-TT\R-Firewall\Service\RTT_CRC_Service.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
  • 0

Advertisements


#2
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi kpykpy

Welcome to G2G! :whistling:

* Download L2mfix from here or here.
  • Save the file to your desktop and double click l2mfix.exe.
  • Click the Install button to extract the files and follow the prompts.
  • Open the newly added l2mfix folder on your desktop.
  • Double click l2mfix.bat and click Accept after reading the agreement.
  • At the next screen, press any key on your keyboard to continue.
  • Select option #1 for Run Find Log by typing 1 and then pressing enter.
  • This will scan your computer and it may appear nothing is happening.
  • After a minute or two, notepad will open with a log.
  • Copy the contents of that log and paste it into this thread.
  • IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
* Note: If you receive an error while running option #1 like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications, choose close to terminate the application.."...then do one of the following:
  • 1: Click on the l2mfix.bat again and choose option # 5 for Fix Autoexec.nt/cmd.exe error.
    2: Alternatively, you can click the fixautont.html link in the l2mfix folder and follow the directions there.
  • Do not run the fix portion without fixing the error first.
  • After you have performed the procedures to fix the error, repeat the steps above to run option #1 for Run Find Log.

  • 0

#3
kpykpy

kpykpy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Flrman1

Thanks for ur reply and assistance.

Here's the log

L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\fpp0037me.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{0C688FF3-8C51-D2D3-E536-7B270B072F28}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{19CC43A1-6925-4B48-B292-830291F393A6}"="HPNSView"
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}"="SampleView"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{D66B68AF-3996-46B9-943C-68AE2B246ABB}"=""
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{9C295D8C-A54E-42A8-8781-EAC1928C649E}"=""
"{5142A391-24DF-47D6-91B4-9C06D32C8709}"=""
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{2CE1571F-8C8D-4360-8F57-A16AF5AA7407}"=""
"{965721F7-24A2-48D6-A9C8-DBBDCFEB9E1F}"=""
"{20082881-FC36-4E47-9A7A-644C95FF749F}"="IntelliPoint Wireless Control Panel Property Page"
"{653DCCC2-13DB-45B2-A389-427885776CFE}"="IntelliPoint Activities Control Panel Property Page"
"{124597D8-850A-41AE-849C-017A4FA99CA2}"="IntelliPoint Buttons Control Panel Property Page"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{687343EE-536B-4108-ACAB-E5687A220453}"=""
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D66B68AF-3996-46B9-943C-68AE2B246ABB}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{D66B68AF-3996-46B9-943C-68AE2B246ABB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D66B68AF-3996-46B9-943C-68AE2B246ABB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D66B68AF-3996-46B9-943C-68AE2B246ABB}\InprocServer32]
@="C:\\WINDOWS\\system32\\dkghelp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9C295D8C-A54E-42A8-8781-EAC1928C649E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9C295D8C-A54E-42A8-8781-EAC1928C649E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9C295D8C-A54E-42A8-8781-EAC1928C649E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9C295D8C-A54E-42A8-8781-EAC1928C649E}\InprocServer32]
@="C:\\WINDOWS\\system32\\afvapi32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5142A391-24DF-47D6-91B4-9C06D32C8709}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5142A391-24DF-47D6-91B4-9C06D32C8709}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5142A391-24DF-47D6-91B4-9C06D32C8709}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5142A391-24DF-47D6-91B4-9C06D32C8709}\InprocServer32]
@="C:\\WINDOWS\\system32\\dctrans(2).dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2CE1571F-8C8D-4360-8F57-A16AF5AA7407}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2CE1571F-8C8D-4360-8F57-A16AF5AA7407}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2CE1571F-8C8D-4360-8F57-A16AF5AA7407}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2CE1571F-8C8D-4360-8F57-A16AF5AA7407}\InprocServer32]
@="C:\\WINDOWS\\system32\\HAODStormEncoder.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{965721F7-24A2-48D6-A9C8-DBBDCFEB9E1F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{965721F7-24A2-48D6-A9C8-DBBDCFEB9E1F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{965721F7-24A2-48D6-A9C8-DBBDCFEB9E1F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{965721F7-24A2-48D6-A9C8-DBBDCFEB9E1F}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{687343EE-536B-4108-ACAB-E5687A220453}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{687343EE-536B-4108-ACAB-E5687A220453}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{687343EE-536B-4108-ACAB-E5687A220453}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{687343EE-536B-4108-ACAB-E5687A220453}\InprocServer32]
@="C:\\WINDOWS\\system32\\mlrdim.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
acidemgr.dll Sat Apr 15 2006 12:34:30p ..S.R 235,966 230.43 K
ali3d2ag.dll Sun Apr 16 2006 4:22:02a ..S.R 235,516 229.99 K
anidemgr.dll Tue Apr 18 2006 8:20:20p ..S.R 234,296 228.80 K
anipdlxx.dll Sat Apr 15 2006 3:59:28p ..S.R 236,023 230.49 K
arut.dll Sat Apr 15 2006 12:01:04p ..S.R 235,966 230.43 K
asdio3d.dll Sat Apr 15 2006 12:09:38p ..S.R 235,966 230.43 K
atsldpc.dll Wed Apr 12 2006 9:27:54p ..S.R 235,141 229.63 K
ayidemgr.dll Wed Apr 12 2006 12:04:26a ..S.R 234,004 228.52 K
aza6l9~1.dll Sat Apr 15 2006 4:04:00p ..S.R 234,255 228.76 K
browseui.dll Sat Mar 4 2006 4:33:40a A.... 1,022,976 999.00 K
capicom.dll Thu Feb 23 2006 11:41:04a A.... 466,944 456.00 K
cdfview.dll Sat Mar 4 2006 4:33:40a A.... 151,040 147.50 K
cmnfmsp.dll Sun Apr 9 2006 7:03:48p ..S.R 234,214 228.72 K
cxbcatex.dll Sat Apr 15 2006 11:53:26a ..S.R 235,218 229.70 K
d4j0le~1.dll Sat Apr 15 2006 12:09:38p ..S.R 236,980 231.43 K
danim.dll Sat Mar 4 2006 4:33:42a A.... 1,054,208 1.00 M
dbcprop2.dll Sat Apr 15 2006 10:57:30a ..S.R 233,888 228.41 K
dctaclen.dll Tue Apr 11 2006 12:13:18a ..S.R 235,109 229.60 K
ddcprop2.dll Sun Apr 9 2006 9:06:24p ..S.R 237,299 231.73 K
dfmstor.dll Thu Apr 13 2006 7:23:50p ..S.R 235,141 229.63 K
divx.dll Thu Apr 13 2006 7:57:00a A.... 619,156 604.64 K
divxwm~1.dll Tue Mar 21 2006 8:13:34p A.... 12,288 12.00 K
divx_x~1.dll Thu Apr 13 2006 7:57:00a A.... 778,240 760.00 K
divx_x~2.dll Thu Apr 13 2006 7:57:00a A.... 778,240 760.00 K
divx_x~3.dll Thu Apr 13 2006 7:57:00a A.... 761,856 744.00 K
djnetlib.dll Wed Apr 12 2006 12:13:10a ..S.R 234,004 228.52 K
dksec.dll Sat Apr 8 2006 2:34:12p ..S.R 233,799 228.32 K
dn0401~1.dll Tue Apr 11 2006 8:44:48p ..S.R 234,405 228.91 K
dnnu01~1.dll Fri Apr 14 2006 10:51:58a ..S.R 236,555 231.01 K
dnp801~1.dll Wed Apr 12 2006 12:04:26a ..S.R 234,875 229.37 K
dpl100.dll Sat Apr 8 2006 2:13:04a A.... 90,112 88.00 K
dpu10.dll Sat Apr 8 2006 2:13:04a A.... 294,912 288.00 K
dpu11.dll Sat Apr 8 2006 2:13:04a A.... 294,912 288.00 K
dpugui10.dll Sat Apr 8 2006 2:13:06a A.... 53,248 52.00 K
dpugui11.dll Sat Apr 8 2006 2:13:04a A.... 593,920 580.00 K
dpus11.dll Sat Apr 8 2006 2:13:04a A.... 344,064 336.00 K
dpv11.dll Sat Apr 8 2006 2:13:04a A.... 57,344 56.00 K
dtu100.dll Sat Apr 8 2006 2:13:04a A.... 200,704 196.00 K
dxtrans.dll Sat Mar 4 2006 4:33:42a A.... 205,312 200.50 K
edcapi.dll Tue Apr 11 2006 12:29:14a ..S.R 235,109 229.60 K
en8sl1~1.dll Fri Apr 14 2006 9:04:50p ..S.R 234,138 228.65 K
enjol1~1.dll Sat Apr 15 2006 10:57:30a ..S.R 235,199 229.68 K
extmgr.dll Sat Mar 4 2006 4:33:42a A.... 55,808 54.50 K
ey.dll Wed Apr 12 2006 9:21:32p ..S.R 235,141 229.63 K
f22mlc~1.dll Wed Apr 12 2006 9:35:38p ..S.R 236,263 230.72 K
feifs.dll Sat Apr 15 2006 12:27:26p ..S.R 235,966 230.43 K
ff_vfw.dll Mon Jan 23 2006 10:45:46p A.... 6,144 6.00 K
fjclient.dll Mon Apr 17 2006 12:51:50a ..S.R 233,981 228.50 K
fpp003~1.dll Wed Apr 19 2006 9:16:12p ..S.R 233,742 228.26 K
ftusd.dll Tue Apr 11 2006 12:21:42a ..S.R 235,109 229.60 K
g8lm0i~1.dll Mon Apr 10 2006 12:32:54a ..S.R 235,455 229.93 K
gp0ml3~1.dll Mon Apr 10 2006 1:07:58a ..S.R 233,799 228.32 K
gp0ul3~1.dll Sat Apr 15 2006 12:30:06p ..S.R 234,199 228.71 K
gp48l3~1.dll Sat Apr 15 2006 12:25:28a ..S.R 235,731 230.20 K
gpl2l3~1.dll Fri Apr 14 2006 10:59:56a ..S.R 236,837 231.29 K
gpnul3~1.dll Sun Apr 16 2006 11:25:34a ..S.R 234,224 228.73 K
gpp8l3~1.dll Sun Apr 9 2006 10:23:00p A.... 235,524 230.00 K
gwl2l3~1.dll Sat Apr 15 2006 11:30:30a ..S.R 234,654 229.15 K
h82oli~1.dll Sat Apr 15 2006 12:01:04p ..S.R 237,294 231.73 K
haodst~1.dll Sat Apr 15 2006 6:24:14p ..S.R 234,130 228.64 K
hr2805~1.dll Wed Apr 12 2006 9:27:54p ..S.R 235,966 230.43 K
hrl405~1.dll Sat Apr 15 2006 12:04:36p ..S.R 236,401 230.86 K
hrr405~1.dll Sat Apr 15 2006 12:41:58p ..S.R 236,461 230.92 K
i260lc~1.dll Wed Apr 19 2006 12:47:14a ..S.R 233,779 228.30 K
i2jqlc~1.dll Sat Apr 15 2006 12:34:30p ..S.R 234,004 228.52 K
idfxdo.dll Sat Apr 15 2006 11:14:42a ..S.R 233,888 228.41 K
ieetcfg.dll Sat Apr 15 2006 12:41:58p ..S.R 235,966 230.43 K
iepeers.dll Sat Mar 4 2006 4:33:42a A.... 251,392 245.50 K
iifxexps.dll Sat Apr 15 2006 11:22:46a ..S.R 234,406 228.91 K
inetcomm.dll Fri Mar 17 2006 10:07:18a A.... 679,424 663.50 K
inseng.dll Sat Mar 4 2006 4:33:42a A.... 96,256 94.00 K
ipm32.dll Mon Apr 10 2006 8:24:14a ..S.R 235,880 230.35 K
irss.dll Sun Apr 9 2006 6:42:46p ..S.R 236,039 230.50 K
j00sla~1.dll Thu Apr 13 2006 12:51:32a ..S.R 236,841 231.29 K
j4p00e~1.dll Tue Apr 11 2006 8:50:06p ..S.R 234,078 228.59 K
jt2q07~1.dll Fri Apr 14 2006 12:54:46a ..S.R 235,773 230.25 K
jt6m07~1.dll Sat Apr 15 2006 12:45:32p ..S.R 236,133 230.60 K
jtru07~1.dll Wed Apr 12 2006 9:31:40p ..S.R 236,138 230.60 K
k2260c~1.dll Thu Apr 13 2006 7:23:50p ..S.R 235,763 230.23 K
kcd101a.dll Sun Apr 9 2006 5:35:04p ..S.R 234,888 229.38 K
kedsmsno.dll Mon Apr 10 2006 11:22:26p ..S.R 234,004 228.52 K
kt00l7~1.dll Wed Apr 19 2006 8:11:14a ..S.R 233,751 228.27 K
kt06l7~1.dll Tue Apr 11 2006 12:13:18a ..S.R 236,716 231.17 K
kt86l7~1.dll Sat Apr 15 2006 11:30:30a ..S.R 236,341 230.80 K
ktddiv1.dll Sat Apr 8 2006 8:40:28a A.... 235,288 229.77 K
ktrul7~1.dll Wed Apr 12 2006 9:21:32p ..S.R 237,138 231.58 K
legitc~1.dll Tue Feb 14 2006 9:20:14a A.... 550,120 537.23 K
lhngwrbk.dll Sat Apr 15 2006 12:04:36p ..S.R 235,966 230.43 K
libdivx.dll Thu Apr 6 2006 7:11:34p A.... 1,044,480 1020.00 K
locmgr10.dll Sun Apr 16 2006 11:25:34a ..S.R 236,014 230.48 K
lv6209~1.dll Wed Apr 19 2006 8:07:22p ..S.R 233,938 228.45 K
lvl609~1.dll Sat Apr 15 2006 12:17:24a ..S.R 234,527 229.03 K
lvr609~1.dll Tue Apr 11 2006 12:21:42a ..S.R 235,808 230.28 K
lvtga11n.dll Wed Apr 19 2006 8:07:22p ..S.R 233,669 228.19 K
m2julc~1.dll Wed Apr 19 2006 11:52:42p ..S.R 235,654 230.13 K
mbvbvm50.dll Sat Apr 15 2006 4:04:02p ..S.R 236,023 230.49 K
mcafd.dll Tue Apr 18 2006 8:40:54p ..S.R 234,795 229.29 K
mcscp.dll Tue Apr 11 2006 8:50:08p ..S.R 234,004 228.52 K
meihnd.dll Tue Apr 11 2006 12:16:30a ..S.R 235,109 229.60 K
mfcpxl32.dll Sat Apr 15 2006 12:30:06p ..S.R 235,966 230.43 K
mkimsg.dll Mon Apr 10 2006 7:32:56a ..S.R 236,499 230.95 K
mlc71fra.dll Wed Apr 12 2006 9:31:40p ..S.R 235,141 229.63 K
mldart.dll Fri Apr 14 2006 12:29:32a ..S.R 235,246 229.73 K
mlrdim.dll Wed Apr 19 2006 11:52:42p ..S.R 233,742 228.26 K
mmstdfmt.dll Sat Apr 15 2006 12:52:16p ..S.R 235,966 230.43 K
mshtml.dll Thu Mar 23 2006 9:32:42p A.... 3,053,568 2.91 M
mshtmled.dll Sat Mar 4 2006 4:33:44a A.... 448,512 438.00 K
msrating.dll Sat Mar 4 2006 4:33:44a A.... 146,432 143.00 K
mstime.dll Sat Mar 4 2006 4:33:44a A.... 532,480 520.00 K
muisip.dll Sat Apr 8 2006 1:19:42p ..S.R 236,267 230.73 K
murd3x40.dll Sun Apr 9 2006 11:56:32p ..S.R 234,458 228.96 K
mvhtmler.dll Sun Apr 16 2006 1:04:32p ..S.R 236,014 230.48 K
mvr6l9~1.dll Sat Apr 15 2006 3:59:26p ..S.R 234,097 228.61 K
mxjet35.dll Sat Apr 15 2006 11:49:06a ..S.R 234,654 229.15 K
n4r2le~1.dll Fri Apr 14 2006 12:39:18a ..S.R 236,540 230.99 K
naevtmsg.dll Tue Apr 11 2006 7:54:12a ..S.R 235,308 229.79 K
ndtapi.dll Thu Apr 13 2006 12:51:34a ..S.R 235,141 229.63 K
ngrsnl.dll Fri Apr 14 2006 9:04:50p ..S.R 235,807 230.28 K
nmack.dll Sun Apr 16 2006 4:10:42a ..S.R 235,300 229.79 K
nxlanui2.dll Mon Apr 10 2006 10:15:28p ..S.R 235,998 230.46 K
nzshell.dll Sat Apr 15 2006 6:06:58p ..S.R 236,784 231.23 K
oobccu32.dll Mon Apr 10 2006 8:19:30a ..S.R 233,963 228.48 K
orexl32.dll Sun Apr 9 2006 7:08:16p ..S.R 235,287 229.77 K
owbcjt32.dll Tue Apr 11 2006 8:43:00p ..S.R 234,004 228.52 K
p4r40e~1.dll Mon Apr 10 2006 1:14:22a ..S.R 236,993 231.44 K
p6r40g~1.dll Tue Apr 11 2006 12:16:30a ..S.R 235,605 230.08 K
pcotowiz.dll Fri Apr 14 2006 8:17:36p ..S.R 235,604 230.08 K
pmofmap.dll Fri Apr 14 2006 9:40:20a ..S.R 235,246 229.73 K
pngfilt.dll Sat Mar 4 2006 4:33:44a A.... 39,424 38.50 K
pvutoenr.dll Mon Apr 10 2006 8:21:56p ..S.R 234,159 228.67 K
px.dll Thu Apr 6 2006 7:15:30p A.... 372,736 364.00 K
pxdrv.dll Thu Apr 6 2006 7:15:30p A.... 421,888 412.00 K
pxmas.dll Thu Apr 6 2006 7:15:30p A.... 172,032 168.00 K
pxspl.dll Fri Apr 14 2006 12:54:46a ..S.R 235,246 229.73 K
pxwave.dll Thu Apr 6 2006 7:15:30p A.... 339,968 332.00 K
qfsname.dll Fri Apr 14 2006 10:59:56a ..S.R 235,604 230.08 K
qt-dx331.dll Thu Apr 6 2006 7:11:22p A.... 3,596,288 3.43 M
qwartz.dll Thu Apr 13 2006 10:15:32p ..S.R 235,141 229.63 K
r2p8lc~1.dll Fri Apr 14 2006 12:29:32a ..S.R 237,118 231.56 K
rached20.dll Fri Apr 14 2006 12:39:18a ..S.R 235,246 229.73 K
rripxmib.dll Fri Apr 14 2006 10:01:38p ..S.R 235,807 230.28 K
rsched20.dll Sat Apr 15 2006 12:45:32p ..S.R 235,966 230.43 K
rvr20.dll Mon Apr 10 2006 12:51:04a ..S.R 235,317 229.80 K
rxbios32.dll Fri Apr 14 2006 10:51:58a ..S.R 235,604 230.08 K
scell32.dll Wed Apr 12 2006 9:20:54a ..S.R 235,141 229.63 K
shc_os.dll Mon Apr 10 2006 12:05:52a ..S.R 234,537 229.04 K
shdocvw.dll Thu Mar 30 2006 10:16:04a A.... 1,492,480 1.42 M
shell32.dll Fri Mar 17 2006 5:03:54a A.... 8,452,096 8.06 M
shlwapi.dll Sat Mar 4 2006 4:33:44a A.... 474,112 463.00 K
sirenacm.dll Tue Jan 24 2006 11:34:24a A.... 118,784 116.00 K
snftpub.dll Mon Apr 10 2006 11:10:16p ..S.R 236,666 231.12 K
snmapi.dll Sat Apr 15 2006 12:17:24a ..S.R 233,888 228.41 K
soscrap.dll Mon Apr 10 2006 1:14:22a ..S.R 236,499 230.95 K
ssldivx.dll Thu Apr 6 2006 7:11:34p A.... 200,704 196.00 K
sslunirl.dll Tue Apr 11 2006 9:50:44a ..S.R 235,929 230.40 K
stc.dll Sat Apr 15 2006 12:25:28a ..S.R 233,888 228.41 K
svscrap.dll Wed Apr 19 2006 9:16:12p ..S.R 233,669 228.19 K
tbrmmgr.dll Mon Apr 10 2006 11:18:12p ..S.R 237,053 231.50 K
urlmon.dll Sat Mar 18 2006 12:09:38p A.... 613,376 599.00 K
vkk2_dec.dll Tue Apr 11 2006 8:44:48p ..S.R 234,004 228.52 K
vxblock.dll Thu Apr 6 2006 7:15:30p A.... 28,672 28.00 K
wfnmm.dll Fri Apr 14 2006 10:10:58p ..S.R 236,258 230.72 K
wininet.dll Sat Mar 4 2006 4:33:46a A.... 658,432 643.00 K
wmp.dll Fri Mar 10 2006 6:09:14a A.... 5,533,696 5.28 M
wnaueng1.dll Mon Apr 10 2006 1:07:58a ..S.R 236,499 230.95 K
wqvcore.dll Sat Apr 15 2006 4:15:22p ..S.R 236,023 230.49 K
wuhcon.dll Wed Apr 12 2006 9:35:40p ..S.R 235,141 229.63 K
x264vfw.dll Fri Mar 10 2006 1:28:30a A.... 540,690 528.02 K
xpsp3res.dll Thu Mar 30 2006 2:00:14a A.... 16,384 16.00 K

169 items found: 169 files (121 H/S), 0 directories.
Total of file sizes: 66,658,151 bytes 63.57 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
perfst~1.tmp Mon Apr 10 2006 1:13:08a A.... 2,568 2.51 K

1 item found: 1 file, 0 directories.
Total of file sizes: 2,568 bytes 2.51 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C is HP_PAVILION
Volume Serial Number is A8AA-819D

Directory of C:\WINDOWS\System32

04/19/2006 11:52 PM 233,742 mlrdim.dll
04/19/2006 11:52 PM 235,654 m2julc191f.dll
04/19/2006 09:16 PM 233,669 svscrap.dll
04/19/2006 09:16 PM 233,742 fpp0037me.dll
04/19/2006 08:07 PM 233,669 lvtga11n.dll
04/19/2006 08:07 PM 233,938 lv6209joe.dll
04/19/2006 08:11 AM 233,751 kt00l7dm1.dll
04/19/2006 12:47 AM 233,779 i260lcjm1foa.dll
04/18/2006 08:40 PM 234,795 mcafd.dll
04/18/2006 08:20 PM 234,296 ANIDEMGR.dll
04/17/2006 12:51 AM 233,981 fjclient.dll
04/16/2006 01:04 PM 236,014 mvhtmler.dll
04/16/2006 11:25 AM 236,014 locmgr10.dll
04/16/2006 11:25 AM 234,224 gpnul3591.dll
04/16/2006 04:22 AM 235,516 ali3d2ag.dll
04/16/2006 04:10 AM 235,300 nmack.dll
04/15/2006 06:24 PM 234,130 HAODStormEncoder.dll
04/15/2006 06:06 PM 236,784 nzshell.dll
04/15/2006 04:15 PM 236,023 wqvcore.dll
04/15/2006 04:04 PM 236,023 mbvbvm50.dll
04/15/2006 04:03 PM 234,255 aza6l99s1.dll
04/15/2006 03:59 PM 236,023 anipdlxx.dll
04/15/2006 03:59 PM 234,097 mvr6l99s1.dll
04/15/2006 12:52 PM 235,966 MMSTDFMT.DLL
04/15/2006 12:45 PM 235,966 rSched20.dll
04/15/2006 12:45 PM 236,133 jt6m07j1e.dll
04/15/2006 12:41 PM 235,966 ieetcfg.dll
04/15/2006 12:41 PM 236,461 hrr4059qe.dll
04/15/2006 12:34 PM 235,966 ACIDEMGR.dll
04/15/2006 12:34 PM 234,004 i2jqlc151f.dll
04/15/2006 12:30 PM 235,966 mfcpxl32.dll
04/15/2006 12:30 PM 234,199 gp0ul3d91.dll
04/15/2006 12:27 PM 235,966 feifs.dll
04/15/2006 12:09 PM 235,966 Asdio3D.dll
04/15/2006 12:09 PM 236,980 d4j0le1m1h.dll
04/15/2006 12:04 PM 235,966 lHngwrbk.dll
04/15/2006 12:04 PM 236,401 hrl4053qe.dll
04/15/2006 12:01 PM 235,966 ARut.dll
04/15/2006 12:01 PM 237,294 h82olif3182.dll
04/15/2006 11:53 AM 235,218 cxbcatex.dll
04/15/2006 11:49 AM 234,654 mxjet35.dll
04/15/2006 11:30 AM 234,654 gwl2l33o1.dll
04/15/2006 11:30 AM 236,341 kt86l7ls1.dll
04/15/2006 11:22 AM 234,406 iifxexps.dll
04/15/2006 11:14 AM 233,888 idfxdo.dll
04/15/2006 10:57 AM 233,888 dbcprop2.dll
04/15/2006 10:57 AM 235,199 enjol1131.dll
04/15/2006 12:25 AM 233,888 stc.dll
04/15/2006 12:25 AM 235,731 gp48l3hu1.dll
04/15/2006 12:17 AM 233,888 snmapi.dll
04/15/2006 12:17 AM 234,527 lvl6093se.dll
04/14/2006 10:10 PM 236,258 wfnmm.dll
04/14/2006 10:01 PM 235,807 rripxmib.dll
04/14/2006 09:04 PM 235,807 ngrsnl.dll
04/14/2006 09:04 PM 234,138 en8sl1l71.dll
04/14/2006 08:17 PM 235,604 pcotowiz.dll
04/14/2006 10:59 AM 235,604 qfsname.dll
04/14/2006 10:59 AM 236,837 gpl2l33o1.dll
04/14/2006 10:51 AM 235,604 RXBios32.dll
04/14/2006 10:51 AM 236,555 dnnu0159e.dll
04/14/2006 09:40 AM 235,246 pmofmap.dll
04/14/2006 12:54 AM 235,246 pxspl.dll
04/14/2006 12:54 AM 235,773 jt2q07f5e.dll
04/14/2006 12:39 AM 235,246 rached20.dll
04/14/2006 12:39 AM 236,540 n4r2le9o1h.dll
04/14/2006 12:29 AM 235,246 mldart.dll
04/14/2006 12:29 AM 237,118 r2p8lc7u1f.dll
04/13/2006 10:15 PM 235,141 qwartz.dll
04/13/2006 07:23 PM 235,141 dfmstor.dll
04/13/2006 07:23 PM 235,763 k2260cfsef260.dll
04/13/2006 12:51 AM 235,141 ndtapi.dll
04/13/2006 12:51 AM 236,841 j00slad71d0.dll
04/12/2006 09:35 PM 235,141 wuhcon.dll
04/12/2006 09:35 PM 236,263 f22mlcf11f2.dll
04/12/2006 09:31 PM 235,141 MLC71FRA.DLL
04/12/2006 09:31 PM 236,138 jtru0799e.dll
04/12/2006 09:27 PM 235,141 atsldpc.dll
04/12/2006 09:27 PM 235,966 hr2805fue.dll
04/12/2006 09:21 PM 235,141 ey.dll
04/12/2006 09:21 PM 237,138 ktrul7991.dll
04/12/2006 09:20 AM 235,141 scell32.dll
04/12/2006 12:13 AM 234,004 djnetlib.dll
04/12/2006 12:04 AM 234,004 AYIDEMGR.dll
04/12/2006 12:04 AM 234,875 dnp8017ue.dll
04/11/2006 08:50 PM 234,004 MCSCP.dll
04/11/2006 08:50 PM 234,078 j4p00e7meh.dll
04/11/2006 08:44 PM 234,004 vKk2_dec.dll
04/11/2006 08:44 PM 234,405 dn0401dqe.dll
04/11/2006 08:42 PM 234,004 owbcjt32.dll
04/11/2006 09:50 AM 235,929 sslunirl.dll
04/11/2006 07:54 AM 235,308 naevtmsg.dll
04/11/2006 12:29 AM 235,109 edcapi.dll
04/11/2006 12:21 AM 235,109 ftusd.dll
04/11/2006 12:21 AM 235,808 lvr6099se.dll
04/11/2006 12:16 AM 235,109 meihnd.dll
04/11/2006 12:16 AM 235,605 p6r40g9qe6.dll
04/11/2006 12:13 AM 235,109 dCtaclen.dll
04/11/2006 12:13 AM 236,716 kt06l7ds1.dll
04/10/2006 11:22 PM 234,004 kedsmsno.dll
04/10/2006 11:18 PM 237,053 tbrmmgr.dll
04/10/2006 11:10 PM 236,666 snftpub.dll
04/10/2006 10:15 PM 235,998 nxlanui2.dll
04/10/2006 08:21 PM 234,159 pVutoenr.dll
04/10/2006 08:24 AM 235,880 ipm32.dll
04/10/2006 08:19 AM 233,963 oobccu32.dll
04/10/2006 07:32 AM 236,499 mkimsg.dll
04/10/2006 01:14 AM 236,499 soscrap.dll
04/10/2006 01:14 AM 236,993 p4r40e9qeh.dll
04/10/2006 01:07 AM 236,499 wnaueng1.dll
04/10/2006 01:07 AM 233,799 gp0ml3d11.dll
04/10/2006 12:51 AM 235,317 rvr20.dll
04/10/2006 12:32 AM 235,455 g8lm0i31e8.dll
04/10/2006 12:05 AM 234,537 shc_os.dll
04/09/2006 11:56 PM 234,458 murd3x40.dll
04/09/2006 09:06 PM 237,299 ddcprop2.dll
04/09/2006 07:08 PM 235,287 orexl32.dll
04/09/2006 07:03 PM 234,214 cmnfmsp.dll
04/09/2006 06:42 PM 236,039 irss.dll
04/09/2006 05:35 PM 234,888 kcd101a.dll
04/08/2006 02:34 PM 233,799 dksec.dll
04/08/2006 01:19 PM 236,267 muisip.dll
121 File(s) 28,471,485 bytes
0 Dir(s) 14,435,008,512 bytes free
  • 0

#4
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Close any programs you have open since this step requires a reboot.
  • Open the l2mfix folder and double click l2mfix.bat.
  • Select option #2 for Run Fix by typing 2 then pressing enter.
  • Your desktop and icons will disappear (this is normal).
  • L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot.
  • Press any key to reboot.
  • After the reboot notepad will open with a log.
  • Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.
  • IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • If after the reboot the log does not open, double click on it in the l2mfix folder.

  • 0

#5
kpykpy

kpykpy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks again. I have done as you asked. please see below for the l2mfix and hijack logs. please advise me wot to do next.

thx.

a) l2mfix

L2mfix 032106
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)


b) hijack

Logfile of HijackThis v1.99.1
Scan saved at 9:33:56 AM, on 4/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\R-TT\R-Firewall\R-Firewall.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\R-TT\R-Firewall\Service\RTT_CRC_Service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [R-Firewall] C:\Program Files\R-TT\R-Firewall\R-Firewall.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000226.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1143983482812
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143994921375
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\hr8s05l7e.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: RTT CRC Service (RTT_CRC_Service) - Unknown owner - C:\Program Files\R-TT\R-Firewall\Service\RTT_CRC_Service.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
  • 0

#6
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
The L2mfix failed to remove the l2m infection so we are going to remove some of the other malware you have next then try removing l2m again afterwards.

* Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • If you cannot download the updates, update manuallly according to the directions here.
  • DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.


* Click here to download Brute Force Uninstaller (bfu.zip) and save it to your C:\ drive.
  • Next you must unzip the bfu.zip file to its own folder on C:\ so that the path to it is C:\BFU.
  • The file path must be C:\BFU for the removal to work.
* Next download the alcanshorty.bfu script and save it to the C:\BFU folder.
  • RIGHT-CLICK HERE and choose "Save As" (in Internet Explorer it's "Save Target As") to download alcanshorty.bfu.
  • Set the "Save as type" box to "All Files".
  • Save it in the C:\BFU folder you made earlier
* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
* Run the alcanshorty.bfu script:
  • Start the Brute Force Uninstaller by doubleclicking the BFU.exe in the C:\BFU folder.
  • In the scriptline to execute copy and paste this line:

    c:\bfu\alcanshorty.bfu

  • Press execute and let it run.
  • Wait for the complete script execution box to popup and press OK.
  • Press exit to terminate the BFU program.
* * Restart back into Windows normally now.


* Come back here and post a new HijackThis log, as well as the log from the Ewido scan.
  • 0

#7
kpykpy

kpykpy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hi there. here are the ewido and hijack logs

a) ewido

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:47:58 PM, 4/21/2006
+ Report-Checksum: 57039503

+ Scan result:

HKU\.DEFAULT\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-18\Software\DNS -> Adware.Shorty : Cleaned with backup
[764] C:\WINDOWS\system32\rjchost.dll -> Adware.Look2Me : Cleaned with backup
[908] C:\WINDOWS\system32\rjchost.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner.YOUR-U2KZFIB7P8\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.YOUR-U2KZFIB7P8\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.YOUR-U2KZFIB7P8\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner.YOUR-U2KZFIB7P8\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner.YOUR-U2KZFIB7P8\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Owner.YOUR-U2KZFIB7P8\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.YOUR-U2KZFIB7P8\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner.YOUR-U2KZFIB7P8\Local Settings\Temporary Internet Files\Content.IE5\456VWXMZ\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\hp\bin\Terminator.exe -> Trojan.KillApp.30208 : Cleaned with backup
C:\WINDOWS\system32\ACIDEMGR.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ali3d2ag.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ANIDEMGR.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\anipdlxx.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ARut.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\Asdio3D.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\atsldpc.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\AYIDEMGR.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\aza6l99s1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cmnfmsp.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cxbcatex.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\d4j0le1m1h.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dbcprop2.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dCtaclen.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ddcprop2.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dfmstor.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\djnetlib.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dksec.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dn0401dqe.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dnnu0159e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dnp6017se.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dnp8017ue.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\edcapi.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\en8sl1l71.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\enjol1131.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ey.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\f22mlcf11f2.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\feifs.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fjclient.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fpjo0313e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ftusd.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\g8lm0i31e8.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\gp0ml3d11.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\gp0ul3d91.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\gp48l3hu1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\gpl2l33o1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\gpnul3591.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\gpp8l37u1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\gwl2l33o1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\h82olif3182.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\HAODStormEncoder.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\hr2805fue.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\hrl4053qe.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\hrn0055me.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\hrr4059qe.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\hutplug.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\i260lcjm1foa.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\i2jqlc151f.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\idfxdo.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ieetcfg.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\iifxexps.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ipm32.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\irss.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\j00slad71d0.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\j4p00e7meh.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\jt2q07f5e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\jt6m07j1e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\jtru0799e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\k2260cfsef260.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kcd101a.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kedsmsno.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kt00l7dm1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kt06l7ds1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kt86l7ls1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ktddiv1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ktrul7991.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lcgif11n.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lHngwrbk.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\locmgr10.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lv6209joe.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lvl6093se.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lvr6099se.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lvtga11n.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mbvbvm50.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mcafd.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\MCSCP.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\meihnd.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mfcpxl32.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mfjtes40.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mixml3.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mkimsg.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\MLC71FRA.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mldart.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\MMSTDFMT.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\muisip.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\murd3x40.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mvhtmler.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mvr6l99s1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mxjet35.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\n4r2le9o1h.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\naevtmsg.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ndtapi.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ngrsnl.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nmack.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nxlanui2.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nzshell.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\oobccu32.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\orexl32.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\owbcjt32.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\p4r40e9qeh.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\p6r40g9qe6.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\pcotowiz.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\pmofmap.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\pVutoenr.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\pxspl.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\qfsname.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\qwartz.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\r2p8lc7u1f.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\r6r6lg9s16.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rached20.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rhipxmib.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rjchost.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rripxmib.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rSched20.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rvr20.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\RXBios32.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\scell32.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\shc_os.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\snftpub.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\snmapi.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\soscrap.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\sslunirl.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\stc.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\tbrmmgr.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\uyildll.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\vKk2_dec.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wfnmm.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wnaueng1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wqvcore.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wuhcon.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\bw2.com -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup


::Report End

b) Hijack

Logfile of HijackThis v1.99.1
Scan saved at 11:54:11 PM, on 4/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\R-TT\R-Firewall\R-Firewall.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\R-TT\R-Firewall\Service\RTT_CRC_Service.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [R-Firewall] C:\Program Files\R-TT\R-Firewall\R-Firewall.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000226.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1143983482812
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143994921375
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: RTT CRC Service (RTT_CRC_Service) - Unknown owner - C:\Program Files\R-TT\R-Firewall\Service\RTT_CRC_Service.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
  • 0

#8
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* I just noticed that you have three antiviruses running; AVG, Norton and Avast. You should never run more then one antivirus on a machine. They will conflict with each other causing a variety of problems. You need to decide which one you are going to use and remove the others.


* Click here to download ATF Cleaner by Atribune and save it to your desktop.


* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


** Before you proceed with the removal directions below you need to turn off Windows Defender's realtime protection as it will interfere with the changes we are trying to make.
  • Open Windows Defender and click on Tools > General Settings.
  • Scroll down and remove the check by "Turn on realtime protection (recommended)".
  • Click "Save"
  • Restart your computer.
  • Leave it disabled until we are finished here.

* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe

O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe

O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000226.exe



* Close Hijack This.


* Go to Start > Run and type in cmd

Click OK

This will open a command shell. In the command window Copy and Paste the following commands one at a time exactly as the appear below and hit the Enter key after each one:

Copy and paste:

sc stop Win32Sr

Hit Enter

sc delete Win32Sr

Hit Enter

Exit the command prompt.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\windows\mousepad5.exe

    C:\Program Files\Common Files\Windows\mc-110-12-0000226.exe

    C:\windows\keyboard5.exe

    C:\WINDOWS\win32ssr.exe


  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.
* Run ATF Cleaner:
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]
* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Post a new HiJackThis log along with the results from ActiveScan
  • 0

#9
kpykpy

kpykpy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi there

Thanks for the advice re: anti-virus. I do have two anti-viruses running - Avast and AVG. This is becos my usual anti-virus, Norton cannot be loaded after the virus attack. Any advice there?

I ran Activescan and before it could do the scan, I was asked to download some software - which I did. Avast detected that there was a virus/worm. So in order to run the scan, I disabled Avast.

The Activescan and Hijack results are below.


a) Activescan


Incident Status Location

Adware:adware/wupd Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\ActiveX.inf
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Owner.YOUR-U2KZFIB7P8\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/ncase Not disinfected C:\WINDOWS\didduid.ini
Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\COMMON FILES\Windows
Adware:adware/savenow Not disinfected Windows Registry
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Owner.YOUR-U2KZFIB7P8\Cookies\[email protected][1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner.YOUR-U2KZFIB7P8\Cookies\[email protected][1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Owner.YOUR-U2KZFIB7P8\Cookies\[email protected]plist[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner.YOUR-U2KZFIB7P8\Desktop\l2mfix\Process.exe
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Adware:Adware/WUpd Not disinfected C:\WINDOWS\Downloaded Program Files\ActiveX.inf
Adware:Adware/CommAd Not disinfected C:\WINDOWS\SyBQIFllb25n\mV1kKI55vZcB.vbs
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe


b) Hijack

Logfile of HijackThis v1.99.1
Scan saved at 6:01:34 PM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\R-TT\R-Firewall\R-Firewall.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\R-TT\R-Firewall\Service\RTT_CRC_Service.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
c:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb9.hpwis.com/
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [R-Firewall] C:\Program Files\R-TT\R-Firewall\R-Firewall.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1143983482812
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143994921375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AE7764A-B97A-4060-BAA5-073D3E114C32}: NameServer = 62.241.162.200 62.241.163.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AE7764A-B97A-4060-BAA5-073D3E114C32}: NameServer = 62.241.162.200 62.241.163.201
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: RTT CRC Service (RTT_CRC_Service) - Unknown owner - C:\Program Files\R-TT\R-Firewall\Service\RTT_CRC_Service.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#10
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
I'm sorry for the delay in response to your last post, but I was not notified of your reply.

If you need to continue this, please post a new Hijack This log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP