Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Explorer.exe keeps restarting.


  • Please log in to reply

#1
Teddybear999

Teddybear999

    Member

  • Member
  • PipPip
  • 19 posts
Hi there. I've noticed the last 3 months or so, (I know I should have done something sooner) that windsows explorer.exe keeps saying it needs to close, then it restarts again. Then Dr Watson comes on and says it can't run because of a problems. Explorer.exe is not really a problem because it restarts straight away, it's just a pest. I have done all the cleaning by running ATF and my anti virus plus spyware programs and nothing was found. I am therefore stuck as to what the problem is. Could you possibly help in anyway.

Teddy


Logfile of HijackThis v1.99.1
Scan saved at 09:32:06, on 02/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
F:\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Nod32\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
F:\TurboFTP\tftpsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
F:\Nod32\nod32kui.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
F:\PieAutoUpdater\PieAutoUpdater.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
F:\Winamp\winampa.exe
F:\Spybot - Search & Destroy\TeaTimer.exe
F:\PieAutoUpdater\pglite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\4144\SiteAdv.exe
F:\hijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
O1 - Hosts: 209.216.205.104 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.2 test3201.winmx.com test3205.winmx.com
O1 - Hosts: 205.238.40.2 test3202.winmx.com test3206.winmx.com
O1 - Hosts: 205.238.40.1 test3203.winmx.com test3207.winmx.com
O1 - Hosts: 205.238.40.1 test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O4 - HKLM\..\Run: [nod32kui] "F:\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] F:\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "G:\Stardock\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Pie Auto Updater] "F:\PieAutoUpdater\PieAutoUpdater.exe"
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [WinampAgent] F:\Winamp\winampa.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) -
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{36123697-786D-4840-90DC-8654909819FA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{36123697-786D-4840-90DC-8654909819FA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{36123697-786D-4840-90DC-8654909819FA}: NameServer = 192.168.1.1
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Nod32\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - F:\SiSoftware Sandra Engineer 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\SiSoftware Sandra Engineer 2007\RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TurboFTP Sync Service (TBFTPSyncService) - TurboSoft,Inc - F:\TurboFTP\tftpsvc.exe
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi Teddybear999 and Welcome to GeekstoGo!


Download The Hoster from here:
http://www.funkytoad...load/hoster.zip

Right Click the Zip Folder and Select "Extract All"

Open Hoster and Make sure that the "Make Hosts Writable?" button in the upper right corner is Enabled

Click "Back up Host files"

Press "Restore Original Hosts" and press "OK"

Exit the Program.


Please download Combofix to your desktop.
http://download.blee...Bs/combofix.exe

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.
  • 0

#3
Teddybear999

Teddybear999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Just completed the hoster and combofix. Here's the combofix log.



Teddybear - 06-11-02 10:44:17.60 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Teddybear\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-02 to 2006-11-02 ))))))))))))))))))))))))))))))))))


2006-10-31 04:33 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-31 04:33 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-30 18:55 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-30 15:37 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2006-10-30 15:37 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2006-10-29 22:06 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-29 22:06 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-29 22:06 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-10-23 21:21 5,248 --a------ C:\WINDOWS\system32\giveio.sys
2006-10-06 13:46 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2006-10-06 10:19 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2006-10-05 11:36 414,272 --a------ C:\WINDOWS\system32\DIVXc32f.dll
2006-10-05 11:36 414,272 --a------ C:\WINDOWS\system32\DIVXc32.dll
2006-10-05 07:51 94,208 --a------ C:\WINDOWS\system32\OSSMTP.dll
2006-10-05 07:51 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2006-10-05 07:51 282,624 C:\WINDOWS\system32LCARS Terminal.scr
2006-10-04 19:18 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2006-10-04 05:08 40,208 --a------ C:\WINDOWS\system32\dsetup.dll
2006-10-04 05:08 161,280 --a------ C:\WINDOWS\system32\fmod.dll
2006-10-02 19:04 806,912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 19:04 806,912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 19:04 790,528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 19:04 635,486 --a------ C:\WINDOWS\system32\DivX.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-02 05:57 -------- d-------- C:\Documents and Settings\Teddybear\Application Data\uTorrent
2006-10-31 04:48 -------- d-------- C:\Program Files\Internet Explorer
2006-10-30 20:25 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-30 20:25 -------- d-------- C:\Program Files\QuickTime
2006-10-30 20:05 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-30 19:01 -------- d-------- C:\Program Files\Messenger
2006-10-30 16:28 2772480 --a------ C:\WINDOWS\system32\logonuiX.exe
2006-10-30 15:31 -------- d-------- C:\Documents and Settings\Teddybear\Application Data\DivX
2006-10-30 13:51 -------- d-------- C:\Program Files\Stardock
2006-10-30 10:08 -------- d-------- C:\Program Files\DivX
2006-10-29 22:06 -------- d-------- C:\Documents and Settings\Teddybear\Application Data\Winamp
2006-10-26 06:11 -------- d-------- C:\Documents and Settings\Teddybear\Application Data\Media Player Classic
2006-10-25 08:53 -------- d-------- C:\Documents and Settings\Teddybear\Application Data\Eltima Software
2006-10-23 21:16 -------- d-------- C:\Program Files\SSC Service Utility
2006-10-23 18:10 -------- d-------- C:\Documents and Settings\Teddybear\Application Data\Real
2006-10-17 13:33 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-10-17 13:33 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 13:33 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-10-17 13:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-17 13:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-17 13:33 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-10-17 13:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --a------ C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 13:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-17 13:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-17 13:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 13:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-17 13:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-17 13:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 13:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-17 13:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-17 12:58 61952 --a------ C:\WINDOWS\system32\icardie.dll
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --a------ C:\WINDOWS\system32\ieapfltr.dll
2006-10-17 12:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-14 12:03 -------- d-------- C:\Documents and Settings\Teddybear\Application Data\SiteAdvisor
2006-10-14 09:02 -------- d-------- C:\Program Files\SiteAdvisor
2006-10-08 06:05 71168 --a------ C:\Documents and Settings\Teddybear\Application Data\GDIPFONTCACHEV1.DAT
2006-10-08 05:10 -------- d-------- C:\Program Files\Security Task Manager
2006-10-08 04:34 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-05 15:41 -------- d-------- C:\Program Files\WinRAR
2006-10-05 11:09 -------- d-------- C:\Program Files\DOSBox-0.65
2006-10-04 19:18 -------- d-------- C:\Program Files\Common Files\Stardock
2006-10-02 15:48 -------- d-------- C:\Program Files\IconTweaker
2006-10-02 13:56 -------- d-------- C:\Program Files\Common Files
2006-10-02 05:16 -------- d-------- C:\Program Files\Diskeeper Corporation
2006-10-02 05:07 -------- d-------- C:\Documents and Settings\Teddybear\Application Data\Leadertech
2006-09-30 14:55 -------- d-------- C:\Documents and Settings\Teddybear\Application Data\Vso
2006-09-30 10:03 -------- d-------- C:\Program Files\McAfee.com
2006-09-30 08:22 -------- d-------- C:\Program Files\CoffeeCup Software
2006-09-27 07:00 34 --a------ C:\Documents and Settings\Teddybear\Application Data\pcouffin.log
2006-09-27 07:00 10752 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-27 06:59 81920 --a------ C:\Documents and Settings\Teddybear\Application Data\ezpinst.exe
2006-09-27 06:59 7176 --a------ C:\Documents and Settings\Teddybear\Application Data\pcouffin.cat
2006-09-27 06:59 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-09-27 06:59 47360 --a------ C:\Documents and Settings\Teddybear\Application Data\pcouffin.sys
2006-09-27 06:59 1144 --a------ C:\Documents and Settings\Teddybear\Application Data\pcouffin.inf
2006-09-27 06:59 -------- d-------- C:\Program Files\vso
2006-09-26 20:53 -------- d-------- C:\Documents and Settings\Teddybear\Application Data\dvdcss
2006-09-26 14:53 -------- d-------- C:\Program Files\EPSON Print CD
2006-09-24 15:54 81920 --a------ C:\WINDOWS\system32\zmbv.dll
2006-09-24 15:50 -------- d-------- C:\Program Files\DOSBox-0.63
2006-09-21 09:16 -------- d-------- C:\Documents and Settings\Teddybear\Application Data\VCOM
2006-09-20 10:20 -------- d---s---- C:\Documents and Settings\Teddybear\Application Data\Microsoft
2006-09-18 10:04 -------- d-------- C:\Program Files\Magentic
2006-09-15 19:29 -------- d-------- C:\Documents and Settings\Teddybear\Application Data\Yahoo!
2006-09-14 13:34 -------- d-------- C:\Documents and Settings\Teddybear\Application Data\Emulators
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-11 14:29 -------- d-------- C:\Documents and Settings\Teddybear\Application Data\TurboFTP
2006-09-09 09:31 30988 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2006-09-08 18:09 282624 --a------ C:\WINDOWS\system32\LCARS Terminal.scr
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-26 06:30 1263616 --a------ C:\WINDOWS\system32\aurora.scr
2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-25 03:47 115880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-08-24 06:58 773120 --a------ C:\WINDOWS\system32\bubbles.scr
2006-08-24 06:58 117248 --a------ C:\WINDOWS\system32\ribbons.scr
2006-08-21 12:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-14 10:49 274432 --a------ C:\WINDOWS\system32\imon.dll
2006-08-10 23:03 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-10 23:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-06 10:45 458827 --a------ C:\WINDOWS\system32\Magentic Screensaver.scr
2006-08-05 12:12 10752 --------- C:\WINDOWS\system32\pxwma.dll
2006-08-05 08:58 35365 --a------ C:\WINDOWS\system32\uninstHelixYUV.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpybotSD TeaTimer"="F:\\Spybot - Search & Destroy\\TeaTimer.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nod32kui"="\"F:\\Nod32\\nod32kui.exe\" /WAITSERVICE"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"InCD"="F:\\Nero 7\\InCD\\InCD.exe"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"BootSkin Startup Jobs"="\"G:\\Stardock\\BootSkin\\BootSkin.exe\" /StartupJobs"
"Pie Auto Updater"="\"F:\\PieAutoUpdater\\PieAutoUpdater.exe\""
"SSC Service Utility"="C:\\Program Files\\SSC Service Utility\\ssc_serv.exe /s"
"WinampAgent"="F:\\Winamp\\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000002

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnsc"="C:\\WINDOWS\\system32\\msnsc.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"msnsc"="C:\\WINDOWS\\system32\\msnsc.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoInternetIcon"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000001
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoInternetIcon"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoSaveSettings"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoInternetIcon"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoSaveSettings"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"IncrediMail"="F:\\IncrediMail\\bin\\IncMail.exe /c"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\User_Feed_Synchronization-{513A8307-D38B-4E8F-8214-C8E0CAB3ECE9}.job

Completion time: 06-11-02 10:45:02.60
C:\ComboFix.txt ... 06-11-02 10:45
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Im off to work but will be back later this afternoon to check in on ya. :whistling:


Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log


After posting those 2 logs,Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#5
Teddybear999

Teddybear999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Have completed said operations and here's all the logs.



SDFix: Version 1.35
-------------------

Scan run on:
02/11/2006

Time:
11:29


Microsoft Windows XP [Version 5.1.2600]

Running from: C:\Documents and Settings\Teddybear\Desktop\SDFix

Stage One...

Checking Services...

Name:
-----


Path:
----




Repairing Registry...


Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two...

Checking For Malware:
--------------------


Backing Up and Removing any Files Found...

Final Check:

Services:
---------


Files:
------


Any files removed are saved to the SDFix\backups Folder

FINISHED

*****************************************************************************************


Logfile of HijackThis v1.99.1
Scan saved at 11:47:52, on 02/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
F:\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Nod32\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
F:\TurboFTP\tftpsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
F:\Nod32\nod32kui.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
F:\PieAutoUpdater\PieAutoUpdater.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
F:\PieAutoUpdater\pglite.exe
F:\Winamp\winampa.exe
F:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\4144\SiteAdv.exe
F:\hijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O4 - HKLM\..\Run: [nod32kui] "F:\Nod32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] F:\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "G:\Stardock\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Pie Auto Updater] "F:\PieAutoUpdater\PieAutoUpdater.exe"
O4 - HKLM\..\Run: [SSC Service Utility] C:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [WinampAgent] F:\Winamp\winampa.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) -
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) -
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{36123697-786D-4840-90DC-8654909819FA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{36123697-786D-4840-90DC-8654909819FA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{36123697-786D-4840-90DC-8654909819FA}: NameServer = 192.168.1.1
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Nod32\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - F:\SiSoftware Sandra Engineer 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - F:\SiSoftware Sandra Engineer 2007\RpcSandraSrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TurboFTP Sync Service (TBFTPSyncService) - TurboSoft,Inc - F:\TurboFTP\tftpsvc.exe

*****************************************************************************************

Scanning Report
Thursday, November 02, 2006 11:53:39 - 13:09:33
Computer name: TEDDYSPUTER
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ M:\ N:\ O:\ P:\ Q:\ R:\


--------------------------------------------------------------------------------

Result: 6 malware found
Bofra.E@mm (virus)
C:\PROGRAM FILES\PTGUI\PATCH.EXE (Submitted)
Possible Browser Hijack attempt (spyware)
System (Disinfected)
Tracking Cookie (spyware)
System (Disinfected)
W32/Botol.O (virus)
I:\SPYWARE PROGS\KEYGEN.EXE (Submitted)
W32/Horst.gen (virus)
C:\D\G\M\1\MATROX.POWERDESK.EXE (Submitted)
Zlob.KIA (virus)
G:\REALANIME5\FFDSHOW\UNINSTALL.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 38657
System: 5028
Not scanned: 2
Actions:
Disinfected: 2
Renamed: 0
Deleted: 0
None: 4
Submitted: 4
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-11-01
F-Secure Libra: 2.4.1, 2006-11-02
F-Secure Orion: 1.2.37, 2006-11-01
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-08-29
F-Secure Draco: 1.0.35, 0259-24-212
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure



Teddy
  • 0

#6
Teddybear999

Teddybear999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
It's now been a few hours since I foloow your instructions and explorer.exehas only had a problem once. That was just after the f-secure had ran and b4 I had rebooted. It's now 19.10 and Internet explorer has just had a problem. I enclose the appcompat.txt that was created with the error. It is Iternet Explorer 7 Final.

Teddy


<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="iexplore.exe" FILTER="GRABMI_FILTER_PRIVACY">
<MATCHING_FILE NAME="custsat.dll" SIZE="33792" CHECKSUM="0xA30E1EC0" BIN_FILE_VERSION="9.0.3790.2428" BIN_PRODUCT_VERSION="9.0.3790.2428" PRODUCT_VERSION="9.0.3790.2428" FILE_DESCRIPTION="custsat" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="9.0.3790.2428 (srv03_sp1_qfe.050422-1043)" ORIGINAL_FILENAME="custsat.dll" INTERNAL_NAME="custsat" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xAD75" LINKER_VERSION="0x50002" UPTO_BIN_FILE_VERSION="9.0.3790.2428" UPTO_BIN_PRODUCT_VERSION="9.0.3790.2428" LINK_DATE="10/17/2006 20:33:39" UPTO_LINK_DATE="10/17/2006 20:33:39" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="hmmapi.dll" SIZE="60416" CHECKSUM="0x66589FD9" BIN_FILE_VERSION="7.0.5730.11" BIN_PRODUCT_VERSION="7.0.5730.11" PRODUCT_VERSION="7.00.5730.11" FILE_DESCRIPTION="Microsoft HTTP Mail Simple MAPI" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="7.00.5730.11 (winmain(wmbla).061017-1135)" ORIGINAL_FILENAME="HMMAPI.DLL" INTERNAL_NAME="HMMAPI" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1BEA3" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="7.0.5730.11" UPTO_BIN_PRODUCT_VERSION="7.0.5730.11" LINK_DATE="10/17/2006 19:44:33" UPTO_LINK_DATE="10/17/2006 19:44:33" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="iedw.exe" SIZE="69120" CHECKSUM="0x32DBF109" BIN_FILE_VERSION="7.0.5730.11" BIN_PRODUCT_VERSION="7.0.5730.11" PRODUCT_VERSION="7.00.5730.11" FILE_DESCRIPTION="IE Crash Detection" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="7.00.5730.11 (winmain(wmbla).061017-1135)" ORIGINAL_FILENAME="IEDW.EXE" INTERNAL_NAME="iedw" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x15A1B" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="7.0.5730.11" UPTO_BIN_PRODUCT_VERSION="7.0.5730.11" LINK_DATE="10/17/2006 20:04:45" UPTO_LINK_DATE="10/17/2006 20:04:45" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ieproxy.dll" SIZE="287744" CHECKSUM="0xA4B55A7A" BIN_FILE_VERSION="7.0.5730.11" BIN_PRODUCT_VERSION="7.0.5730.11" PRODUCT_VERSION="7.00.5730.11" FILE_DESCRIPTION="IE ActiveX Interface Marshaling Library" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="7.00.5730.11 (winmain(wmbla).061017-1135)" ORIGINAL_FILENAME="ieproxy.dll" INTERNAL_NAME="ieproxy.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4F93F" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="7.0.5730.11" UPTO_BIN_PRODUCT_VERSION="7.0.5730.11" LINK_DATE="10/17/2006 20:33:39" UPTO_LINK_DATE="10/17/2006 20:33:39" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="iexplore.exe" SIZE="622080" CHECKSUM="0x5AA1F7E4" BIN_FILE_VERSION="7.0.5730.11" BIN_PRODUCT_VERSION="7.0.5730.11" PRODUCT_VERSION="7.00.5730.11" FILE_DESCRIPTION="Internet Explorer" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="7.00.5730.11 (winmain(wmbla).061017-1135)" ORIGINAL_FILENAME="IEXPLORE.EXE" INTERNAL_NAME="iexplore" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA2DB1" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="7.0.5730.11" UPTO_BIN_PRODUCT_VERSION="7.0.5730.11" LINK_DATE="10/17/2006 20:04:37" UPTO_LINK_DATE="10/17/2006 20:04:37" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwconn.dll" SIZE="61440" CHECKSUM="0xDD04DAB" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="icwconn.dll" INTERNAL_NAME="icwconn" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x11BD7" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 07:56:14" UPTO_LINK_DATE="08/04/2004 07:56:14" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwconn1.exe" SIZE="214528" CHECKSUM="0xC9B5555" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="icwconn1.exe" INTERNAL_NAME="icwconn1" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x3C746" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 05:59:19" UPTO_LINK_DATE="08/04/2004 05:59:19" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwconn2.exe" SIZE="86016" CHECKSUM="0x7DE2AFFE" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ICWCONN2.EXE" INTERNAL_NAME="ICWCONN2" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1DDE9" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 05:59:22" UPTO_LINK_DATE="08/04/2004 05:59:22" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwdl.dll" SIZE="32768" CHECKSUM="0xF4CC9266" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Service MIME Mutlipart Download" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ICWDL.DLL" INTERNAL_NAME="ICWDL" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x174A9" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 07:56:16" UPTO_LINK_DATE="08/04/2004 07:56:16" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwhelp.dll" SIZE="172032" CHECKSUM="0xCBAB0AC0" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Connection Wizard Helper functions" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="icwhelp.dll" INTERNAL_NAME="icwhelp" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x33E62" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 07:56:17" UPTO_LINK_DATE="08/04/2004 07:56:17" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwres.dll" SIZE="61440" CHECKSUM="0xA488AA92" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="icwres.dll" INTERNAL_NAME="icwres" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1AA60" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/18/2001 05:35:05" UPTO_LINK_DATE="08/18/2001 05:35:05" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwrmind.exe" SIZE="24576" CHECKSUM="0x70643FDC" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Connection Wizard Reminder" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="ICWRMIND.EXE" INTERNAL_NAME="ICWRMIND" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x13447" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 05:59:09" UPTO_LINK_DATE="08/04/2004 05:59:09" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwtutor.exe" SIZE="73728" CHECKSUM="0xF945F7EB" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="icwtutor.exe" INTERNAL_NAME="icwtutor" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x16B27" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:49:08" UPTO_LINK_DATE="08/17/2001 20:49:08" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\icwutil.dll" SIZE="49152" CHECKSUM="0xB9156DF5" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="icwutil.dll" INTERNAL_NAME="icwutil" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF816" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 07:56:19" UPTO_LINK_DATE="08/04/2004 07:56:19" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\inetwiz.exe" SIZE="20480" CHECKSUM="0x3D8A325B" BIN_FILE_VERSION="6.0.2900.2180" BIN_PRODUCT_VERSION="6.0.2900.2180" PRODUCT_VERSION="6.00.2900.2180" FILE_DESCRIPTION="Internet Connection Wizard" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)" ORIGINAL_FILENAME="INETWIZ.EXE" INTERNAL_NAME="INETWIZ" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xE297" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.2180" UPTO_BIN_PRODUCT_VERSION="6.0.2900.2180" LINK_DATE="08/04/2004 05:59:25" UPTO_LINK_DATE="08/04/2004 05:59:25" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\isignup.exe" SIZE="16384" CHECKSUM="0xF8AB8D6E" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Signup" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="ISIGNUP.EXE" INTERNAL_NAME="ISIGNUP" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x443C" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/17/2001 20:48:46" UPTO_LINK_DATE="08/17/2001 20:48:46" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Connection Wizard\trialoc.dll" SIZE="40960" CHECKSUM="0x68F70073" BIN_FILE_VERSION="6.0.2600.0" BIN_PRODUCT_VERSION="6.0.2600.0" PRODUCT_VERSION="6.00.2600.0000" FILE_DESCRIPTION="Internet Connection Wizard Trial Reminder Helper" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2600.0000 (xpclient.010817-1148)" ORIGINAL_FILENAME="trialoc.dll" INTERNAL_NAME="trialoc" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x198FE" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2600.0" UPTO_BIN_PRODUCT_VERSION="6.0.2600.0" LINK_DATE="08/18/2001 05:36:03" UPTO_LINK_DATE="08/18/2001 05:36:03" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="MUI\0409\mscorier.dll" SIZE="150016" CHECKSUM="0x474583EB" BIN_FILE_VERSION="2.0.50727.42" BIN_PRODUCT_VERSION="2.0.50727.42" PRODUCT_VERSION="2.0.50727.42" FILE_DESCRIPTION="Microsoft .NET Runtime IE resources" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® .NET Framework" FILE_VERSION="2.0.50727.42 (RTM.050727-4200)" ORIGINAL_FILENAME="mscorier.dll" INTERNAL_NAME="mscorier.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x29FD4" LINKER_VERSION="0x80000" UPTO_BIN_FILE_VERSION="2.0.50727.42" UPTO_BIN_PRODUCT_VERSION="2.0.50727.42" LINK_DATE="09/23/2005 07:14:22" UPTO_LINK_DATE="09/23/2005 07:14:22" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npmod32.dll" SIZE="225280" CHECKSUM="0xB6467720" BIN_FILE_VERSION="4.10.1.9" BIN_PRODUCT_VERSION="4.10.1.9" PRODUCT_VERSION="1.91.05" FILE_DESCRIPTION="Module Plugin Library v1.91.05" COMPANY_NAME="Olivier Lapicque" PRODUCT_NAME="MOD Plugin" FILE_VERSION="1.91.05" ORIGINAL_FILENAME="npmod32.dll" INTERNAL_NAME="ModPlugin" LEGAL_COPYRIGHT="Copyright © 1996-2000 Olivier Lapicque" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x1004B" UPTO_BIN_FILE_VERSION="4.10.1.9" UPTO_BIN_PRODUCT_VERSION="4.10.1.9" LINK_DATE="04/16/2000 18:53:43" UPTO_LINK_DATE="04/16/2000 18:53:43" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\nppdf32.dll" SIZE="77824" CHECKSUM="0x21D29EF2" BIN_FILE_VERSION="7.0.5.172" BIN_PRODUCT_VERSION="7.0.5.172" PRODUCT_VERSION="7.0.5.2005092300" FILE_DESCRIPTION="Adobe Acrobat Plug-In Version 7.00 for Netscape" COMPANY_NAME="Adobe Systems Inc." PRODUCT_NAME="Adobe Acrobat" FILE_VERSION="7.0.5.2005092300" ORIGINAL_FILENAME="NPPDF32.DLL" LEGAL_COPYRIGHT="Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1D654" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.5.172" UPTO_BIN_PRODUCT_VERSION="7.0.5.172" LINK_DATE="09/24/2005 04:44:16" UPTO_LINK_DATE="09/24/2005 04:44:16" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin.dll" SIZE="126976" CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.3.25" BIN_PRODUCT_VERSION="7.0.3.25" PRODUCT_VERSION="QuickTime 7.0.3" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 7.0.3" FILE_VERSION="7.0.3" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.3.25" UPTO_BIN_PRODUCT_VERSION="7.0.3.25" LINK_DATE="10/12/2005 02:47:44" UPTO_LINK_DATE="10/12/2005 02:47:44" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin2.dll" SIZE="126976" CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.3.25" BIN_PRODUCT_VERSION="7.0.3.25" PRODUCT_VERSION="QuickTime 7.0.3" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 7.0.3" FILE_VERSION="7.0.3" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.3.25" UPTO_BIN_PRODUCT_VERSION="7.0.3.25" LINK_DATE="10/12/2005 02:47:44" UPTO_LINK_DATE="10/12/2005 02:47:44" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin3.dll" SIZE="126976" CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.3.25" BIN_PRODUCT_VERSION="7.0.3.25" PRODUCT_VERSION="QuickTime 7.0.3" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 7.0.3" FILE_VERSION="7.0.3" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.3.25" UPTO_BIN_PRODUCT_VERSION="7.0.3.25" LINK_DATE="10/12/2005 02:47:44" UPTO_LINK_DATE="10/12/2005 02:47:44" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin4.dll" SIZE="126976" CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.3.25" BIN_PRODUCT_VERSION="7.0.3.25" PRODUCT_VERSION="QuickTime 7.0.3" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 7.0.3" FILE_VERSION="7.0.3" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.3.25" UPTO_BIN_PRODUCT_VERSION="7.0.3.25" LINK_DATE="10/12/2005 02:47:44" UPTO_LINK_DATE="10/12/2005 02:47:44" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin5.dll" SIZE="126976" CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.3.25" BIN_PRODUCT_VERSION="7.0.3.25" PRODUCT_VERSION="QuickTime 7.0.3" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 7.0.3" FILE_VERSION="7.0.3" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.3.25" UPTO_BIN_PRODUCT_VERSION="7.0.3.25" LINK_DATE="10/12/2005 02:47:44" UPTO_LINK_DATE="10/12/2005 02:47:44" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin6.dll" SIZE="126976" CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.3.25" BIN_PRODUCT_VERSION="7.0.3.25" PRODUCT_VERSION="QuickTime 7.0.3" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 7.0.3" FILE_VERSION="7.0.3" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.3.25" UPTO_BIN_PRODUCT_VERSION="7.0.3.25" LINK_DATE="10/12/2005 02:47:44" UPTO_LINK_DATE="10/12/2005 02:47:44" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PLUGINS\npqtplugin7.dll" SIZE="126976" CHECKSUM="0x8EC0D182" BIN_FILE_VERSION="7.0.3.25" BIN_PRODUCT_VERSION="7.0.3.25" PRODUCT_VERSION="QuickTime 7.0.3" FILE_DESCRIPTION="The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the <A HREF=http://www.apple.com/quicktime/>QuickTime</A> Web site." COMPANY_NAME="Apple Computer, Inc." PRODUCT_NAME="QuickTime Plug-in 7.0.3" FILE_VERSION="7.0.3" ORIGINAL_FILENAME="npqtplugin.dll" INTERNAL_NAME="QuickTime Plug-In" LEGAL_COPYRIGHT="Copyright Apple Computer, Inc. 1989-2005" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="7.0.3.25" UPTO_BIN_PRODUCT_VERSION="7.0.3.25" LINK_DATE="10/12/2005 02:47:44" UPTO_LINK_DATE="10/12/2005 02:47:44" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="WININET.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="wininet.dll" SIZE="818688" CHECKSUM="0x662C6475" BIN_FILE_VERSION="7.0.5730.11" BIN_PRODUCT_VERSION="7.0.5730.11" PRODUCT_VERSION="7.00.5730.11" FILE_DESCRIPTION="Internet Extensions for Win32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="7.00.5730.11 (winmain(wmbla).061017-1135)" ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xD6D84" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="7.0.5730.11" UPTO_BIN_PRODUCT_VERSION="7.0.5730.11" LINK_DATE="10/17/2006 20:33:39" UPTO_LINK_DATE="10/17/2006 20:33:39" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="984064" CHECKSUM="0xF12E1D4A" BIN_FILE_VERSION="5.1.2600.2945" BIN_PRODUCT_VERSION="5.1.2600.2945" PRODUCT_VERSION="5.1.2600.2945" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF724D" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.2945" UPTO_BIN_PRODUCT_VERSION="5.1.2600.2945" LINK_DATE="07/05/2006 10:55:00" UPTO_LINK_DATE="07/05/2006 10:55:00" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>
  • 0

#7
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Are you familiar with these files that F-Secure is flagging as infected?

Bofra.E@mm (virus)
C:\PROGRAM FILES\PTGUI\PATCH.EXE (Submitted)

W32/Botol.O (virus)
I:\SPYWARE PROGS\KEYGEN.EXE (Submitted)

W32/Horst.gen (virus)
C:\D\G\M\1\MATROX.POWERDESK.EXE (Submitted)

Zlob.KIA (virus)
G:\REALANIME5\FFDSHOW\UNINSTALL.EXE (Submitted)




See if you can locate the 2 files below and have them scanned Here

C:\WINDOWS\system32\pxwma.dll

C:\WINDOWS\system32\msnsc.exe

Copy any results to Notepad and Post them in the next reply.



Download GMER from Here

Right Click the Zip and Select "Extract All"

Double Click gmer.exe to launch the program.

Click on the Rootkit Tab and then click Scan.

It takes a while to run,once complete,copy the results to notepad and save them somewhere safe.

Post those results in the next reply.
  • 0

#8
Teddybear999

Teddybear999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
The 4 files found by f-secure have been removed, if that's what I should of done. Here are the next 3 logs.

Complete scanning result of "pxwma.dll", received in VirusTotal at 11.02.2006, 21:48:19 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.37 11.02.2006 no virus found
Authentium 4.93.8 11.02.2006 no virus found
Avast 4.7.892.0 11.02.2006 no virus found
AVG 386 11.02.2006 no virus found
BitDefender 7.2 11.02.2006 no virus found
CAT-QuickHeal 8.00 11.02.2006 no virus found
ClamAV devel-20060426 11.02.2006 no virus found
DrWeb 4.33 11.02.2006 no virus found
eTrust-InoculateIT 23.73.43 11.02.2006 no virus found
eTrust-Vet 30.3.3174 11.02.2006 no virus found
Ewido 4.0 11.02.2006 no virus found
Fortinet 2.82.0.0 11.02.2006 no virus found
F-Prot 3.16f 11.01.2006 no virus found
F-Prot4 4.2.1.29 11.02.2006 no virus found
Ikarus 0.2.65.0 11.02.2006 no virus found
Kaspersky 4.0.2.24 11.02.2006 no virus found
McAfee 4887 11.02.2006 no virus found
Microsoft 1.1609 11.02.2006 no virus found
NOD32v2 1.1850 11.02.2006 no virus found
Norman 5.80.02 11.02.2006 no virus found
Panda 9.0.0.4 11.02.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.111 11.02.2006 no virus found
UNA 1.83 11.02.2006 no virus found
VBA32 3.11.1 11.02.2006 no virus found
VirusBuster 4.3.15:9 11.02.2006 no virus found


Aditional Information
File size: 10752 bytes
MD5: fc031ba100feaf71bd3561c52eca51ae
SHA1: 42db13e71f97638e5c5f62bc94a7addf1a3be2fb

*****************************************************************************************
Complete scanning result of "msnsc.exe", received in VirusTotal at 11.02.2006, 21:51:50 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.37 11.02.2006 no virus found
Authentium 4.93.8 11.02.2006 no virus found
Avast 4.7.892.0 11.02.2006 no virus found
AVG 386 11.02.2006 no virus found
BitDefender 7.2 11.02.2006 no virus found
CAT-QuickHeal 8.00 11.02.2006 no virus found
ClamAV devel-20060426 11.02.2006 no virus found
DrWeb 4.33 11.02.2006 no virus found
eTrust-InoculateIT 23.73.43 11.02.2006 no virus found
eTrust-Vet 30.3.3174 11.02.2006 no virus found
Ewido 4.0 11.02.2006 no virus found
Fortinet 2.82.0.0 11.02.2006 no virus found
F-Prot 3.16f 11.01.2006 no virus found
F-Prot4 4.2.1.29 11.02.2006 no virus found
Ikarus 0.2.65.0 11.02.2006 no virus found
Kaspersky 4.0.2.24 11.02.2006 no virus found
McAfee 4887 11.02.2006 no virus found
Microsoft 1.1609 11.02.2006 no virus found
NOD32v2 1.1850 11.02.2006 no virus found
Norman 5.80.02 11.02.2006 no virus found
Panda 9.0.0.4 11.02.2006 Suspicious file
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.111 11.02.2006 no virus found
UNA 1.83 11.02.2006 Trojan.Win32.Agent.7CDE
VBA32 3.11.1 11.02.2006 no virus found
VirusBuster 4.3.15:9 11.02.2006 no virus found


Aditional Information
File size: 62054 bytes
MD5: 18002e6a898b85035872cc7beea63f62
SHA1: 08956d60c302ec8317671c1cd222fb4b430c38d2
packers: UPX
packers: UPX
packers: UPX

*****************************************************************************************

GMER 1.0.12.11867 - http://www.gmer.net
Rootkit scan 2006-11-02 21:14:05
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.12 ----

.text amon.sys B6A8A4F8 1 Byte

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxParamW 77D5737A 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxIndirectParamW 77D6204B 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxIndirectA 77D6A062 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxParamA 77D6B124 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxExW 77D80540 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxExA 77D80564 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!DialogBoxIndirectParamA 77D86CB5 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4036] USER32.dll!MessageBoxIndirectW 77D9609B 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 608FB73AB9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B98089DB7CE019D40AA5CA9C6AECB7A5D140739D87CF362EC94AB5219CE1E7CD68D7F7DF52B953B4C486639D2BCE5DA641FFD1BA6F9FD0AAD10537A70630C41A9D20C732CFD74EE4F4AA139EAAFCF69243CACB16A5E03BB6467BCEAC668DC3D345244D83867CCFB6C831767E24220EF6B77EB57B316DA0AFDEF8074CDE81487570F3D920D2D6C9D1645F2DC0F178FEFD98C2479D8C1C45A6BF4DFF97C2018097281AE17E0CA03E0BD5507470806343A142F5D1C7234E462A3B53DF18D02B57EEE96F2F32FEC252B5B6C47E8A81B0E77C30645D35EF740329EE59EE9FD329BFAB5AC0C4AB779CAB0EBB7CC959015FC2595A8AF4CBC48BFA9DB2CAF7E108A5D64B5189C4CFD83D0FD6ED755B62667C790B82711C27397B4FBDBA340644A197274E1A16DC2C7D7F7F0E561C0CA90BA9660E303040A2C88CFB3A4DAC062F61F37B8B185690CA1F3E33C59DD14623B68770ACDB24508D2F3A72D3F54C9D3A412E8121E722195590A9EE7D7CAF822D603DAD9349E38B618E73619BA089529249BABB8268E48650302124D6C19BCC4D74B97EE57A761A5F3A2DA7C286184E30C9909B34E70B6937675111CAEAC4E16F5BAE63F7D1DEBF51C1AD72F1CBE171CB61

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Teddybear\Desktop\Net Utilities\Demonoid.com - Torrent list.url:favicon
ADS C:\Documents and Settings\Teddybear\Favorites\Cats\Norwegian Forest Cats at Landsker UK - All about us.url:favicon
ADS C:\Documents and Settings\Teddybear\Favorites\cd covers search engine megasearch (psx audio pc vcd psx2 dvd dreamcast).url:favicon
ADS C:\Documents and Settings\Teddybear\Favorites\Cdcovers.cc - World's Largest Cover Archive.url:favicon
ADS C:\Documents and Settings\Teddybear\Favorites\comedy\Addicting Games Classic - Free Flash and Java Games.url:favicon
ADS C:\Documents and Settings\Teddybear\Favorites\comedy\Darwin Awards- Darwin Awards.url:favicon
ADS C:\Documents and Settings\Teddybear\Favorites\comedy\Eric Idle News.url:favicon
ADS C:\Documents and Settings\Teddybear\Favorites\comedy\Funny jokes - funniest joke of the day site..url:favicon
ADS C:\Documents and Settings\Teddybear\Favorites\comedy\Jokes, Photos, Funny Stories and Office Humour - White House Easter event.url:favicon
ADS C:\Documents and Settings\Teddybear\Favorites\comedy\Les Cleveland.url:favicon
ADS C:\Documents and Settings\Teddybear\Favorites\comedy\Monty Python The Fellowship of the Ring - introduction.url:favicon
ADS ...
ADS F:\VirtualDJ\Skins\SKIN_VDJ_X1.exe:SummaryInformation
ADS F:\VirtualDJ\Skins\SKIN_VDJ_X1.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS F:\VirtualDJ\VirtualDJ\Skins\SKIN_VDJ_X1.exe:SummaryInformation
ADS F:\VirtualDJ\VirtualDJ\Skins\SKIN_VDJ_X1.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS I:\Pinball\PINBALL.EXE:SummaryInformation
ADS I:\Pinball\PINBALL.EXE:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS K:\clips\anwaehlen.mov:SummaryInformation
ADS K:\clips\anwaehlen.mov:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS K:\clips\dolbycanyon.mpv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS K:\clips\thxliquidmetal\dolbyaurora.mpv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS K:\clips\thxliquidmetal\dolbycanyon.mpv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS K:\clips\thxliquidmetal\dolbycity.mpv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS K:\clips\thxliquidmetal\dolbyegypt.mpv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS K:\clips\thxliquidmetal\dolbyrain.mpv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS K:\clips\thxliquidmetal\dolbytrain.mpv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS K:\clips\thxliquidmetal\dts_digitalexperience.mpv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS K:\clips\thxliquidmetal\thxcimmarron.mpv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS ...
ADS N:\Albums\Elton John Collection\(Tested) Elton John - Don't Shoot Me I'm Only The Piano Player.mp3:KAVICHS
ADS N:\Albums\Elton John Collection\Elton John - Captain Fantastic & The Brown Dirt Cowboy_ALBW.mp3:KAVICHS
ADS N:\Albums\Elton John Collection\Elton John - Goodbye Yellow Brick Road CD1.mp3:KAVICHS
ADS N:\Albums\Elton John Collection\Elton John - Goodbye Yellow Brick Road CD2.mp3:KAVICHS
ADS N:\Albums\EMERSON LAKE & PALMER (ELP) Collection\AlbumWrap - ELP - AlbumWrap - Emerson_Lake & Palmer (ELP) - Welcome back my friends (Live) CD 1 - Complete album.MP3:KAVICHS
ADS N:\Albums\EMERSON LAKE & PALMER (ELP) Collection\ELP - Greatest Hits.mp3:KAVICHS
ADS N:\Albums\Genesis Collection\AlbumWrap - Genesis - Selling England by the Pound.MP3:KAVICHS
ADS N:\Albums\Genesis Collection\Genesis - A Trick of the Tail.mp3:KAVICHS
ADS N:\Albums\Genesis Collection\Genesis - And then there were three.mp3:KAVICHS
ADS N:\Albums\Genesis Collection\Genesis - Foxtrot - Track 1 - Watcher of the Skys.MP3:KAVICHS
ADS N:\Albums\Genesis Collection\Genesis - Foxtrot - Track 2 - Time Table.MP3:KAVICHS
ADS ...
ADS O:\A-Z Mods\1_9\2badshep.mod:SummaryInformation
ADS O:\A-Z Mods\1_9\2badshep.mod:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS O:\A-Z Mods\2ND_PM.S3M:SummaryInformation
ADS O:\A-Z Mods\2ND_PM.S3M:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS O:\A-Z Mods\a_espoir.xm:SummaryInformation
ADS O:\A-Z Mods\a_espoir.xm:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS P:\Compilations\Original Sound Track\OST - Graave Digger - Excalibur (Album complete).mp3:KAVICHS
ADS P:\Compilations\OST\01 Interlude Cue Music.m4a:SummaryInformation
ADS P:\Compilations\OST\01 Interlude Cue Music.m4a:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS Q:\my movies\Classic TV\Space 1999 - Destination Moonbase Alpha (part 2 of 2).mpg:SummaryInformation
ADS Q:\my movies\Classic TV\Space 1999 - Destination Moonbase Alpha (part 2 of 2).mpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS Q:\my movies\Monsters Inc - Outtakes.mpg:SummaryInformation
ADS Q:\my movies\Monsters Inc - Outtakes.mpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS Q:\new\09 Stargate [CD Bonus Track]-New-New.ac3:SummaryInformation
ADS Q:\new\09 Stargate [CD Bonus Track]-New-New.ac3:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS Q:\new\sg-1_intro2.mpv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS Q:\new\sg-1_intro21.mpv:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS R:\Favorites\Cats\Norwegian Forest Cats at Landsker UK - All about us.url:favicon
ADS R:\Favorites\comedy\Addicting Games Classic - Free Flash and Java Games.url:favicon
ADS R:\Favorites\comedy\Jokes, Photos, Funny Stories and Office Humour - White House Easter event.url:favicon
ADS R:\Favorites\comedy\Les Cleveland.url:favicon
ADS R:\Favorites\comedy\Oz Jokes True Stories - Frivolous Lawsuits.url:favicon
ADS R:\Favorites\comedy\The World of Stanley Unwin.url:favicon
ADS R:\Favorites\diets\http--www.edietsuk.co.uk-dietprofile2-home.cfmcode=24008&action=1&cdaction=1§ion=1&bypass=0&Metric=no&wt_st=20&wt_lb=0&htft=6&htin=0&gender=M&submit.x=51&submit.y=8&ver=27.url:favicon
ADS R:\Favorites\diets\The Glycemic Index Listing - GI Database.url:favicon
ADS R:\Favorites\dreams\Dream Analysis and Interpretation - Understanding Dreams.url:favicon

ADS ...

---- EOF - GMER 1.0.12 ----


Teddy
  • 0

#9
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
If you will,go to this Upload Site and upload the 2 files listed below.

C:\WINDOWS\system32\pxwma.dll

C:\WINDOWS\system32\msnsc.exe

If you can find these 2 files,I want you to try and temporarily disable them by renaming.

Locate and right click each file.

Select rename and rename the files to:

msnsc.old

pxwma.old



Run Gmer again,this time click the >>> tab to expand the menu.

Click the Autostart tab and then place a check in the box for "Show All"

Click Scan and once it completes,save the results to notepad and post them back here.
  • 0

#10
Teddybear999

Teddybear999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
The 2 files requested (PXWMA.dll + msnsc.exe) have been uploaded. Here is the results of the gmer re-run.
I have had to attach it as a text file coz it's to big to post.

Teddy

Attached Files


Edited by Teddybear999, 02 November 2006 - 11:22 PM.

  • 0

Advertisements


#11
Teddybear999

Teddybear999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Many many appologies I clicked the wrong tab. This is the autostsrt results.


Teddy


GMER 1.0.12.11867 - http://www.gmer.net
Autostart scan 2006-11-03 05:26:37
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = PDBoot.exe OODBS

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostC:\WINDOWS\system32\logonuiX.exe = C:\WINDOWS\system32\logonuiX.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
MCPClient@DLLName = C:\Program Files\Common Files\Stardock\mcpstub.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
WBSrv@DLLName = C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
WgaLogon@DLLName = WgaLogon.dll
wlballoon@DLLName = wlnotify.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = wbsys.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AudioSrv /*Windows Audio*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ClipSrv /*ClipBook*/@ = %SystemRoot%\system32\clipsrv.exe
CryptSvc /*Cryptographic Services*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
DcomLaunch /*DCOM Server Process Launcher*/@ = %SystemRoot%\system32\svchost -k DcomLaunch
Dhcp /*DHCP Client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Diskeeper /*Diskeeper*/@ = "C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"
dmserver /*Logical Disk Manager*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*DNS Client*/@ = %SystemRoot%\system32\svchost.exe -k NetworkService
ERSvc /*Error Reporting Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Event Log*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Help and Support*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
InCDsrv /*InCD Helper*/@ = F:\Nero 7\InCD\InCDsrv.exe
lanmanserver /*Server*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
LmHosts /*TCP/IP NetBIOS Helper*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
MDM /*Machine Debug Manager*/@ = "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
NOD32krn /*NOD32 Kernel Service*/@ = "F:\Nod32\nod32krn.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
O&O Defrag /*O&O Defrag*/@ = C:\WINDOWS\system32\oodag.exe
PDSched /*PDScheduler*/@ = "C:\Program Files\Raxco\PerfectDisk\PDSched.exe"
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*IPSEC Services*/@ = %SystemRoot%\system32\lsass.exe
ProtectedStorage /*Protected Storage*/@ = %SystemRoot%\system32\lsass.exe
RpcSs /*Remote Procedure Call (RPC)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Security Accounts Manager*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Task Scheduler*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
seclogon /*Secondary Logon*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*System Event Notification*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SharedAccess /*Windows Firewall/Internet Connection Sharing (ICS)*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Shell Hardware Detection*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*System Restore Service*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
StyleXPService /*StyleXPService*/@ = "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"
TBFTPSyncService /*TurboFTP Sync Service*/@ = F:\TurboFTP\tftpsvc.exe
Themes /*Themes*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Distributed Link Tracking Client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
W32Time /*Windows Time*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
winmgmt /*Windows Management Instrumentation*/@ = %systemroot%\system32\svchost.exe -k netsvcs
wscsvc /*Security Center*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Automatic Updates*/@ = %systemroot%\system32\svchost.exe -k netsvcs

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@nod32kui"F:\Nod32\nod32kui.exe" /WAITSERVICE = "F:\Nod32\nod32kui.exe" /WAITSERVICE
@SunJavaUpdateSchedC:\Program Files\Java\jre1.5.0_07\bin\jusched.exe = C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
@NeroFilterCheckC:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
@InCDF:\Nero 7\InCD\InCD.exe = F:\Nero 7\InCD\InCD.exe
@DiskeeperSystray"C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" = "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@BootSkin Startup Jobs"G:\Stardock\BootSkin\BootSkin.exe" /StartupJobs = "G:\Stardock\BootSkin\BootSkin.exe" /StartupJobs
@Pie Auto Updater"F:\PieAutoUpdater\PieAutoUpdater.exe" = "F:\PieAutoUpdater\PieAutoUpdater.exe"
@SSC Service UtilityC:\Program Files\SSC Service Utility\ssc_serv.exe /s /*file not found*/ = C:\Program Files\SSC Service Utility\ssc_serv.exe /s /*file not found*/
@WinampAgentF:\Winamp\winampa.exe = F:\Winamp\winampa.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SpybotSD TeaTimerF:\Spybot - Search & Destroy\TeaTimer.exe = F:\Spybot - Search & Destroy\TeaTimer.exe
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@0aMCPClientC:\Program Files\Common Files\Stardock\MCPCore.dll = C:\Program Files\Common Files\Stardock\MCPCore.dll
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheckC:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@SysTrayC:\WINDOWS\system32\stobject.dll = C:\WINDOWS\system32\stobject.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{553858A7-4922-4e7e-B1C1-97140C1C16EF}C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll

HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L

HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L

HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = F:\Computer Security Tool\CST.exe /ExtensionBlock "%1"
.scr@ = F:\Computer Security Tool\CST.exe /ExtensionBlock "%1"
.hta@ = C:\WINDOWS\system32\mshta.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{AEB6717E-7E19-11d0-97EE-00C04FD91972}shell32.dll = shell32.dll
@{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}G:\Qualcomm\Eudora\EuShlExt.dll = G:\Qualcomm\Eudora\EuShlExt.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Multimedia File Property Sheet*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*NTFS Security Page*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*OLE Docfile Property Page*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\system32\themeui.dll = %SystemRoot%\system32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Display Adapter CPL Extension*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Display Monitor CPL Extension*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/(null) =
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*DS Security Page*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Page*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Shell Scrap DataHandler*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Disk Copy Extension*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Shell extensions for Microsoft Windows Network objects*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Shell extensions for file compression*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Web Printer Shell Extension*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Encryption Context Menu*/(null) =
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*HyperTerminal Icon Ext*/C:\WINDOWS\system32\hticons.dll = C:\WINDOWS\system32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Printers Security Page*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Crypto PKO Extension*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Crypto Sign Extension*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\system32\remotepg.dll = C:\WINDOWS\system32\remotepg.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{afc638f0-e8a4-11ce-9ade-00aa00a42d2e} /*MST TrueType File Properties*/C:\WINDOWS\system32\ShellExt\TTFExtNT.dll = C:\WINDOWS\system32\ShellExt\TTFExtNT.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/C:\Program Files\Unlocker\UnlockerCOM.dll = C:\Program Files\Unlocker\UnlockerCOM.dll
@{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} /*ContextMenuExt Extension*/C:\WINDOWS\system32\CopyToSendTo.dll = C:\WINDOWS\system32\CopyToSendTo.dll
@{640167b4-59b0-47a6-b335-a6b3c0695aea} /*Portable Media Devices*/%SystemRoot%\system32\audiodev.dll = %SystemRoot%\system32\audiodev.dll
@{cc86590a-b60a-48e6-996b-41d25ed39a1e} /*Portable Media Devices Menu*/%SystemRoot%\system32\audiodev.dll = %SystemRoot%\system32\audiodev.dll
@{21569614-B795-46b1-85F4-E737A8DC09AD} /*Shell Search Band*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Shell extensions for Windows Script Host*/C:\WINDOWS\system32\wshext.dll = C:\WINDOWS\system32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Program Files\Common Files\System\Ole DB\oledb32.dll = C:\Program Files\Common Files\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Scheduled Tasks*/C:\WINDOWS\system32\mstask.dll = C:\WINDOWS\system32\mstask.dll
@{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} /*Set Program Access and Defaults*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\system32\wuaucpl.cpl = C:\WINDOWS\system32\wuaucpl.cpl
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Taskbar and Start Menu*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Search*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Run...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*E-mail*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Fonts*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Administrative Tools*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\system32\shmedia.dll = %SystemRoot%\system32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Microsoft Internet Toolbar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Download Status*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Augmented Shell Folder*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Augmented Shell Folder 2*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*In-pane search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Registry Tree Options Utility*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Address*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Shell Microsoft AutoComplete*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*MRU AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Custom MRU AutoCompleted List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessible*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Track Popup Bar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Microsoft History AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Microsoft Shell Folder AutoComplete List*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Microsoft Multiple AutoComplete List Container*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*User Assist*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Global Folder Settings*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Web Search*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\system32\browseui.dll = %SystemRoot%\system32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{EFA24E62-B078-11d0-89E4-00C04FC9E26E} /*History Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*IE4 Suite Splash Screen*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\system32\sendmail.dll = C:\WINDOWS\system32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/C:\WINDOWS\system32\occache.dll = C:\WINDOWS\system32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\system32\webcheck.dll = %SystemRoot%\system32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\WINDOWS\system32\webcheck.dll = C:\WINDOWS\system32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Shell Application Manager*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Installed Apps Enumerator*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\system32\appwiz.cpl = %SystemRoot%\system32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI+ file thumbnail extractor*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*HTML Thumbnail Extractor*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Get a Passport Wizard*/%SystemRoot%\system32\netplwiz.dll = %SystemRoot%\system32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*User Accounts*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Compressed (zipped) Folder*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\system32\zipfldr.dll = %SystemRoot%\system32\zipfldr.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\system32\msieftp.dll = C:\WINDOWS\system32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\system32\docprop2.dll = C:\WINDOWS\system32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\system32\dsquery.dll = %SystemRoot%\system32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\system32\dsuiext.dll = %SystemRoot%\system32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\system32\mydocs.dll = %SystemRoot%\system32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Offline Files Folder*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\system32\dfsshlex.dll = C:\WINDOWS\system32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\system32\photowiz.dll = %SystemRoot%\system32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\system32\wmpshell.dll = C:\WINDOWS\system32\wmpshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Program Files\Common Files\Microsoft Shared\Web Folders\msonsext.dll = C:\Program Files\Common Files\Microsoft Shared\Web Folders\msonsext.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} /*jetAudio*/H:\Jet Audio\JetFlExt.dll = H:\Jet Audio\JetFlExt.dll
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/F:\Nod32\nodshex.dll = F:\Nod32\nodshex.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/F:\Office Pro\Office10\OLKFSTUB.DLL = F:\Office Pro\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/F:\Office Pro\Office10\msohev.dll = F:\Office Pro\Office10\msohev.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/G:\real player\rpshell.dll = G:\real player\rpshell.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
@InCDShellExt extension /*{CAE3251E-9B15-4810-B268-852AD9792A59}*/(null) =
@{1D2680C9-0E2A-469d-B787-065558BC7D43} /*Fusion Cache*/C:\WINDOWS\system32\mscoree.dll = C:\WINDOWS\system32\mscoree.dll
@{0D6D4F41-2994-4ba0-8FEF-620E43CD2812} /*IE Microsoft Internet Toolbar*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{C4EC38BD-4E9E-4b5e-935A-D1BFF237D980} /*Explorer Travel Band*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{6D8BB3D3-9D87-4a91-AB56-4F30CFFEFE9F} /*Explorer Search Band*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{DE011590-0531-4804-9C9C-3FEDC7E6E5C8} /*IE &Address*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{7E48925F-FF5C-47fa-A99A-F5912A10623B} /*IE Address EditBox*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7EDC7DE1-DD42-457a-8B36-B422F8E94E14} /*IE Shell DeskBar*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F0353E1D-FEEC-474e-A984-1E5C6865E380} /*IE Global Folder Settings*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{DBC04CF4-BE36-4f53-9C48-2D3625CA7694} /*IE Thumbnail Image*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{482A7CB3-2EDF-4595-A315-A5244F1E96E6} /*IE Search Control*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{0B1818A2-EA07-4a55-AF57-1F410EBD21D3} /*Favorites Band*/%SystemRoot%\system32\ieframe.dll = %SystemRoot%\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/G:\itunes\iTunesMiniPlayer.dll = G:\itunes\iTunesMiniPlayer.dll
@{48EAD1E1-ECF2-4a85-AA09-1C44FBEED451} /*OODefrag*/(null) =
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\Program Files\Yahoo!\Common\ymmapi.dll = C:\Program Files\Yahoo!\Common\ymmapi.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{0561EC90-CE54-4f0c-9C55-E226110A740C} /*Haali Column Provider*/C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll = C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
@{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} /*Haali Matroska Thumbnail Exctractor*/(null) =
@{AFEC8518-7AB9-47D0-B012-B7477881E94B} /*TurboFTP Shell Extensions*/F:\TurboFTP\tbshex.dll = F:\TurboFTP\tbshex.dll
@{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} /*Eudora's Shell Extension*/G:\Qualcomm\Eudora\EuShlExt.dll = G:\Qualcomm\Eudora\EuShlExt.dll
@{E739A86B-8BEC-4261-B6CF-5DC6ED3E5F79} /*Context Menu Shell Extension*/(null) =
@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} /*PowerISO*/F:\PowerISO\PWRISOSH.DLL = F:\PowerISO\PWRISOSH.DLL
@{C78B6131-F3EA-11D2-94A1-00E0292A01E3} /*Shell Extension for Servant Salamander 2.5*/(null) =
@{2F5AC606-70CF-461C-BFE1-734234536262} /*WindowBlinds CPL Extension*/C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll = C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
CopyMoveTo@{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\CopyToSendTo.dll
ID3manShlExt@{F25B1AAC-E469-4701-9EA7-BD66EE7A31FB} = f:\id3man\ID3manExt.dll
IMMenuShellExt@{F8984111-38B6-11D5-8725-0050DA2761C4} = F:\INCRED~1\bin\ImShExt.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = F:\Nod32\nodshex.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = F:\PowerISO\PWRISOSH.DLL
TurboFTP@{AFEC8518-7AB9-47D0-B012-B7477881E94B} = F:\TurboFTP\tbshex.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
UTEMenu@{1CAA0E93-2376-43B5-B795-1AA831864E59} = F:\Ultra Tag Editor\TagEditorMenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
XPTools@{23F2DE6C-2C3F-4F95-B16A-56714C6FAAF4} = C:\WINDOWS\system32\context.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{5467A092-1D00-4D9F-AE74-E40AEC8251E6}F:\MgE4Windows\MgWE_SF.DLL = F:\MgE4Windows\MgWE_SF.DLL
@{6E3B432D-ED54-4846-9DC5-C7AA53C5CA15}F:\MgE4Windows\MgWE_RF.DLL = F:\MgE4Windows\MgWE_RF.DLL
@{70D1ABA1-9778-401F-BB99-C5D3C72854D0}H:\DeliPlayer2\deliext.dll = H:\DeliPlayer2\deliext.dll
@{A14C13CD-482F-47D8-8463-3609FE6929D0}F:\MgE4Windows\MgWE_PF.DLL = F:\MgE4Windows\MgWE_PF.DLL
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}F:\Nero 7\Nero BackItUp\NBShell.dll = F:\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
CopyMoveTo@{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\CopyToSendTo.dll
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
jetAudio@{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} = H:\Jet Audio\JetFlExt.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = F:\PowerISO\PWRISOSH.DLL
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
TurboFTP@{AFEC8518-7AB9-47D0-B012-B7477881E94B} = F:\TurboFTP\tbshex.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
UTEMenu@{1CAA0E93-2376-43B5-B795-1AA831864E59} = F:\Ultra Tag Editor\TagEditorMenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{70D1ABA1-9778-401F-BB99-C5D3C72854D0} = H:\DeliPlayer2\deliext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
CopyMoveTo@{51131DA7-1D24-40e5-AE07-5E3750F5DE3C} = C:\WINDOWS\system32\CopyToSendTo.dll
ID3manShlExt@{F25B1AAC-E469-4701-9EA7-BD66EE7A31FB} = f:\id3man\ID3manExt.dll
jetAudio@{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} = H:\Jet Audio\JetFlExt.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = F:\Nod32\nodshex.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = F:\PowerISO\PWRISOSH.DLL
TurboFTP@{AFEC8518-7AB9-47D0-B012-B7477881E94B} = F:\TurboFTP\tbshex.dll
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll
UTEMenu@{1CAA0E93-2376-43B5-B795-1AA831864E59} = F:\Ultra Tag Editor\TagEditorMenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
XPTools@{23F2DE6C-2C3F-4F95-B16A-56714C6FAAF4} = C:\WINDOWS\system32\context.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers >>>
@{5467A092-1D00-4D9F-AE74-E40AEC8251E6}F:\MgE4Windows\MgWE_SF.DLL = F:\MgE4Windows\MgWE_SF.DLL
@{6E3B432D-ED54-4846-9DC5-C7AA53C5CA15}F:\MgE4Windows\MgWE_RF.DLL = F:\MgE4Windows\MgWE_RF.DLL
@{A14C13CD-482F-47D8-8463-3609FE6929D0}F:\MgE4Windows\MgWE_PF.DLL = F:\MgE4Windows\MgWE_PF.DLL
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}F:\Nero 7\Nero BackItUp\NBShell.dll = F:\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{089FD14D-132B-48FC-8861-0048AE113215}C:\Program Files\SiteAdvisor\4144\SiteAdv.dll = C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
@{53707962-6F74-2D53-2644-206D7942484F}F:\SPYBOT~1\SDHelper.dll = F:\SPYBOT~1\SDHelper.dll
@UnKnown(null) =
@UnKnown(null) =
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
@UnKnown(null) =

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft....k/?LinkId=69157
@Start Pagehttp://www.microsoft.com = http://www.microsoft.com
@Local PageC:\WINDOWS\System\blank.htm = C:\WINDOWS\System\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.microsoft.com/ = http://www.microsoft.com/
@Local PageC:\WINDOWS\System\blank.htm = C:\WINDOWS\System\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\WINDOWS\system32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
cdo@CLSID = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
javascript@CLSID = C:\WINDOWS\system32\mshtml.dll
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = C:\WINDOWS\system32\mshtml.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
res@CLSID = C:\WINDOWS\system32\mshtml.dll
siteadvisor@CLSID = C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
sysimage@CLSID = C:\WINDOWS\system32\mshtml.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vbscript@CLSID = C:\WINDOWS\system32\mshtml.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{36123697-786D-4840-90DC-8654909819FA} /*Local Area Connection*/ >>>
@IPAddress192.168.1.192 = 192.168.1.192
@NameServer192.168.1.1 = 192.168.1.1
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000004@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000005@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019@PackedCatalogItem = C:\WINDOWS\system32\imon.dll

---- EOF - GMER 1.0.12 ----
  • 0

#12
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Thanks for the uploads,we need to rename one file back to its original name.

C:\WINDOWS\system32\pxwma.dll<--- Belongs to Sonic Solutions

Rename back from pxwma.old to pxwma.dll


C:\WINDOWS\system32\msnsc.exe<-- Has been submitted to several Antivirus companies.

I still believe this is a piece of malware,so Id like you to leave the file renamed and then move it out of the system32 folder.

If nothing else,just make a copy of the file and place it somewhere safe like My Documents and then delete the original file from the System32 folder.


Are you still getting the Explorer.exe errors?


Please run the Bit Defender Online Scan
http://www.bitdefend...m/scan8/ie.html

You must use Internet Explorer for this scanner.

Install the ActiveX and Click on "Click here to Scan"

Allow it to update and Scan the Machine.

It should disinfect or delete whatever it finds that is infected.

Save the report in generates in a text format please and post it back here
  • 0

#13
Teddybear999

Teddybear999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Back at last. So sorry it took so long. 3.75hrs. I delted the required file and copied it to my documents and restored the other one. Since the reboot after running f-secure I have not, touch wood had any explorer.exe problems. I am however suprised at the amount of virus found. I do a regular scan every week. Anyway here is the on-line scan report you requested.

Teddy


BitDefender Online Scanner -Scan ReportBitDefender Online Scanner
Scan report generated at: Fri, Nov 03, 2006 - 13:08:42

Scan path:
A:\;C:\;D:\;E:\;F:\;G:\;H:\;J:\;K:\;L:\;M:\;N:\;O:\;P:\;Q:\;R:\;S:\;

Statistics
Time03:21:41
Files1106855
Folders22331
Boot Sectors15
Archives29332
Packed Files58204

Results
Identified Viruses 8
Infected Files 12
Suspect Files 0
Warnings0
Disinfected0
Deleted Files12

Engines Info
Virus Definitions312219
Engine buildAVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins13
Archive plugins38
Unpack plugins6
E-mail plugins6
System plugins1

Scan Settings
First ActionDisinfect
Second ActionDelete
HeuristicsYes
Enable WarningsYes
Scanned Extensions*;
Exclude Extensions
Scan EmailsYes
Scan ArchivesYes
Scan PackedYes
Scan FilesYes
Scan BootYes

Scanned File Status
C:\WINDOWS\Resources\Themes\Tomb_Movie_HH\RunTomb.exeInfected with:
Trojan.Clicker.Delf.G
C:\WINDOWS\Resources\Themes\Tomb_Movie_HH\RunTomb.exeDisinfection
failed
C:\WINDOWS\Resources\Themes\Tomb_Movie_HH\RunTomb.exeDeleted
M:\new
mods\ace_demo_collection_volume_1\ace-demo-collection-vol1.part01.rar=>SOURCES\VLOAD\VLOAD.EXEInfected
with: VirTools.VLoader.A
M:\new
mods\ace_demo_collection_volume_1\ace-demo-collection-vol1.part01.rar=>SOURCES\VLOAD\VLOAD.EXEDisinfection
failed
M:\new
mods\ace_demo_collection_volume_1\ace-demo-collection-vol1.part01.rar=>SOURCES\VLOAD\VLOAD.EXEDeleted
M:\new
mods\ace_demo_collection_volume_1\ace-demo-collection-vol1.part01.rarUpdate
failed
M:\new
mods\ace_demo_collection_volume_3\cd2\ace-demo-collection-vol3-cd2.part01.rar=>GRAPH\VECTBALL\VECSCRL.ZIP=>MENU8.EXEInfected
with: Major.1644
M:\new
mods\ace_demo_collection_volume_3\cd2\ace-demo-collection-vol3-cd2.part01.rar=>GRAPH\VECTBALL\VECSCRL.ZIP=>MENU8.EXEDisinfection
failed
M:\new
mods\ace_demo_collection_volume_3\cd2\ace-demo-collection-vol3-cd2.part01.rar=>GRAPH\VECTBALL\VECSCRL.ZIP=>MENU8.EXEDeleted
M:\new
mods\ace_demo_collection_volume_3\cd2\ace-demo-collection-vol3-cd2.part01.rar=>GRAPH\VECTBALL\VECSCRL.ZIPUpdated
M:\new
mods\ace_demo_collection_volume_3\cd2\ace-demo-collection-vol3-cd2.part01.rarUpdate
failed
M:\new
mods\ace_demo_collection_volume_4\cd1\ace-demo-collection-vol4-cd1.part01.rar=>DEMOS\HRM_JRKI\JYRKI.EXEInfected
with: PS-MPC.0438.AN.Gen
M:\new
mods\ace_demo_collection_volume_4\cd1\ace-demo-collection-vol4-cd1.part01.rar=>DEMOS\HRM_JRKI\JYRKI.EXEDisinfection
failed
M:\new
mods\ace_demo_collection_volume_4\cd1\ace-demo-collection-vol4-cd1.part01.rar=>DEMOS\HRM_JRKI\JYRKI.EXEDeleted
M:\new
mods\ace_demo_collection_volume_4\cd1\ace-demo-collection-vol4-cd1.part01.rarUpdate
failed
M:\new
mods\ace_demo_collection_volume_4\cd1\ace-demo-collection-vol4-cd1.part01.rar=>DEMOS\NOSF\NOSFERAT.COMInfected
with: Lamerman.512.B
M:\new
mods\ace_demo_collection_volume_4\cd1\ace-demo-collection-vol4-cd1.part01.rar=>DEMOS\NOSF\NOSFERAT.COMDisinfection
failed
M:\new
mods\ace_demo_collection_volume_4\cd1\ace-demo-collection-vol4-cd1.part01.rar=>DEMOS\NOSF\NOSFERAT.COMDeleted
M:\new
mods\ace_demo_collection_volume_4\cd1\ace-demo-collection-vol4-cd1.part01.rarUpdate
failed
R:\Downloads\file6.zip=>(ZIP Sfx g)=>Run_it_xxx.exe=>(NSIS
o)=>lzma_solid_nsis0006Infected with: Trojan.Zlob.Gen
R:\Downloads\file6.zip=>(ZIP Sfx g)=>Run_it_xxx.exe=>(NSIS
o)=>lzma_solid_nsis0006Disinfection failed
R:\Downloads\file6.zip=>(ZIP Sfx g)=>Run_it_xxx.exe=>(NSIS
o)=>lzma_solid_nsis0006Deleted
R:\Downloads\file6.zip=>(ZIP Sfx g)=>Run_it_xxx.exe=>(NSIS o)Update
failed
R:\Downloads\file6.zip=>Run_it_xxx.exe=>(NSIS
o)=>lzma_solid_nsis0006Infected with: Trojan.Zlob.Gen
R:\Downloads\file6.zip=>Run_it_xxx.exe=>(NSIS
o)=>lzma_solid_nsis0006Disinfection failed
R:\Downloads\file6.zip=>Run_it_xxx.exe=>(NSIS
o)=>lzma_solid_nsis0006Deleted
R:\Downloads\file6.zip=>Run_it_xxx.exe=>(NSIS o)Update failed
R:\Downloads\Net Utilities\file8.zip=>(ZIP Sfx
g)=>Run_it_xxx.exe=>(NSIS o)=>lzma_solid_nsis0006Infected with:
Trojan.Zlob.Gen
R:\Downloads\Net Utilities\file8.zip=>(ZIP Sfx
g)=>Run_it_xxx.exe=>(NSIS o)=>lzma_solid_nsis0006Disinfection failed
R:\Downloads\Net Utilities\file8.zip=>(ZIP Sfx
g)=>Run_it_xxx.exe=>(NSIS o)=>lzma_solid_nsis0006Deleted
R:\Downloads\Net Utilities\file8.zip=>(ZIP Sfx
g)=>Run_it_xxx.exe=>(NSIS o)Update failed
R:\Downloads\Net Utilities\file8.zip=>Run_it_xxx.exe=>(NSIS
o)=>lzma_solid_nsis0006Infected with: Trojan.Zlob.Gen
R:\Downloads\Net Utilities\file8.zip=>Run_it_xxx.exe=>(NSIS
o)=>lzma_solid_nsis0006Disinfection failed
R:\Downloads\Net Utilities\file8.zip=>Run_it_xxx.exe=>(NSIS
o)=>lzma_solid_nsis0006Deleted
R:\Downloads\Net Utilities\file8.zip=>Run_it_xxx.exe=>(NSIS o)Update
failed
R:\Downloads\Utilities\dramatic_setup.zip=>dRAMatic_setup.exe=>(Instyler
o)=>(Instyler Module 3)Infected with: Backdoor.Bancodor.I
R:\Downloads\Utilities\dramatic_setup.zip=>dRAMatic_setup.exe=>(Instyler
o)=>(Instyler Module 3)Disinfection failed
R:\Downloads\Utilities\dramatic_setup.zip=>dRAMatic_setup.exe=>(Instyler
o)=>(Instyler Module 3)Deleted
R:\Downloads\Utilities\dramatic_setup.zip=>dRAMatic_setup.exe=>(Instyler
o)Update failed
R:\Downloads\Utilities\file5.zip=>(ZIP Sfx
g)=>Run_it_xxx.exeInfected with: DeepScan:Generic.Zlob.86206FF3
R:\Downloads\Utilities\file5.zip=>(ZIP Sfx
g)=>Run_it_xxx.exeDisinfection failed
R:\Downloads\Utilities\file5.zip=>(ZIP Sfx g)=>Run_it_xxx.exeDeleted
R:\Downloads\Utilities\file5.zip=>(ZIP Sfx g)Updated
R:\Downloads\Utilities\file5.zipUpdate failed
R:\Downloads\Utilities\file5.zip=>Run_it_xxx.exeInfected with:
DeepScan:Generic.Zlob.86206FF3
R:\Downloads\Utilities\file5.zip=>Run_it_xxx.exeDisinfection failed
R:\Downloads\Utilities\file5.zip=>Run_it_xxx.exeDeleted
R:\Downloads\Utilities\file5.zipUpdated
  • 0

#14
Teddybear999

Teddybear999

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi there, again. Although up to now I still haven't had any errors. It will take a few days testing to be sure. Is it possible to leave the thread open just in case. Also, do you have any idea what was causing the problem?


Teddy
  • 0

#15
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Keep in mind that every Antivirus company has thier own set of virus signatures which are not ever going to be exactly the same as any other company.

That being said,every scanner will yield different results.

By the looks of that last scan,Id say you have some house cleaning to do.

Best be going through all these different drives and folders and get rid of whatever isnt absolutley necessary.


Since you want to wait a day or two,why not run some more Online Scans.


Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP