Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need Some Help!


  • Please log in to reply

#1
funkmastersquirrel

funkmastersquirrel

    Member

  • Member
  • PipPip
  • 65 posts
Hello, I recently let a friend use my PC and he aparently stumbled onto something I have never dealt with before. I have gotten a registry cleaner scam on my PC. It basically tells me every so often from the system tray that my PC is infected. Once I click on this it tells me to download registrycleaner. The softwares website is found here: http://***.sysregistry.com Edited to avoid unwary clicking - Nov.
I also had a problem going to google. It seemed as though it had blocked or redirected my browser to tell me that this website wasnt found and what not. It also changed my homepage from google to www.sex.com. I have, however, fixed the google problem as well as got rid of the redirection problem and am now googling like the best of us after running SpyBot and Adaware. I still, though, cant get rid of the annoying constant pop up from the system tray asking me to install registry cleaner.
Just for background info, I am not new to this by any means. I have been in the IT field for over 7 years now and have many certifications under my belt. So whomever decides to help me, you dont have to respond to this as though I am PC illiterate. Thanks in advance!! HJT LOG FOLLOWS:

Logfile of HijackThis v1.99.1
Scan saved at 9:57:54 AM, on 1/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1162968398\ee\AOLSoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctpmon.exe
C:\WINDOWS\system32\ctpmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Todd\My Documents\Programs\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...b?1162079897250
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zon...nt.cab31267.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -

http://driveragent.c...driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft

Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Edited by Noviciate, 26 January 2007 - 03:53 PM.

  • 0

Advertisements


#2
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts

So whomever decides to help me, you dont have to respond to this as though I am PC illiterate.


Most of my replies are standard ones with individual files added where necessary, so you get what everyone else does - at no extra cost, it has to be said! :whistling:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Open Notepad: Start > All Programs > Accessories > Notepad.
Click on Format and ensure that Wordwrap is unchecked. If it isn't, uncheck it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1) Download SmitfraudFix.exe by S!Ri from here and save it to your Desktop.

2) Double click SmitfraudFix.exe - this will open a Command Window and also create the SmitfraudFix folder on your Desktop. Once you have read the information, "press any key to continue..."
Press "1" and then <ENTER> to start the search process.
When the search has completed, a text file, rapport.txt, will open with the results in - Copy and paste this report into your next reply.

A copy of the report can be found in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
For most, this file can be found by double-clicking My Computer and then Local Disk (C:)


IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Combofix by sUBs from here and save it to your Desktop.
  • Double click combo.exe to run it and follow the prompts.
  • When the tool has finished, it will produce a log C:\ComboFix.txt - copy and paste it into your next reply.
Please Note:
  • Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash.
  • Disable Script Blocking if you have NAV installed as it will interfere with the normal working of this tool.
  • Trojan Hunter has been reported to detect this tool as Worm.Qiv.100 - please ignore this, it's a false-positive.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run HJT and click on Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.


I've had to use the "quote" tags because a forum software issue is affecting my ability to post for some reason and this gets the job done. Please ignore this as it shouldn't affect your posts.
  • 0

#3
funkmastersquirrel

funkmastersquirrel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
For some reason the links in which you directed me to did not work. I instead found the same programs at other websites. I can give you think links if you would like! Here are the requested 3 logs....

------------------------------------SmitFraudFix Log--------------------------------

SmitFraudFix v2.135

Scan done at 17:07:00.21, 07-01-26
Run from C:\Documents and Settings\Todd\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\autosys.exe FOUND !
C:\WINDOWS\system32\RegistryCleanerSetup.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Todd


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Todd\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Todd\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://by127fd.bay12...in=hotmail.com"
"SubscribedURL"="http://by127fd.bay12...in=hotmail.com"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


-----------------------------ComboFix Log-----------------------------

"Todd" - 07-01-26 17:00:17 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Todd\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ctpmon.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-26 to 2007-01-26 ))))))))))))))))))))))))))))))))))


2007-01-26 09:38 619,953 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe
2007-01-25 22:37 72,704 --a------ C:\WINDOWS\ST5UNST.EXE
2007-01-25 22:31 45,568 --a------ C:\qarv.exe
2007-01-25 22:31 3,281 --a------ C:\WINDOWS\system32\autosys.exe
2007-01-25 14:45 <DIR> d-------- C:\Program Files\CCleaner
2007-01-25 14:36 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2007-01-25 14:34 <DIR> d-------- C:\Program Files\a-squared Free
2007-01-24 10:38 <DIR> d-------- C:\DOCUME~1\Todd\Application Data\Ahead
2007-01-24 10:26 <DIR> d-------- C:\Program Files\Nero
2007-01-24 10:26 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-01-24 10:25 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-23 20:15 <DIR> d-------- C:\Program Files\NASA
2007-01-23 14:11 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-01-23 14:07 <DIR> d-------- C:\Program Files\Microsoft Works
2007-01-23 14:06 <DIR> d-------- C:\Program Files\MSBuild
2007-01-23 14:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-01-23 14:02 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-01-23 14:00 <DIR> dr-h----- C:\MSOCache
2007-01-23 10:55 <DIR> d-------- C:\OFFICE 2007 Enterprise + key
2007-01-22 17:44 29,384 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-22 17:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Help
2007-01-11 23:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\NVIDIA
2007-01-11 18:38 <DIR> d-------- C:\DOCUME~1\Todd\Application Data\dvdcss
2007-01-10 21:50 <DIR> d-------- C:\DOCUME~1\Todd\Application Data\CyberLink
2007-01-10 21:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CyberLink
2007-01-10 21:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-10 03:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-03 08:12 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-03 08:12 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-03 08:11 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-03 08:09 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-02 09:53 <DIR> d-------- C:\DOCUME~1\Todd\Application Data\IMVU
2007-01-02 02:07 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-02 02:07 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2006-12-26 21:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\FLEXnet
2006-12-26 21:10 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2006-12-26 21:09 <DIR> d-------- C:\Program Files\Bonjour


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-26 08:00 -------- d-------- C:\DOCUME~1\Todd\Application Data\avg7
2007-01-25 22:46 -------- d-------- C:\DOCUME~1\Todd\Application Data\azureus
2007-01-25 22:39 -------- d-------- C:\Program Files\azureus
2007-01-25 22:37 -------- d---s---- C:\DOCUME~1\Todd\Application Data\microsoft
2007-01-25 22:33 -------- d-------- C:\DOCUME~1\Todd\Application Data\limewire
2007-01-25 09:35 -------- d-------- C:\Program Files\winamp
2007-01-24 10:21 -------- d-------- C:\DOCUME~1\Todd\Application Data\skype
2007-01-11 20:17 -------- d-------- C:\Program Files\dvdsanta
2007-01-11 09:00 -------- d-------- C:\Program Files\viewpoint
2007-01-10 21:44 -------- d--h----- C:\Program Files\installshield installation information
2007-01-10 21:44 -------- d-------- C:\Program Files\cyberlink
2006-12-26 21:18 -------- d-------- C:\DOCUME~1\Todd\Application Data\adobe
2006-12-26 21:14 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-22 22:43 -------- d-------- C:\Program Files\pcpitstop
2006-12-18 05:54 -------- d-------- C:\Program Files\poweriso
2006-12-16 04:33 -------- d-------- C:\Program Files\dvd shrink
2006-12-15 02:48 -------- d-------- C:\DOCUME~1\Todd\Application Data\help
2006-12-14 23:31 -------- d-------- C:\Program Files\quicktime
2006-12-14 23:30 -------- d-------- C:\Program Files\Common Files\ulead
2006-12-14 23:28 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-12 02:31 -------- d-------- C:\DOCUME~1\Todd\Application Data\real
2006-12-12 02:29 -------- d-------- C:\Program Files\Common Files\xing shared
2006-12-12 02:29 -------- d-------- C:\Program Files\Common Files\real
2006-12-12 02:28 -------- d-------- C:\Program Files\real
2006-12-08 03:57 77312 --a------ C:\WINDOWS\system32\twain_32.dll
2006-12-08 03:57 69632 --a------ C:\WINDOWS\system32\twunk_32.exe
2006-12-08 03:57 48560 --a------ C:\WINDOWS\system32\twunk_16.exe
2006-12-06 23:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-29 00:26 -------- d-------- C:\Program Files\partygaming
2006-11-28 22:47 -------- d-------- C:\DOCUME~1\Todd\Application Data\sun
2006-11-27 11:58 -------- d-------- C:\Program Files\skype
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 20:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 20:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 20:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 20:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 20:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 20:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 20:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 02:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 02:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 02:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 02:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 02:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 02:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 02:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 02:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 02:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 02:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-28 11:43 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-28 11:43 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-28 02:30 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-10-28 02:30 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-10-27 16:17 0 -rahs---- C:\MSDOS.SYS
2006-10-27 16:17 0 -rahs---- C:\IO.SYS
2006-10-27 16:17 0 --a------ C:\CONFIG.SYS
2006-10-27 16:17 0 --a------ C:\AUTOEXEC.BAT
2006-10-27 11:57 62 --ahs---- C:\DOCUME~1\Todd\Application Data\desktop.ini
2006-10-26 14:10 33088 --a------ C:\WINDOWS\system32\fm20enu.dll
2006-10-26 14:10 1190688 --a------ C:\WINDOWS\system32\fm20.dll
2006-10-26 13:45 293376 --a------ C:\WINDOWS\system32\wisptis.exe
2006-10-26 13:45 207360 --a------ C:\WINDOWS\system32\inked.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ctpmon"="ctpmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"CTHelper"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"ISUSPM"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1162968398\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MySpaceIM"
"hkey"="HKCU"
"command"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://by127fd.bay12...ain=hotmail.com

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41e4248e-7b55-11db-a9f8-000000000000}]
Shell\AutoRun\command E:\wd_windows_tools\setup.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-26 17:03:12


-----------------------------HJT UNISTALL FILE---------------------------



Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer 1.1
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
a-squared Free 2.1
a-squared HiJackFree 2.1
AVG Free Edition
Azureus
CCleaner (remove only)
C-Media WDM Audio Driver
Command & Conquer The First Decade
Creative System Information
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Shrink 3.2
dvdSanta 4.00
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
LimeWire PRO 4.10.0
Microsoft .NET Framework 1.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
MySpaceIM
Nero 7 Essentials
NVIDIA Drivers
PartyPoker
Philips PC Camera
PowerDVD
PowerISO
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Skype 2.5
Sound Blaster Live!
Spybot - Search & Destroy 1.4
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Ventrilo Client
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Browser Services
Yahoo! Messenger
  • 0

#4
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts

For some reason the links in which you directed me to did not work.

They both work for me - odd!

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download the trial version of AVG Anti-Spyware from here and save it to your Desktop.

If you already have this program installed, skip to Updating AVG Anti-Spyware: below.

Double click the avgas-setup file to begin installation and follow the prompts.
When the program has been installed, and you click the Finish button, AVG A-S will open.

* Please note that this program was formerly known as Ewido anti-spyware 4.0.
Taken from the Ewido website -

ewido anti-spyware 4.0 will now continue under the new product name AVG Anti-Spyware 7.5. AVG Anti-Spyware 7.5 contains the same ewido technology, but with some further enhanced features:

Highly improved cleaning
Lower resource usage
Additional languages supported

All current licenses for ewido anti-spyware 4.0 will continue to be valid, and users can change over to the new AVG Anti-Spyware 7.5 for free.

  • Updating AVG Anti-Spyware:

    By default AVG A-S is configured to update automatically so, if you have an active internet connection, it should do so following installation. If you are unsure whether or not it has done so, do the following:
  • Click the Update icon at the top and under "Manual Update" - click the Start update button.
  • Either AVG A-S will update or inform you that no update was available.
  • If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
    Once you have installed AVG A-S, double click avgas-signatures-current.exe to update it.

    Disabling the Resident Shield:
  • By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.
    (When the PC has been cleaned you can activate the shield again, if you wish.)
  • Click the Shield icon at the top and under "Resident shield is..." - click active.
  • This should now change to inactive.

    Changing Recommended Actions
  • Click the Scanner icon at the top and then click the Settings Tab.
  • Under "How to act?" click Recommended actions and select "Quarantine" from the menu.
You can now close AVG A-S.

AVG A-S is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG A-S will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.
Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now button.


2) Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Press "4" and then <ENTER> to check for updates.
Don't forget to allow SmiUpdate.exe access through your firewall.
Once it has updated, or if there are no updates available, close the window and the folder.

3) You will need to know how to boot into Safe Mode.
Instructions can be found here.

4) You will need to set Windows to show All Hidden Files and Folders.
Instructions can be found here.
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

5) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Boot into Safe Mode.

2) Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Press "2" and then <ENTER> to start the cleaning process.
  • Wait for the tool to complete and disk cleanup to finish.
  • You will be prompted "Registry cleaning - Do you want to clean the registry ? Press "Y" and then <ENTER>.
  • The tool will also check if wininet.dll is infected. You may be prompted to "Replace infected file ?" - press "Y" and then <ENTER>.
Your PC now needs to be rebooted - if this does not happen automatically, you will need to do so manually. Either way, your PC will need to be booted back INTO SAFE MODE.

3) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.
Do this for all Usernames.

4) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.
Do this for all Usernames.

5) Go to Start > Control Panel > Internet Options.

For I.E. 6 - under Temporary Internet files, click on Delete Files...
Check the box to the left of 'Delete all offline content' and then click on OK.

For I.E. 7 - under Browsing History, click delete...
Under Temporary Internet Files, click Delete files...

6) Go to Start > Control Panel > Display.
Select the Desktop Tab, click on Customise Desktop... and then select the Web Tab.
Under Web pages: you may see a checked entry called Security info - or similar. Highlight this entry and then click the Delete button.
Finally click OK > Apply > OK.

7) Empty the Recycle Bin.

8) Ensure that ALL open Windows / Programs / Folders are closed and then run AVG A-S.
  • If it is not already selected, click the Scanner icon at the top and then select the Scan Tab.
  • Click "Complete System Scan"
  • While the scan is in progress the PC should be left otherwise idle - so if you fancy a cuppa, now's the time to put the kettle on!
  • When the scan has completed, any threats that AVG A-S has detected will be displayed.
  • Click the Apply all actions button at the bottom.
  • When AVG A-S has finished, it will display the message "All actions have been applied".

    Saving a report:
  • Click the Save Report button at the bottom left and the "Reports" window will open.
  • The content of the scan report will be displayed in the right hand pane and a copy will be automatically saved as Report-Scan-date-time.txt into the C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports folder.
  • You will need to post a copy of this report into your next reply, so if it is more convenient, you can save another copy of this report elsewhere:
    Click the Save report as button and select a destination by clicking the down arrow to the right of the Save in: text box and then click Save.
Close AVG A-S.

9) Reboot into Normal Mode.

10) Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Press "3" and then <ENTER> to "Delete Trusted Zone".
When prompted "Restore Trusted Zone ?", press "Y" and then <ENTER>.

* Please Note: If you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection *

Will you then post the following:
  • A new HJT log,
  • The AVG A-S log,
  • The text file rapport.txt that will be found in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
    For most, this file can be found by double-clicking My Computer and then Local Disk (C:)
  • A description of how your PC is behaving.


  • 0

#5
funkmastersquirrel

funkmastersquirrel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I believe whatever it was that was on my PC at the time wasnt allowing me to download those files. The AVG Spyware link that you provided wouldnt work as well. Anyhow, the main problem that I queried about seems to be gone. Here are my logs you requested!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:04:05 AM 1/27/2007

+ Scan result:



C:\Documents and Settings\Todd\My Documents\opcontrol.exe -> Backdoor.Agent.tj : Cleaned.
C:\Documents and Settings\Todd\My Documents\mem86control.exe -> Backdoor.Agent.ve : Cleaned.
C:\qarv.exe -> Hijacker.Agent.is : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Todd\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end


---------------------------------------------------------

SmitFraudFix v2.135

---------------------------------------------------------



Scan done at 9:15:20.48, Sat 01/27/2007
Run from C:\Documents and Settings\Todd\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\autosys.exe Deleted
C:\WINDOWS\system32\RegistryCleanerSetup.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


---------------------------------------------------------

Logfile of HijackThis v1.99.1

---------------------------------------------------------


Scan saved at 11:16, on 07-01-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1162968398\ee\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Todd\My Documents\Programs\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1162079897250
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  • 0

#6
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Your AVG A-S log shows a few nasties that concern me -

C:\Documents and Settings\Todd\My Documents\opcontrol.exe -> Backdoor.Agent.tj : Cleaned.
C:\Documents and Settings\Todd\My Documents\mem86control.exe -> Backdoor.Agent.ve : Cleaned.
C:\qarv.exe -> Hijacker.Agent.is : Cleaned.


A definition of Backdoors can be found here.

Given that you have had problems with links, I am worried that your PC has been compromised and that there may be further malicious files on your PC. It is also possible that changes have been made to the OS that would make your PC more vulnerable in the future.
Just to be on the safe side, I would monitor any bank accounts that you have accessed with this PC and also any credit cards that you have used online.
As you don't appear to have a software firewall installed, you are probably relying on the one that comes with Service Pack 2. While this is better than nothing, it doesn't monitor outbound connections, so it would be possible for a nasty on your PC to phone home at will.

I want you to run through the following instructions to see if anything can be found, but you need to realise that if changes have been made to your PC, that the only way to deal with this is a reformat.

IMPORTANT - A new version of the Kaspersky Online Scanner was released on August 8, 2006. If you have installed a previous version then you need to go to Add/Remove Programs and remove any entries for Kaspersky Online Scanner before you proceed.
* Close all Internet Explorer windows before doing this.

Go here and click the Kaspersky Online Scanner button.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download gmer.zip from here and save it to your Desktop.
You will need to unzip it before you run it.

To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


Double click gmer.exe to begin:
  • Ensure that the Rootkit Tab at the top is selected.
  • Make sure all the boxes on the right of the screen are checked,
    EXCEPT for ‘Show All’.
  • Click the Scan button on the right.
  • When the scan has completed, (you'll have time for a snack and a cuppa!), click the Copy button underneath - this will save the report to your Clipboard.
  • Paste it into Notepad (Start > All Programs > Accessories > Notepad) and save it somewhere convenient.
  • Click the >>> Tab at the top and select the Autostart Tab.
  • Click the Scan button on the right - this one should only take seconds to complete.
  • Save the log as before.
Copy and paste both reports into your next reply - you may need to post them seperately. Please preview your posts to ensure that all of both logs get posted.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you don't have a software firewall installed, there are a few free firewalls available.
Zone Alarm: Available here.
Kerio: Available here.
Outpost: Available here.

It is important to note that you should only have one firewall installed at a time, but you can download all of the above to your Desktop and install each in turn to see which one you prefer.

Understanding and Using Firewalls: http://www.bleepingc...tutorial60.html
  • 0

#7
funkmastersquirrel

funkmastersquirrel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I noticed the backdoors and the hijacker as well. Here are the logs that you requested:

---------------------------------KASPERSKY ONLINE SCANNER REPORT------------------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
07-01-28 21:44
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 29/01/2007
Kaspersky Anti-Virus database records: 262757
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 61926
Number of viruses found: 2
Number of infected objects: 12 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:18:29

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Todd\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Todd\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Todd\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Todd\Desktop\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\AOL\UserProfiles\1162968398\funkybamn\cls\common.cls Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\AOL\UserProfiles\1162968398\toddl69\cls\common.cls Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\History\History.IE5\MSHist012007012820070129\index.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temp\Perflib_Perfdata_1dc.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temp\~DF21C2.tmp Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Todd\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Todd\My Documents\Programs\kf151\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Todd\My Documents\Programs\kf151\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Todd\My Documents\Programs\kf151\keyfinder.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Todd\My Documents\Programs\kf151.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Todd\My Documents\Programs\kf151.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Todd\My Documents\Programs\kf151.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Todd\My Documents\Programs\kf151.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Todd\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Todd\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Todd.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Todd.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Todd.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7ED1CAB4-90EB-4620-B0F5-6E837A7332E8}\RP132\A0015312.exe Object is locked skipped
C:\System Volume Information\_restore{7ED1CAB4-90EB-4620-B0F5-6E837A7332E8}\RP132\A0015333.exe Object is locked skipped
C:\System Volume Information\_restore{7ED1CAB4-90EB-4620-B0F5-6E837A7332E8}\RP133\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-100A1102}.CDF Object is locked skipped

Scan process completed.



-------------------------------------------------GMER Report 1----------------------------------

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-28 22:40:29
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DC585A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DC585A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DC585A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DC585A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DC585A] avgtdi.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN B80B7C74
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP B80B4400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP B80B4400
Device \FileSystem\Cdfs \Cdfs FastIoCheckIfPossible B80B7BCE

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7CA431E5
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FA7797CA
ADS C:\Documents and Settings\Todd\Favorites\IP Address Locator - Enter an IP address to find its location - Lookup Country Region City etc.url:favicon

---- EOF - GMER 1.0.12 ----

--------------------------------------------GMER Report 2 AutoStarts----------------------------------------------

GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-28 22:58:01
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session

Manager\[email protected] =

%SystemRoot%\system32\csrss.exe

ObjectDirectory=\Windows

SharedSection=1024,3072,512 Windows=On

SubSystemType=Windows ServerDll=basesrv,1

ServerDll=winsrv:UserServerDllInitialization,

3

ServerDll=winsrv:ConServerDllInitialization,2

ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows

NT\CurrentVersion\[email protected] =

C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVG Anti-Spyware Guard /*AVG Anti-Spyware

Guard*/@ = C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\guard.exe
Avg7Alrt /*AVG7 Alert Manager Server*/@ =

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ =

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ =

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Bonjour Service

/*##Id_String1.6844F930_1628_4223_B5CC_5BB94B

879762##*/@ = "C:\Program

Files\Bonjour\mDNSResponder.exe"
Creative Service for CDROM Access /*Creative

Service for CDROM Access*/@ =

C:\WINDOWS\system32\CTsvcCDA.exe
MDM /*Machine Debug Manager*/@ = "C:\Program

Files\Common Files\Microsoft

Shared\VS7DEBUG\mdm.exe"
NVSvc /*NVIDIA Display Driver Service*/@ =

%SystemRoot%\system32\nvsvc32.exe
Spooler /*Print Spooler*/@ =

%SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@

= C:\WINDOWS\system32\wdfmgr.exe
Viewpoint Manager Service /*Viewpoint Manager

Service*/@ = "C:\Program

Files\Viewpoint\Common\ViewpointService.exe"
WMDM PMSP Service /*WMDM PMSP Service*/@ =

C:\WINDOWS\system32\MsPMSPSv.exe

HKLM\Software\Microsoft\Windows\CurrentVersio

n\Run >>>
@NvCplDaemonRUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup =

RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarIni

t = RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarIni

t
@CTHelperCTHELPER.EXE = CTHELPER.EXE
@UpdRegC:\WINDOWS\UpdReg.EXE =

C:\WINDOWS\UpdReg.EXE
@Jet Detection"C:\Program

Files\Creative\SBLive\PROGRAM\ADGJDet.exe" =

"C:\Program

Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
@CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd =

RunDll32 cmicnfg.cpl,CMICtrlWnd
@SunJavaUpdateSched"C:\Program

Files\Java\jre1.5.0_09\bin\jusched.exe" =

"C:\Program

Files\Java\jre1.5.0_09\bin\jusched.exe"
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.ex

e /STARTUP =

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

/STARTUP
@IntelliPoint"C:\Program Files\Microsoft

IntelliPoint\point32.exe" = "C:\Program

Files\Microsoft IntelliPoint\point32.exe"
@ISUSPM"C:\Program Files\Common

Files\InstallShield\UpdateService\ISUSPM.exe"

-scheduler /*file not found*/ = "C:\Program

Files\Common

Files\InstallShield\UpdateService\ISUSPM.exe"

-scheduler /*file not found*/
@RemoteControl"C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe" =

"C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe"
@GrooveMonitor"C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe" =

"C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe"
@NeroFilterCheckC:\Program Files\Common

Files\Ahead\Lib\NeroCheck.exe = C:\Program

Files\Common Files\Ahead\Lib\NeroCheck.exe
@TkBellExe"C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot

= "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
@!AVG Anti-Spyware"C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"

/minimized = "C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\avgas.exe" /minimized

HKCU\Software\Microsoft\Windows\CurrentVersio

n\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe =

C:\WINDOWS\system32\ctfmon.exe
@ctpmonctpmon.exe /*file not found*/ =

ctpmon.exe /*file not found*/
@Aim6"C:\Program Files\Common

Files\AOL\Launch\AOLLaunch.exe" /d

locale=en-US ee://aol/imApp = "C:\Program

Files\Common Files\AOL\Launch\AOLLaunch.exe"

/d locale=en-US ee://aol/imApp
@Yahoo! Pager"C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe"

-quiet = "C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe"

-quiet

HKLM\Software\Microsoft\Windows\CurrentVersio

n\Explorer\ShellExecuteHooks >>>
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD}C:\PRO

GRA~1\MICROS~3\Office12\GRA8E1~1.DLL =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Pro

gram Files\Grisoft\AVG Anti-Spyware

7.5\shellexecutehook.dll = C:\Program

Files\Grisoft\AVG Anti-Spyware

7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersio

n\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3}

/*Display Panning CPL Extension*/deskpan.dll

/*file not found*/ = deskpan.dll /*file not

found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153}

/*Previous Versions Property

Page*/%SystemRoot%\system32\twext.dll =

%SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783}

/*Previous

Versions*/%SystemRoot%\system32\twext.dll =

%SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE

Search Band*/C:\WINDOWS\system32\ieframe.dll

= C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}

/*Shell DocObject

Viewer*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8}

/*InternetShortcut*/C:\WINDOWS\system32\iefra

me.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE}

/*Microsoft Url History

Service*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000}

/*History*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933}

/*Temporary Internet

Files*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933}

/*Temporary Internet

Files*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

/*Microsoft Url Search

Hook*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The

Internet*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D}

/*Internet Name

Space*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}

/*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87}

/*Extensions Manager

Folder*/C:\WINDOWS\system32\extmgr.dll =

C:\WINDOWS\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439}

/*NvCpl DesktopContext

Class*/C:\WINDOWS\system32\nvcpl.dll =

C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516}

/*Play on my TV

helper*/C:\WINDOWS\system32\nvcpl.dll =

C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D}

/*Desktop

Explorer*/C:\WINDOWS\system32\nvshell.dll =

C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47}

/*Desktop Explorer

Menu*/C:\WINDOWS\system32\nvshell.dll =

C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48}

/*nView Desktop Context

Menu*/C:\WINDOWS\system32\nvshell.dll =

C:\WINDOWS\system32\nvshell.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}

/*Messenger Sharing Folders*/C:\Program

Files\MSN Messenger\fsshext.8.0.0812.00.dll =

C:\Program Files\MSN

Messenger\fsshext.8.0.0812.00.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

/*AVG7 Shell Extension*/C:\Program

Files\Grisoft\AVG Free\avgse.dll = C:\Program

Files\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}

/*AVG7 Find Extension*/C:\Program

Files\Grisoft\AVG Free\avgse.dll = C:\Program

Files\Grisoft\AVG Free\avgse.dll
@{20082881-FC36-4E47-9A7A-644C95FF749F}

/*IntelliPoint Wireless Control Panel

Property Page*/"C:\Program Files\Microsoft

IntelliPoint\ipcplwir.dll" = "C:\Program

Files\Microsoft IntelliPoint\ipcplwir.dll"
@{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}

/*IntelliPoint Wheel Control Panel Property

Page*/"C:\Program Files\Microsoft

IntelliPoint\ipcplwhl.dll" = "C:\Program

Files\Microsoft IntelliPoint\ipcplwhl.dll"
@{653DCCC2-13DB-45B2-A389-427885776CFE}

/*IntelliPoint Activities Control Panel

Property Page*/"C:\Program Files\Microsoft

IntelliPoint\ipcplact.dll" = "C:\Program

Files\Microsoft IntelliPoint\ipcplact.dll"
@{124597D8-850A-41AE-849C-017A4FA99CA2}

/*IntelliPoint Buttons Control Panel Property

Page*/"C:\Program Files\Microsoft

IntelliPoint\ipcplbtn.dll" = "C:\Program

Files\Microsoft IntelliPoint\ipcplbtn.dll"
@{B41DB860-8EE4-11D2-9906-E49FADC173CA}

/*WinRAR shell extension*/C:\Program

Files\WinRAR\rarext.dll = C:\Program

Files\WinRAR\rarext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}

/*Shell Extensions for RealOne

Player*/C:\Program

Files\Real\RealPlayer\rpshell.dll =

C:\Program Files\Real\RealPlayer\rpshell.dll
@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}

/*PowerISO*/C:\Program

Files\PowerISO\PWRISOSH.DLL = C:\Program

Files\PowerISO\PWRISOSH.DLL
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE

Microsoft

BrowserBand*/C:\WINDOWS\system32\ieframe.dll

= C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE

Fade Task*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE

Menu Desk

Bar*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE

AutoComplete*/C:\WINDOWS\system32\ieframe.dll

= C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE

Navigation

Bar*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE

Menu Site*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE

Menu Band*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE

Microsoft History AutoComplete

List*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE

Tracking Shell

Menu*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE

IShellFolderBand*/C:\WINDOWS\system32\ieframe

.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE

BandProxy*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE

MRU AutoComplete

List*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE

RSS Feeder

Folder*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE

Microsoft Shell Folder AutoComplete

List*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE

Microsoft Multiple AutoComplete List

Container*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}

/*Microsoft Browser

Architecture*/C:\WINDOWS\system32\ieframe.dll

= C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE

Shell Rebar

BandSite*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE

Shell Band Site

Menu*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049}

/*&Links*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE

Registry Tree Options

Utility*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE

User Assist*/C:\WINDOWS\system32\ieframe.dll

= C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE

Custom MRU AutoCompleted

List*/C:\WINDOWS\system32\ieframe.dll =

C:\WINDOWS\system32\ieframe.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web

Folders*/C:\Program Files\Common

Files\Microsoft Shared\Web

Folders\MSONSEXT.DLL = C:\Program

Files\Common Files\Microsoft Shared\Web

Folders\MSONSEXT.DLL
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

/*Groove GFS Browser

Helper*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~

1.DLL =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}

/*Groove GFS Explorer

Bar*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.D

LL =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{A449600E-1DC6-4232-B948-9BD794D62056}

/*Groove GFS Stub Icon

Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1

~1.DLL =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD}

/*Groove GFS Stub Execution

Hook*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.

DLL =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{6C467336-8281-4E60-8204-430CED96822D}

/*Groove GFS Context Menu

Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1

~1.DLL =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{387E725D-DC16-4D76-B310-2C93ED4752A0}

/*Groove XML Icon

Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1

~1.DLL =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{16F3DD56-1AF5-4347-846D-7C10C4192619}

/*Groove Explorer Icon Overlay 3 (GFS

Folder)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1

~1.DLL =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}

/*Groove Explorer Icon Overlay 2 (GFS

Stub)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1

.DLL =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}

/*Groove Explorer Icon Overlay 4 (GFS Unread

Mark)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1

.DLL =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{99FD978C-D287-4F50-827F-B2C658EDA8E7}

/*Groove Explorer Icon Overlay 1 (GFS Unread

Stub)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1

.DLL =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{920E6DB1-9907-4370-B3A0-BAFC03D81399}

/*Groove Explorer Icon Overlay 2.5 (GFS

Unread

Folder)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1

~1.DLL =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{0006F045-0000-0000-C000-000000000046}

/*Microsoft Office Outlook Custom Icon

Handler*/C:\PROGRA~1\MICROS~3\Office12\OLKFST

UB.DLL =

C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
@{00020D75-0000-0000-C000-000000000046}

/*Microsoft Office Outlook Desktop Icon

Handler*/C:\PROGRA~1\MICROS~3\Office12\MLSHEX

T.DLL =

C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}

/*Microsoft Office OneNote Namespace

Extension for Windows Desktop

Search*/C:\PROGRA~1\MICROS~3\Office12\ONFILTE

R.DLL =

C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597}

/*Microsoft Office HTML Icon

Handler*/C:\Program Files\Microsoft

Office\Office12\msohevi.dll = C:\Program

Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}

/*Microsoft Office Metadata

Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE

12\msoshext.dll =

C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshe

xt.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}

/*Microsoft Office Thumbnail

Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE

12\msoshext.dll =

C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshe

xt.dll
@{B327765E-D724-4347-8B16-78AE18552FC3}

/*NeroDigitalIconHandler*/C:\Program

Files\Common

Files\Ahead\Lib\NeroDigitalExt.dll =

C:\Program Files\Common

Files\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8}

/*NeroDigitalPropSheetHandler*/C:\Program

Files\Common

Files\Ahead\Lib\NeroDigitalExt.dll =

C:\Program Files\Common

Files\Ahead\Lib\NeroDigitalExt.dll

HKLM\Software\Classes\*\shellex\ContextMenuHa

ndlers\ >>>
AVG

[email protected]{8934FCEF-F5B8-468f-951F-78A921C

D3920} = C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\context.dll
AVG7 Shell

[email protected]{9F97547E-4609-42C5-AE0C-81C61FFAEB

C3} = C:\Program Files\Grisoft\AVG

Free\avgse.dll
[email protected]{967B2D40-8B7D-4127-9049-61EA0C2C6DC

E} = C:\Program Files\PowerISO\PWRISOSH.DLL
[email protected]{B41DB860-8EE4-11D2-9906-E49FADC173CA}

= C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler

[email protected]{6C467336-8281-4E60-8204-430CED96822D} =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

HKLM\Software\Classes\Directory\shellex\Conte

xtMenuHandlers\ >>>
AVG

[email protected]{8934FCEF-F5B8-468f-951F-78A921C

D3920} = C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\context.dll
[email protected]{967B2D40-8B7D-4127-9049-61EA0C2C6DC

E} = C:\Program Files\PowerISO\PWRISOSH.DLL
[email protected]{B41DB860-8EE4-11D2-9906-E49FADC173CA}

= C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler

[email protected]{6C467336-8281-4E60-8204-430CED96822D} =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

HKLM\Software\Classes\Folder\shellex\ContextM

enuHandlers\ >>>
AVG7 Shell

[email protected]{9F97547E-4609-42C5-AE0C-81C61FFAEB

C3} = C:\Program Files\Grisoft\AVG

Free\avgse.dll
[email protected]{967B2D40-8B7D-4127-9049-61EA0C2C6DC

E} = C:\Program Files\PowerISO\PWRISOSH.DLL
[email protected]{B41DB860-8EE4-11D2-9906-E49FADC173CA}

= C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler

[email protected]{6C467336-8281-4E60-8204-430CED96822D} =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

HKLM\Software\Microsoft\Windows\CurrentVersio

n\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Pro

gram Files\Adobe\Acrobat

5.0\Reader\ActiveX\AcroIEHelper.ocx =

C:\Program Files\Adobe\Acrobat

5.0\Reader\ActiveX\AcroIEHelper.ocx
@{53707962-6F74-2D53-2644-206D7942484F}C:\Pro

gram Files\Spybot - Search &

Destroy\SDHelper.dll = C:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}C:\Pro

gram Files\Yahoo!\Common\yiesrvc.dll =

C:\Program Files\Yahoo!\Common\yiesrvc.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E}C:\PRO

GRA~1\MICROS~3\Office12\GRA8E1~1.DLL =

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Pro

gram Files\Java\jre1.5.0_09\bin\ssv.dll =

C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Pro

gram Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll =

C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll

HKLM\Software\Microsoft\Internet

Explorer\Plugins\Extension\[email protected] =

C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll

HKLM\Software\Microsoft\Internet

Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isa

pi/redir.dll?prd=ie&pver=6&ar=msnhome =

http://www.microsoft.../redir.dll?prd=

ie&pver=6&ar=msnhome
@Start

Pagehttp://www.microsoft.com/isapi/redir.dll?

prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVE

R}&ar=home =

http://www.microsoft.../redir.dll?prd=

{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&a

r=home
@Local PageC:\windows\system32\blank.htm =

C:\windows\system32\blank.htm

HKCU\Software\Microsoft\Internet

Explorer\Main >>>
@Start

Pagehttp://www.microsoft.com/isapi/redir.dll?

prd=ie&ar=msnhome =

http://www.microsoft.../redir.dll?prd=

ie&ar=msnhome
@Local PageC:\WINDOWS\system32\blank.htm =

C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/x

[email protected] =

C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXML

MF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
[email protected] = C:\WINDOWS\system32\msvidctl.dll
[email protected] =

C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
[email protected] = C:\WINDOWS\system32\itss.dll
[email protected] =

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
[email protected] =

%SystemRoot%\system32\inetcomm.dll
[email protected] = C:\Program Files\Common

Files\Microsoft Shared\Help\hxds.dll
[email protected] = C:\WINDOWS\system32\itss.dll
[email protected] =

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
[email protected] = C:\WINDOWS\system32\msvidctl.dll
[email protected] = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSoc

k2\Parameters\NameSpace_Catalog5\Catalog_Entr

ies\[email protected] = C:\Program

Files\Bonjour\mdnsNSP.dll

---- EOF - GMER 1.0.12 ----
  • 0

#8
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Will you make sure that has been done:

Open Notepad: Start > All Programs > Accessories > Notepad.
Click on Format and ensure that Wordwrap is unchecked. If it isn't, uncheck it.

I can't work with the second GMER log as it has spaced lines everywhere that I assume have been caused by Wordwrap. Once you have done that, will you post the second log again and see if looks any better this time.
  • 0

#9
funkmastersquirrel

funkmastersquirrel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Sorry about that....



GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-28 22:58:01
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\[email protected] = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Bonjour Service /*##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##*/@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
Creative Service for CDROM Access /*Creative Service for CDROM Access*/@ = C:\WINDOWS\system32\CTsvcCDA.exe
MDM /*Machine Debug Manager*/@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
Viewpoint Manager Service /*Viewpoint Manager Service*/@ = "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
WMDM PMSP Service /*WMDM PMSP Service*/@ = C:\WINDOWS\system32\MsPMSPSv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@CTHelperCTHELPER.EXE = CTHELPER.EXE
@UpdRegC:\WINDOWS\UpdReg.EXE = C:\WINDOWS\UpdReg.EXE
@Jet Detection"C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" = "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
@CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd = RunDll32 cmicnfg.cpl,CMICtrlWnd
@SunJavaUpdateSched"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" = "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
@IntelliPoint"C:\Program Files\Microsoft IntelliPoint\point32.exe" = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
@ISUSPM"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler /*file not found*/ = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler /*file not found*/
@RemoteControl"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
@GrooveMonitor"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
@NeroFilterCheckC:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
@TkBellExe"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
@!AVG Anti-Spyware"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@ctpmonctpmon.exe /*file not found*/ = ctpmon.exe /*file not found*/
@Aim6"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp = "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
@Yahoo! Pager"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD}C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Program Files\Grisoft\AVG Free\avgse.dll = C:\Program Files\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Program Files\Grisoft\AVG Free\avgse.dll = C:\Program Files\Grisoft\AVG Free\avgse.dll
@{20082881-FC36-4E47-9A7A-644C95FF749F} /*IntelliPoint Wireless Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"
@{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} /*IntelliPoint Wheel Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"
@{653DCCC2-13DB-45B2-A389-427885776CFE} /*IntelliPoint Activities Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplact.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"
@{124597D8-850A-41AE-849C-017A4FA99CA2} /*IntelliPoint Buttons Control Panel Property Page*/"C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll" = "C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} /*PowerISO*/C:\Program Files\PowerISO\PWRISOSH.DLL = C:\Program Files\PowerISO\PWRISOSH.DLL
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E} /*Groove GFS Browser Helper*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} /*Groove GFS Explorer Bar*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{A449600E-1DC6-4232-B948-9BD794D62056} /*Groove GFS Stub Icon Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} /*Groove GFS Stub Execution Hook*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{6C467336-8281-4E60-8204-430CED96822D} /*Groove GFS Context Menu Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{387E725D-DC16-4D76-B310-2C93ED4752A0} /*Groove XML Icon Handler*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{16F3DD56-1AF5-4347-846D-7C10C4192619} /*Groove Explorer Icon Overlay 3 (GFS Folder)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} /*Groove Explorer Icon Overlay 2 (GFS Stub)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} /*Groove Explorer Icon Overlay 4 (GFS Unread Mark)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{99FD978C-D287-4F50-827F-B2C658EDA8E7} /*Groove Explorer Icon Overlay 1 (GFS Unread Stub)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{920E6DB1-9907-4370-B3A0-BAFC03D81399} /*Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)*/C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL = C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG [email protected]{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
AVG7 Shell [email protected]{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
[email protected]{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
[email protected]{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler [email protected]{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG [email protected]{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
[email protected]{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
[email protected]{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler [email protected]{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell [email protected]{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
[email protected]{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
[email protected]{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
XXX Groove GFS Context Menu Handler [email protected]{6C467336-8281-4E60-8204-430CED96822D} = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
@{53707962-6F74-2D53-2644-206D7942484F}C:\Program Files\Spybot - Search & Destroy\SDHelper.dll = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}C:\Program Files\Yahoo!\Common\yiesrvc.dll = C:\Program Files\Yahoo!\Common\yiesrvc.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E}C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL = C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\[email protected] = C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft...p...&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft...p...ER}&ar=home
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome = http://www.microsoft...p...&ar=msnhome
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/[email protected] = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
[email protected] = C:\WINDOWS\system32\msvidctl.dll
[email protected] = C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
[email protected] = C:\WINDOWS\system32\itss.dll
[email protected] = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
[email protected] = %SystemRoot%\system32\inetcomm.dll
[email protected] = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
[email protected] = C:\WINDOWS\system32\itss.dll
[email protected] = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
[email protected] = C:\WINDOWS\system32\msvidctl.dll
[email protected] = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\[email protected] = C:\Program Files\Bonjour\mdnsNSP.dll

---- EOF - GMER 1.0.12 ----
  • 0

#10
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
I don't see anything nasty in their, so you may be all right.
Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O4 - HKCU\..\Run: [ctpmon] ctpmon.exe

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

Will you then run one last scan and we can call it a day -

Create a new folder on your Desktop (right click an empty area and select New > Folder) and name it System Cleaner.
  • Download sysclean.com from here and save it into the System Cleaner folder.
  • Download the Official Pattern Release file from here and save it to your Desktop - The file will be called lptXXX.zip (where XXX represents the version number).
  • Unzip the folder and place the file lpt$vpn.XXX into the System Cleaner folder - see here for an explanation of how to unzip/extract properly.
  • Doubleclick sysclean.com which will be in the System Cleaner folder to start the tool.
  • Ensure that the "Automatically Clean Infected Files" box is checked.
  • Click scan.
  • Once the scan has completed, click Exit
Open the System Cleaner folder and copy and paste the contents of sysclean.log in your next reply along with a fresh HJT log AND a description of how the PC is running.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP