Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

bitgrabber


  • This topic is locked This topic is locked

#1
musntgrumble

musntgrumble

    Member

  • Member
  • PipPip
  • 31 posts
Hi there

I stupidly ran a programme called BitGrabber to get a password for a file that I downloaded off BitTorrent, obviously I now realise that this is adware and now I am blessed with constant pop-ups!

I was wondering if anyone could help me to remove it, I have already removed it from Add/Remove programmes. I've run various programs including AVG, CCleaner and Spybot but am still getting pop-ups.

Here is my HijackThis logfile:




Logfile of HijackThis v1.99.1
Scan saved at 17:41:46, on 04/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\Grisoft\AVG7\avgwa.dat
C:\Documents and Settings\Pauls.PAUL\My Documents\Misc\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {8B50176C-DD6E-4C14-A603-727A859337CD} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Build Amok] C:\DOCUME~1\PAULS~1.PAU\APPLIC~1\CHINMO~1\corn trust axis.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MID14E~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar &R - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar &R - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../UK/install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D2CF9D0-113A-476B-986F-288B54571614} (DevalVR Control) - http://devalvr.com/i...valvrplugin.php
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...wlscbase969.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} (VPlayer Control) - http://www.bigad.com.../vivid_ocx.jpeg
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


---------------------------------

thanks in advance
  • 0

Advertisements


#2
Kenny94

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello musntgrumble and Welcome to Geeks To Go!

I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:


* Open Hijackthis, In the lower right corner click the "Config..." (Configuration) button.
* Once in the "Configuration" panel, click "Misc Tools" button.
* Then click the "Open Uninstall Manager..." button.
* The "Add/Remove Programs Manager" panel should appear.
* In this panel click the "Save list" button.
* Save the "uninstall_list.txt" file to its default location.
* Then copy and paste the notepad text that appears in the generated "unistall_list.txt" file in a reply to this post.
  • 0

#3
musntgrumble

musntgrumble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thanks for your help


================================


3D Merry Christmas Screensaver 1.0
3D Snowy Cottage Full Screen Saver
3D Spring Blossoms Full Screen Saver
3D Water Effects Full Screen Saver
3Planesoft Screensaver Manager 1.1
Ad-Aware SE Personal
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader 7.0
Ahead InCD
Ahead InCD EasyWrite Reader
Ahead NeroVision Express
ArcSoft Camera Suite 1.3
ArcSoft Software Suite
Astro Gemini Screensaver Manager 1.2
ATI Control Panel
ATI Display Driver
AVG Anti-Virus 7.1
Avi2Dvd 0.4.3 beta
AviSynth 2.5
Barbie Cool Looks Fashion Designer
Barbie® Beauty Styler™ CD-ROM
Beach of a Woman Screensaver
BitTorrent 5.0.5
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Christmas Living 3D Fireplace Full Screen Saver
Christmas Time 3D Screensaver 1.0
coverXP (remove only)
DAEMON Tools
DevalVR for Internet Explorer (remove)
DivX
DivX Converter
DivX Player
DivX Web Player
Doom 3
Dream Aquarium
DV Studio3
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Platinum 3.0.2.0
EA SPORTS online 2007
EarthView V3.0.2
EAX Unified
Encyclopaedia Britannica 2005 Deluxe Edition CD-ROM
FIFA 07
Fireplace 3D Screensaver 1.0
Football Manager 2006
Fun Learning Alphabet
Fun Learning Tables
G-Force
Google Earth
Grand Theft Auto Vice City
Greeting Card Magic
Haunted House 2 Full Screen Saver
HijackThis 1.99.1
History Explorer
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
I Love Maths!
I Love Science!
I Love Spelling!
InterVideo WinDVD 4
J2SE Runtime Environment 5.0 Update 5
Java 2 Runtime Environment, SE v1.4.2_01
Lewd Leprechauns Full Screen Saver
LimeWire 4.9.37
Little Mermaid II Return to the Sea Activity Centre
Living 3D Dinosaurs Full Screen Saver
Living 3D Dolphins Full Screen Saver
Living 3D Fireplace Full Screen Saver
Living 3D Fireplace Scene 2 Full Screen Saver
Living Coral Screensaver
Living Marine Aquarium 2 Full Screen Saver
Living Snow Globes Full Screen Saver
Macromedia Flash Player 8
MBSS Light 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AutoRoute 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Works
Microsoft® Winter Fun Pack 2004 for Windows® XP
Monopoly Junior
Monopoly Junior XP Update
MSN
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
Musicmatch® Jukebox
My DSC
Pinnacle Hollywood FX for Studio
Pinnacle InstantCD/DVD Suite
Pirate Ship 3D Screensaver 1.0
QuickTime
RealOne Player
Red White and Blue Fireworks Full Screen Saver
Salt Lake 2002
Santa's Workshop Full Screen Saver
Satellite TV for PC Elite 4.8.8.0
Scary Screensaver Full
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
SereneScreen Aquarium
SmartSound Quicktracks Plugin
Snowy Scenes Full Screen Saver
Softk56 Data Fax Voice Speakerphone CARP
Solar System 3D Screensaver 1.1
SoundMAX
Spelling Pack Player
Spybot - Search & Destroy 1.3
Star Wars 3D Screensaver 1.3
Studio 9
Tiger Woods PGA TOUR 06
Turbo Lister
Tux Paint 0.9.15
Tux Paint Stamps 2005-11-25
TVAnts 1.0
Type to Learn
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB Driver for Panasonic DVC
Vimicro USB PC Camera (ZC301PLH)
Voyage of Columbus 3D Screensaver 1.0
Voyager 205 ADSL Router
WebCam Driver for Panasonic DVC
Who Wants To Be A Millionaire
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Safety Scanner
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Series Winter Fun Pack
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
XviD MPEG-4 Video Codec
  • 0

#4
Kenny94

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello musntgrumble

Please read "ALL" of the instructions before proceeding:


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --


Next, download WinPFind2.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind2 on your desktop.
  • Open the folder and double-click on winpfind2.exe to start the program.
  • Click on the Services tab.
  • From the two drop down boxes next to Filter list:, on the left one choose List all type of services and on the right one choose List all services.
  • Click on the Configuration tab.
  • Keep the standard settings and then in the AddOn-Options box click the checkboxes for
    • HKCU_IEDesktop.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Under File Options click Select All
  • Under Other Options put a check to both Show All boxes
  • Please maximize the window in order to be able to view the Status Bar where you can see the progress of the scan.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it and then please post that report into this topic. After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.
In your next reply, please include these log(s):


* C:\NoLop.log
* WinPFind2
* HijackThis log (new)


Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

Edited by Kenny94, 04 February 2007 - 01:26 PM.

  • 0

#5
musntgrumble

musntgrumble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Didnt have any problems following the instructions thanks.


=======================================

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Pauls.PAUL\My Documents\Misc
[04/02/2007]
[19:30:34]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\B1898CDC97BE3E40.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Espionserverdata
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Pinnacle
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Roboform
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Smartsound Software Inc
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Waitrefthempeg
C:\Documents and Settings\All Users\Application Data\Whitecap (holiday Edition)
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Macromedia
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\India\Application Data\Macromedia
C:\Documents and Settings\India\Application Data\Microsoft
C:\Documents and Settings\India\Application Data\Real
C:\Documents and Settings\India.paul\Application Data\Adobe
C:\Documents and Settings\India.paul\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\India.paul\Application Data\Avg7
C:\Documents and Settings\India.paul\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\India.paul\Application Data\Identities
C:\Documents and Settings\India.paul\Application Data\Intervideo
C:\Documents and Settings\India.paul\Application Data\Macromedia
C:\Documents and Settings\India.paul\Application Data\Microsoft
C:\Documents and Settings\India.paul\Application Data\Real
C:\Documents and Settings\India.paul\Application Data\Sun
C:\Documents and Settings\India.paul\Application Data\Tuxpaint
C:\Documents and Settings\India.paul\Application Data\Versiontracker Pro
C:\Documents and Settings\Jackie\Application Data\Macromedia
C:\Documents and Settings\Jackie\Application Data\Microsoft
C:\Documents and Settings\Jackie\Application Data\Real
C:\Documents and Settings\Jackie.paul\Application Data\Avg7
C:\Documents and Settings\Jackie.paul\Application Data\Identities
C:\Documents and Settings\Jackie.paul\Application Data\Macromedia
C:\Documents and Settings\Jackie.paul\Application Data\Microsoft
C:\Documents and Settings\Jackie.paul\Application Data\Real
C:\Documents and Settings\Jackie.paul\Application Data\Sun
C:\Documents and Settings\Jackie.paul\Application Data\Symantec
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Pauls\Application Data\Macromedia
C:\Documents and Settings\Pauls\Application Data\Microsoft
C:\Documents and Settings\Pauls\Application Data\Real
C:\Documents and Settings\Pauls.paul\Application Data\Adobe
C:\Documents and Settings\Pauls.paul\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Pauls.paul\Application Data\Arcsoft
C:\Documents and Settings\Pauls.paul\Application Data\Avg7
C:\Documents and Settings\Pauls.paul\Application Data\Azureus
C:\Documents and Settings\Pauls.paul\Application Data\Bamzooki
C:\Documents and Settings\Pauls.paul\Application Data\Bittorrent
C:\Documents and Settings\Pauls.paul\Application Data\Chin Move -- EMPTY Directory
C:\Documents and Settings\Pauls.paul\Application Data\Google
C:\Documents and Settings\Pauls.paul\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Pauls.paul\Application Data\Identities
C:\Documents and Settings\Pauls.paul\Application Data\Intervideo
C:\Documents and Settings\Pauls.paul\Application Data\Lavasoft
C:\Documents and Settings\Pauls.paul\Application Data\Leadertech
C:\Documents and Settings\Pauls.paul\Application Data\Limewire
C:\Documents and Settings\Pauls.paul\Application Data\Macromedia
C:\Documents and Settings\Pauls.paul\Application Data\Microsoft
C:\Documents and Settings\Pauls.paul\Application Data\Msninstaller
C:\Documents and Settings\Pauls.paul\Application Data\Musicmatch
C:\Documents and Settings\Pauls.paul\Application Data\My Battle For Middle-earth Files
C:\Documents and Settings\Pauls.paul\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\Pauls.paul\Application Data\Real
C:\Documents and Settings\Pauls.paul\Application Data\Steinberg
C:\Documents and Settings\Pauls.paul\Application Data\Sun
C:\Documents and Settings\Pauls.paul\Application Data\Symantec
C:\Documents and Settings\Pauls.paul\Application Data\Template
C:\Documents and Settings\Pauls.paul\Application Data\Tuxpaint
C:\Documents and Settings\Pauls.paul\Application Data\Versiontracker Pro
C:\Documents and Settings\Pauls.paul\Application Data\Vso -- EMPTY Directory
C:\Documents and Settings\Pauls.paul\Application Data\Windows Live Safety Center


=====================================================


Logfile created on: 04/02/2007 20:06:51
WinPFind2 by OldTimer - Version 1.0.15 Folder = C:\Documents and Settings\Pauls.PAUL\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)


< All Processes >
\systemroot\system32\smss.exe - (Microsoft Corporation )
\??\c:\windows\system32\csrss.exe - (Microsoft Corporation )
\??\c:\windows\system32\winlogon.exe - (Microsoft Corporation )
c:\windows\system32\services.exe - (Microsoft Corporation )
c:\windows\system32\lsass.exe - (Microsoft Corporation )
c:\windows\system32\ati2evxx.exe - ( )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] - (Microsoft Corporation )
(DcomLaunch) C:\WINDOWS\system32\rpcss.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
(TermService) C:\WINDOWS\System32\termsrv.dll - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] - (Microsoft Corporation )
(RpcSs) C:\WINDOWS\system32\rpcss.dll - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] - (Microsoft Corporation )
(AppMgmt) C:\WINDOWS\System32\appmgmts.dll - (File not found))
(AudioSrv) C:\WINDOWS\System32\audiosrv.dll - (Microsoft Corporation )
(BITS) C:\WINDOWS\system32\qmgr.dll - (Microsoft Corporation )
(Browser) C:\WINDOWS\System32\browser.dll - (Microsoft Corporation )
(CryptSvc) C:\WINDOWS\System32\cryptsvc.dll - (Microsoft Corporation )
(Dhcp) C:\WINDOWS\System32\dhcpcsvc.dll - (Microsoft Corporation )
(dmserver) C:\WINDOWS\System32\dmserver.dll - (Microsoft Corp. )
(ERSvc) C:\WINDOWS\System32\ersvc.dll - (Microsoft Corporation )
(EventSystem) C:\WINDOWS\system32\es.dll - (Microsoft Corporation )
(FastUserSwitchingCompatibility) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(helpsvc) %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - (File not found))
(HidServ) C:\WINDOWS\System32\hidserv.dll - (File not found))
(lanmanserver) C:\WINDOWS\System32\srvsvc.dll - (Microsoft Corporation )
(lanmanworkstation) C:\WINDOWS\System32\wkssvc.dll - (Microsoft Corporation )
(Messenger) C:\WINDOWS\System32\msgsvc.dll - (Microsoft Corporation )
(Netman) C:\WINDOWS\System32\netman.dll - (Microsoft Corporation )
(Nla) C:\WINDOWS\System32\mswsock.dll - (Microsoft Corporation )
(NtmsSvc) C:\WINDOWS\system32\ntmssvc.dll - (Microsoft Corporation )
(RasAuto) C:\WINDOWS\System32\rasauto.dll - (Microsoft Corporation )
(RasMan) C:\WINDOWS\System32\rasmans.dll - (Microsoft Corporation )
(RemoteAccess) C:\WINDOWS\System32\mprdim.dll - (Microsoft Corporation )
(Schedule) C:\WINDOWS\system32\schedsvc.dll - (Microsoft Corporation )
(seclogon) C:\WINDOWS\System32\seclogon.dll - (Microsoft Corporation )
(SENS) C:\WINDOWS\system32\sens.dll - (Microsoft Corporation )
(SharedAccess) C:\WINDOWS\System32\ipnathlp.dll - (Microsoft Corporation )
(ShellHWDetection) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(srservice) C:\WINDOWS\system32\srsvc.dll - (Microsoft Corporation )
(TapiSrv) C:\WINDOWS\System32\tapisrv.dll - (Microsoft Corporation )
(Themes) C:\WINDOWS\System32\shsvcs.dll - (Microsoft Corporation )
(TrkWks) C:\WINDOWS\system32\trkwks.dll - (Microsoft Corporation )
(W32Time) C:\WINDOWS\system32\w32time.dll - (Microsoft Corporation )
(winmgmt) C:\WINDOWS\system32\wbem\WMIsvc.dll - (Microsoft Corporation )
(WmdmPmSN) C:\WINDOWS\system32\MsPMSNSv.dll - (Microsoft Corporation )
(wscsvc) C:\WINDOWS\system32\wscsvc.dll - (Microsoft Corporation )
(wuauserv) C:\WINDOWS\system32\wuauserv.dll - (Microsoft Corporation )
(WZCSVC) C:\WINDOWS\System32\wzcsvc.dll - (Microsoft Corporation )
(xmlprov) C:\WINDOWS\System32\xmlprov.dll - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] - (Microsoft Corporation )
(Dnscache) C:\WINDOWS\System32\dnsrslvr.dll - (Microsoft Corporation )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] - (Microsoft Corporation )
(Alerter) C:\WINDOWS\system32\alrsvc.dll - (Microsoft Corporation )
(LmHosts) C:\WINDOWS\System32\lmhsvc.dll - (Microsoft Corporation )
(SSDPSRV) C:\WINDOWS\System32\ssdpsrv.dll - (Microsoft Corporation )
(upnphost) C:\WINDOWS\System32\upnphost.dll - (Microsoft Corporation )
(WebClient) C:\WINDOWS\System32\webclnt.dll - (Microsoft Corporation )
c:\windows\system32\spoolsv.exe - (Microsoft Corporation )
c:\program files\adobe\photoshop elements 4.0\photoshopelementsfileagent.exe - ( )
c:\progra~1\grisoft\avg7\avgamsvr.exe - (GRISOFT, s.r.o. )
c:\progra~1\grisoft\avg7\avgupsvc.exe - (GRISOFT, s.r.o. )
c:\progra~1\grisoft\avg7\avgemc.exe - (GRISOFT, s.r.o. )
c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe - (Computer Associates )
c:\program files\analog devices\soundmax\smagent.exe - (Analog Devices, Inc. )
c:\windows\system32\svchost.exe [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] - (Microsoft Corporation )
(stisvc) C:\WINDOWS\system32\wiaservc.dll - (Microsoft Corporation )
c:\windows\system32\wdfmgr.exe - (Microsoft Corporation )
c:\windows\system32\alg.exe - (Microsoft Corporation )
c:\windows\system32\ati2evxx.exe - ( )
c:\windows\explorer.exe - (Microsoft Corporation )
c:\program files\common files\real\update_ob\realsched.exe - (RealNetworks, Inc. )
c:\program files\java\jre1.5.0_05\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\windows\system32\carpserv.exe - (Conexant Systems )
c:\program files\ati technologies\ati control panel\atiptaxx.exe - (ATI Technologies, Inc. )
c:\program files\analog devices\soundmax\smtray.exe - (Analog Devices, Inc. )
c:\program files\quicktime\qttask.exe - (Apple Computer, Inc. )
c:\program files\d-tools\daemon.exe - (DAEMON'S HOME )
c:\program files\adobe\photoshop elements 4.0\apdproxy.exe - (Adobe Systems Incorporated )
c:\progra~1\grisoft\avg7\avgcc.exe - (GRISOFT, s.r.o. )
c:\windows\vm303_sti.exe - (Vimicro )
c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe - (Musicmatch, Inc. )
c:\program files\siber systems\ai roboform\robotaskbaricon.exe - (Siber Systems )
c:\program files\pinnacle\shared files\instantcddvd\pcletray.exe - (Pinnacle Systems )
c:\windows\system32\ctfmon.exe - (Microsoft Corporation )
c:\program files\intervideo\common\bin\wincinemamgr.exe - (InterVideo Inc. )
c:\program files\outlook express\msimn.exe - (Microsoft Corporation )
c:\program files\internet explorer\iexplore.exe - (Microsoft Corporation )
c:\documents and settings\pauls.paul\my documents\misc\nolop.exe - (PunkTools )
c:\windows\system32\notepad.exe - (Microsoft Corporation )
c:\windows\system32\notepad.exe - (Microsoft Corporation )
c:\documents and settings\pauls.paul\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://go.microsoft....k/?LinkId=69157
HKLM->Main\\Search Page - http://go.microsoft....k/?LinkId=54896
HKLM->Main\\Default_Page_URL - http://go.microsoft....k/?LinkId=69157
HKLM->Main\\Default_Search_URL - http://go.microsoft....k/?LinkId=54896
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Search Page -
HKCU->Main\\Local Page - C:\WINDOWS\system32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm
HKLM->Search\\SearchAssistant - http://www.google.com/ie
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0

[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{53707962-6F74-2D53-2644-206D7942484F} - Reg Data - Value does not exist = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited )
{724d43a9-0d85-11d4-9908-00400523e39a} - Reg Data - Value does not exist = C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems )
{8B50176C-DD6E-4C14-A603-727A859337CD} - Reg Data - Key not found = Reg Data - Key not found (File not found)

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm = C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found = Reg Data - Key not found (File not found)
ShellBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} - &RoboForm = C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems )
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found = Reg Data - Key not found (File not found)
WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} - &RoboForm = C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems )

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8197 - Sun Java Console
{320AF880-6646-11D3-ABEE-C5DBF3571F46} - 8194 - Fill Forms &]
{320AF880-6646-11D3-ABEE-C5DBF3571F49} - 8195 - Save Forms &[
{724d43aa-0d85-11d4-9908-00400523e39a} - 8196 - RoboForm Toolbar &R
{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8192 - Reg Data - Value does not exist
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 - Windows Messenger
NextId - 8198

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll (Sun Microsystems, Inc. )
{320AF880-6646-11D3-ABEE-C5DBF3571F46} - ButtonText: Fill Forms = file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (File not found)
{320AF880-6646-11D3-ABEE-C5DBF3571F49} - ButtonText: Save = file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (File not found)
{724d43aa-0d85-11d4-9908-00400523e39a} - ButtonText: RoboForm = file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (File not found)
{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research = Reg Data - Value does not exist (File not found)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - ButtonText: PartyPoker.com = C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (File not found)
{e2e2dd38-d088-4134-82b7-f2ba38496583} - MenuText: @xpsp3res.dll,-20001 = Reg Data - Key not found (File not found)
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )

[HKCU-> Internet Explorer Menu Extensions]
Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html (File not found)
E&xport to Microsoft Excel - res://C:\PROGRA~1\MID14E~1\OFFICE11\EXCEL.EXE/3000 (File not found)
Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (File not found)
RoboForm Toolbar &R - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (File not found)
Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (File not found)

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data - Key not found (File not found)
{0561EC90-CE54-4f0c-9C55-E226110A740C} - Haali Column Provider = C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll ( )
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data - Key not found (File not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = Reg Data - Key not found (File not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data - Key not found (File not found)
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data - Key not found (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data - Key not found (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc. )
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} - PowerISO = Reg Data - Key not found (File not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. )
{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ( )
{DCED20BE-3645-11D4-BC95-00C04F0E0588} - InoShell = C:\Program Files\CA\eTrust Antivirus\InoShell.dll (File not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealOne Player\rpshellext.dll (RealNetworks )
{F5D92341-0A64-11D0-9956-0000E8096023} - CD Copy Shell Extension = C:\WINDOWS\system32\Shellext\CDWshext.dll (Pinnacle Systems, Inc. )
{F5D92342-0A64-11D0-9956-0000E8096023} - CD Wizard Shell Extension = C:\WINDOWS\system32\Shellext\CDWshext.dll (Pinnacle Systems, Inc. )
{F5D92344-0A64-11D0-9956-0000E8096023} - InstantWrite Shellextension = C:\WINDOWS\system32\ShellExt\iwshex.dll (VOB Computersysteme GmbH )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. )
* - InoShell - {DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Program Files\CA\eTrust Antivirus\InoShell.dll (File not found)
* - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
AllFilesystemObjects - Copy To - Reg Data - Value does not exist = Reg Data - Key not found (File not found)
AllFilesystemObjects - Move To - Reg Data - Value does not exist = Reg Data - Key not found (File not found)
Directory - InoShell - {DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Program Files\CA\eTrust Antivirus\InoShell.dll (File not found)
Directory - PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = Reg Data - Key not found (File not found)
Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )
Folder - AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o. )
Folder - PowerISO - {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = Reg Data - Key not found (File not found)
Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ( )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]
Folder - {0561EC90-CE54-4f0c-9C55-E226110A740C} - Haali Column Provider = C:\Program Files\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll ( )
Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINDOWS\system32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - %SystemRoot%\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\Adobe Photo Downloader - "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" (Adobe Systems Incorporated )
HKLM->Run\\ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc. )
HKLM->Run\\AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o. )
HKLM->Run\\BigDog303 - C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) (Vimicro )
HKLM->Run\\CARPService - carpserv.exe (Conexant Systems )
HKLM->Run\\DAEMON Tools-1033 - "C:\Program Files\D-Tools\daemon.exe" -lang 1033 (DAEMON'S HOME )
HKLM->Run\\KernelFaultCheck - %systemroot%\system32\dumprep 0 -k (File not found)
HKLM->Run\\MMTray - "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" (Musicmatch, Inc. )
HKLM->Run\\PinnacleDriverCheck - C:\WINDOWS\system32\PSDrvCheck.exe ( )
HKLM->Run\\Ptipbmf - rundll32.exe ptipbmf.dll,SetWriteCacheMode (Microsoft Corporation )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\Smapp - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc. )
HKLM->Run\\SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc. )
HKLM->Run\\TkBellExe - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc. )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\Build Amok - C:\DOCUME~1\PAULS~1.PAU\APPLIC~1\CHINMO~1\corn trust axis.exe (File not found)
HKCU->Run\\ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation )
HKCU->Run\\InstantTray - C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe (Pinnacle Systems )
HKCU->Run\\RoboForm - "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (Siber Systems )

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]
AppInit_DLL - (File not found)

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;

[PendingFileRenameOperations]

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]
StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk - Winter Fun Wallpaper Changer = C:\WINDOWS\Installer\{038A524F-58DB-438A-8391-8F7F0CA14B9E}\Icon038A524F.exe ( )
StartUpFolder\C:^Documents and Settings^Pauls.PAUL^Start Menu^Programs^Startup^BitTorrent.lnk - BitTorrent = C:\PROGRA~1\BITTOR~1\BITTOR~1.EXE ( )
StartUpReg\BitTorrent - bittorrent = "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized ( )
StartUpReg\Build Amok - corn trust axis = C:\DOCUME~1\PAULS~1.PAU\APPLIC~1\CHINMO~1\corn trust axis.exe (File not found)
StartUpReg\EA Core - Core = C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent (File not found)
StartUpReg\InCD - InCD = C:\Program Files\Ahead\InCD\InCD.exe ( )
StartUpReg\IW_Drop_Icon - iwctrl = C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc (VOB Computersysteme GmbH )
StartUpReg\License Manager - license_manager = "C:\Program Files\License_Manager\license_manager.exe " /silent (File not found)
StartUpReg\mmtask - mmtask = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" (Musicmatch Inc. )
StartUpReg\MMTray - mm_tray = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" (Musicmatch, Inc. )
StartUpReg\MSMSGS - msmsgs = "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation )
StartUpReg\MsnMsgr - msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation )
StartUpReg\PWRISOVM.EXE - PWRISOVM = C:\Program Files\PowerISO\PWRISOVM.EXE (File not found)
StartUpReg\the mpeg platform hold - cdromnoun = C:\Documents and Settings\All Users\Application Data\WaitRefTheMpeg\cdromnoun.exe ( )

[>> User Agent Post Platform <<]

[>> Winlogon <<]
HMLM->AltDefaultDomainName - PAUL
HMLM->AltDefaultUserName - Pauls
HMLM->AutoAdminLogon - Reg Data - Value does not exist
HMLM->DefaultDomainName - PAUL
HMLM->DefaultUserName - Pauls
HKLM->Shell - Explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\AtiExtEvent - Ati2evxx.dll ( )
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{49C43142-8171-49A5-9EDF-042A89D826D9} - (Voyager 205 ADSL Router)
{53A5A395-FAF4-49B5-8BEB-FB179400179F} - ()
{7BAEC9BE-D6A2-4BA4-A585-2912552CFC8E} - (1394 Net Adapter)
{F5DE3871-FC18-4312-BB3D-E12EC6B1B571} - (Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller)

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 (Tcpip) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 (NTDS) - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 (Network Location Awareness (NLA) Namespace) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found)
msdaipp - (File not found)

[>> Protocol Filters (Non-Microsoft only) <<]

< All Services >
61883 Unit Device (61883) - system32\DRIVERS\61883.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Abiosdsk (Abiosdsk) - (File not found)) [Disabled - Stopped - Kernel driver]
abp480n5 (abp480n5) - \SystemRoot\system32\DRIVERS\ABP480N5.SYS (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Microsoft ACPI Driver (ACPI) - \SystemRoot\system32\DRIVERS\ACPI.sys (Microsoft Corporation ) [ - Running - Kernel driver]
ACPIEC (ACPIEC) - (File not found)) [Disabled - Stopped - Kernel driver]
Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ( ) [Automatic - Running - Win32, running in it's own process]
adpu160m (adpu160m) - \SystemRoot\system32\DRIVERS\adpu160m.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
aeaudio (aeaudio) - system32\drivers\aeaudio.sys (Andrea Electronics Corporation ) [On Demand - Running - Kernel driver]
Microsoft Kernel Acoustic Echo Canceller (aec) - system32\drivers\aec.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
AFD (AFD) - \SystemRoot\System32\drivers\afd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Intel AGP Bus Filter (agp440) - \SystemRoot\system32\DRIVERS\agp440.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Compaq AGP Bus Filter (agpCPQ) - \SystemRoot\system32\DRIVERS\agpCPQ.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Aha154x (Aha154x) - \SystemRoot\system32\DRIVERS\aha154x.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
aic78u2 (aic78u2) - \SystemRoot\system32\DRIVERS\aic78u2.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
aic78xx (aic78xx) - \SystemRoot\system32\DRIVERS\aic78xx.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Alerter (Alerter) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Application Layer Gateway Service (ALG) - C:\WINDOWS\System32\alg.exe (Microsoft Corporation ) [On Demand - Running - Win32, running in it's own process]
AliIde (AliIde) - \SystemRoot\system32\DRIVERS\aliide.sys (Acer Laboratories Inc. ) [Disabled - Stopped - Kernel driver]
ALI AGP Bus Filter (alim1541) - \SystemRoot\system32\DRIVERS\alim1541.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
AMD AGP Bus Filter Driver (amdagp) - \SystemRoot\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc. ) [Disabled - Stopped - Kernel driver]
amsint (amsint) - \SystemRoot\system32\DRIVERS\amsint.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Amsmpu4p (Amsmpu4p) - \??\C:\DOCUME~1\PAULS~1.PAU\LOCALS~1\Temp\Amsmpu4p.sys (File not found)) [On Demand - Stopped - Kernel driver]
Application Management (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
1394 ARP Client Protocol (Arp1394) - system32\DRIVERS\arp1394.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
ASAPIW2K (ASAPIW2k) - System32\Drivers\ASAPIW2K.sys (Pinnacle Systems GmbH ) [On Demand - Running - Kernel driver]
asc (asc) - \SystemRoot\system32\DRIVERS\asc.sys (Advanced System Products, Inc. ) [Disabled - Stopped - Kernel driver]
asc3350p (asc3350p) - \SystemRoot\system32\DRIVERS\asc3350p.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
asc3550 (asc3550) - \SystemRoot\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc. ) [Disabled - Stopped - Kernel driver]
ASPI32 (ASPI32) - (File not found)) [ - Running - Kernel driver]
ASP.NET State Service (aspnet_state) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
RAS Asynchronous Media Driver (AsyncMac) - system32\DRIVERS\asyncmac.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Standard IDE/ESDI Hard Disk Controller (atapi) - \SystemRoot\system32\DRIVERS\atapi.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Atdisk (Atdisk) - (File not found)) [Disabled - Stopped - Kernel driver]
Ati HotKey Poller (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe ( ) [Automatic - Running - Win32, running in it's own process]
ATI Smart (ATI Smart) - C:\WINDOWS\system32\ati2sgag.exe ( ) [Automatic - Stopped - Win32, running in it's own process]
ati2mtag (ati2mtag) - system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc. ) [On Demand - Running - Kernel driver]
ATM ARP Client Protocol (Atmarpc) - system32\DRIVERS\atmarpc.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Audio Stub Driver (audstub) - system32\DRIVERS\audstub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
AVC Device (Avc) - system32\DRIVERS\avc.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
AVG7 Alert Manager Server (Avg7Alrt) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
AVG7 Kernel (Avg7Core) - \SystemRoot\System32\Drivers\avg7core.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver]
AVG7 Wrap Driver (Avg7RsW) - \SystemRoot\System32\Drivers\avg7rsw.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver]
AVG7 Resident Driver XP (Avg7RsXP) - \SystemRoot\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver]
AVG7 Update Service (Avg7UpdSvc) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
AVG7 Clean Driver (AvgClean) - \SystemRoot\system32\drivers\avgclean.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver]
AVG E-mail Scanner (AVGEMS) - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (GRISOFT, s.r.o. ) [Automatic - Running - Win32, running in it's own process]
AVG Network Redirector (AvgTdi) - \SystemRoot\System32\Drivers\avgtdi.sys (GRISOFT, s.r.o. ) [Automatic - Running - Kernel driver]
Beep (Beep) - (File not found)) [ - Running - Kernel driver]
Background Intelligent Transfer Service (BITS) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Computer Browser (Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Stopped - Win32, running in a shared process]
InCD Storage Helper Driver (BsStor) - \SystemRoot\System32\DRIVERS\bsstor.sys (B.H.A Co.,Ltd. ) [ - Running - Kernel driver]
InCD UDF Driver (BsUDF) - (File not found)) [Disabled - Stopped - Filesystem driver]
CA License Client (CA_LIC_CLNT) - "C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe" (Computer Associates ) [On Demand - Stopped - Win32, running in it's own process]
CA License Server (CA_LIC_SRVR) - "C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" (Computer Associates ) [On Demand - Stopped - Win32, running in it's own process]
cbidf (cbidf) - \SystemRoot\system32\DRIVERS\cbidf2k.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
cbidf2k (cbidf2k) - (File not found)) [Disabled - Stopped - Kernel driver]
Closed Caption Decoder (CCDECODE) - system32\DRIVERS\CCDECODE.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
cd20xrnt (cd20xrnt) - \SystemRoot\system32\DRIVERS\cd20xrnt.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Cdaudio (Cdaudio) - (File not found)) [ - Stopped - Kernel driver]
Cdfs (Cdfs) - (File not found)) [Disabled - Running - Filesystem driver]
Cdrdrv (cdrdrv) - System32\Drivers\Cdrdrv.sys (VOB Computersysteme GmbH ) [On Demand - Running - Kernel driver]
CD-ROM Driver (Cdrom) - system32\DRIVERS\cdrom.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Changer (Changer) - (File not found)) [ - Stopped - Kernel driver]
Indexing Service (CiSvc) - C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in it's own process]
CmdIde (CmdIde) - \SystemRoot\system32\DRIVERS\cmdide.sys (CMD Technology, Inc. ) [Disabled - Stopped - Kernel driver]
COM+ System Application (COMSysApp) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Cpqarray (Cpqarray) - \SystemRoot\system32\DRIVERS\cpqarray.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Cryptographic Services (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
d347bus (d347bus) - \SystemRoot\system32\DRIVERS\d347bus.sys ( ) [ - Running - Kernel driver]
d347prt (d347prt) - \SystemRoot\System32\Drivers\d347prt.sys ( ) [ - Running - Kernel driver]
dac2w2k (dac2w2k) - \SystemRoot\system32\DRIVERS\dac2w2k.sys (Mylex Corporation ) [Disabled - Stopped - Kernel driver]
dac960nt (dac960nt) - \SystemRoot\system32\DRIVERS\dac960nt.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Dual-Mode DSC(2770) (DCamUSBSQTECH) - System32\Drivers\SQcaptur.sys (Service & Quality Technology. ) [On Demand - Stopped - Kernel driver]
DCOM Server Process Launcher (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
DHCP Client (Dhcp) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Disk Driver (Disk) - \SystemRoot\system32\DRIVERS\disk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Logical Disk Manager Administrative Service (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com (Microsoft Corp., Veritas Software ) [On Demand - Stopped - Win32, running in a shared process]
dmboot (dmboot) - System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software ) [Disabled - Stopped - Kernel driver]
dmio (dmio) - System32\drivers\dmio.sys (Microsoft Corp., Veritas Software ) [Disabled - Stopped - Kernel driver]
dmload (dmload) - System32\drivers\dmload.sys (Microsoft Corp., Veritas Software. ) [Disabled - Stopped - Kernel driver]
Logical Disk Manager (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Microsoft Kernel DLS Syntheiszer (DMusic) - system32\drivers\DMusic.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
DNS Client (Dnscache) - C:\WINDOWS\system32\svchost.exe -k NetworkService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
dpti2o (dpti2o) - \SystemRoot\system32\DRIVERS\dpti2o.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
Microsoft Kernel DRM Audio Descrambler (drmkaud) - system32\drivers\drmkaud.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
ENTECH (ENTECH) - \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS (EnTech Taiwan ) [On Demand - Stopped - Kernel driver]
Error Reporting Service (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Event Log (Eventlog) - C:\WINDOWS\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
COM+ Event System (EventSystem) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Fastfat (Fastfat) - (File not found)) [Disabled - Running - Filesystem driver]
fasttx2k (fasttx2k) - \SystemRoot\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc. ) [ - Running - Kernel driver]
Fast User Switching Compatibility (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Fax (Fax) - C:\WINDOWS\system32\fxssvc.exe (Microsoft Corporation ) [Automatic - Stopped - Win32, running in it's own process]
Floppy Disk Controller Driver (Fdc) - system32\DRIVERS\fdc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Fips (Fips) - (File not found)) [ - Running - Kernel driver]
Floppy Disk Driver (Flpydisk) - system32\DRIVERS\flpydisk.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
FltMgr (FltMgr) - \SystemRoot\system32\DRIVERS\fltMgr.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Volume Manager Driver (Ftdisk) - \SystemRoot\system32\DRIVERS\ftdisk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms (gagp30kx) - \SystemRoot\system32\DRIVERS\gagp30kx.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Generic Packet Classifier (Gpc) - system32\DRIVERS\msgpc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Help and Support (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Human Interface Device Access (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Microsoft HID Class Driver (HidUsb) - system32\DRIVERS\hidusb.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
hpn (hpn) - \SystemRoot\system32\DRIVERS\hpn.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
HSFHWBS2 (HSFHWBS2) - system32\DRIVERS\HSFHWBS2.sys (Conexant Systems ) [On Demand - Running - Kernel driver]
HSF_DP (HSF_DP) - system32\DRIVERS\HSF_DP.sys (Conexant Systems ) [On Demand - Running - Kernel driver]
HTTP (HTTP) - System32\Drivers\HTTP.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
i2omgmt (i2omgmt) - (File not found)) [ - Running - Kernel driver]
i2omp (i2omp) - \SystemRoot\system32\DRIVERS\i2omp.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
i8042 Keyboard and PS/2 Mouse Port Driver (i8042prt) - system32\DRIVERS\i8042prt.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Voyager 205 ADSL Router (iadusb) - system32\DRIVERS\glauiad.sys (GlobespanVirata Inc. ) [On Demand - Stopped - Kernel driver]
Intel AHCI Controller (iaStor) - \SystemRoot\system32\DRIVERS\iaStor.sys (Intel Corporation ) [Disabled - Stopped - Kernel driver]
InstallDriver Table Manager (IDriverT) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (Macrovision Corporation ) [On Demand - Stopped - Win32, running in it's own process]
CD-Burning Filter Driver (Imapi) - system32\DRIVERS\imapi.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IMAPI CD-Burning COM Service (ImapiService) - C:\WINDOWS\system32\imapi.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
InCD EasyWrite Reader (incdrm) - (File not found)) [ - Running - Kernel driver]
ini910u (ini910u) - \SystemRoot\system32\DRIVERS\ini910u.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
IntelIde (IntelIde) - \SystemRoot\system32\DRIVERS\intelide.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
IPv6 Windows Firewall Driver (Ip6Fw) - system32\DRIVERS\Ip6Fw.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP Traffic Filter Driver (IpFilterDriver) - system32\DRIVERS\ipfltdrv.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP in IP Tunnel Driver (IpInIp) - system32\DRIVERS\ipinip.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP Network Address Translator (IpNat) - system32\DRIVERS\ipnat.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
IPSEC driver (IPSec) - system32\DRIVERS\ipsec.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IR Enumerator Service (IRENUM) - system32\DRIVERS\irenum.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
PnP ISA/EISA Bus Driver (isapnp) - \SystemRoot\system32\DRIVERS\isapnp.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Keyboard Class Driver (Kbdclass) - system32\DRIVERS\kbdclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Microsoft Kernel Wave Audio Mixer (kmixer) - system32\drivers\kmixer.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
KSecDD (KSecDD) - (File not found)) [ - Running - Kernel driver]
Server (lanmanserver) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Workstation (lanmanworkstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
lbrtfdc (lbrtfdc) - (File not found)) [ - Stopped - Kernel driver]
TCP/IP NetBIOS Helper (LmHosts) - C:\WINDOWS\system32\svchost.exe -k LocalService (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Event Log Watch (LogWatch) - "C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" (Computer Associates ) [Automatic - Running - Win32, running in it's own process]
mdmxsdk (mdmxsdk) - system32\DRIVERS\mdmxsdk.sys (Conexant ) [Automatic - Running - Kernel driver]
Messenger (Messenger) - C:\WINDOWS\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
mnmdd (mnmdd) - (File not found)) [ - Running - Kernel driver]
NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Modem (Modem) - (File not found)) [On Demand - Running - Kernel driver]
Unimodem Streaming Filter Device (MODEMCSA) - system32\drivers\MODEMCSA.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Mouse Class Driver (Mouclass) - system32\DRIVERS\mouclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Mouse HID Driver (mouhid) - system32\DRIVERS\mouhid.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
MountMgr (MountMgr) - (File not found)) [ - Running - Kernel driver]
mraid35x (mraid35x) - \SystemRoot\system32\DRIVERS\mraid35x.sys (American Megatrends Inc. ) [Disabled - Stopped - Kernel driver]
WebDav Client Redirector (MRxDAV) - system32\DRIVERS\mrxdav.sys (Microsoft Corporation ) [On Demand - Running - Filesystem driver]
MRXSMB (MRxSmb) - system32\DRIVERS\mrxsmb.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's o

Edited by musntgrumble, 04 February 2007 - 02:19 PM.

  • 0

#6
Kenny94

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
Hello musntgrumble

Please read "ALL" of the instructions before proceeding:


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly. You will do that later in safe mode.

Next, Copy everything inside the quote box below (starting with @) and paste it into notepad. Go up to "File > Save As", click the drop-down box to change the "Save As Type" to "All Files". Save it as Delete.bat on your desktop.

@Echo off
attrib -s -r -h "C:\Documents and Settings\All Users\Application Data\Waitrefthempeg*.*"
rd /q /s "C:\Documents and Settings\All Users\Application Data\Waitrefthempeg"
attrib -s -r -h "C:\Documents and Settings\Pauls.paul\Application Data\Chin Move\*.*"
rd /q /s "C:\Documents and Settings\Pauls.paul\Application Data\Chin Move"
attrib -s -r -h "C:\Program Files\PartyGaming\*.*"
rd /q /s "C:\Program Files\PartyGaming"
quit


Locate Delete.bat file on your Desktop and double-click on it

A DOS box should open and close quickly, this is normal.


Next, open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Build Amok"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Msconfig\startupreg\Build Amok]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\Msconfig\startupreg\the mpeg platform hold]


Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.


Reboot when done! Really important!


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.(if present):

O2 - BHO: (no name) - {8B50176C-DD6E-4C14-A603-727A859337CD} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.


LimeWire is another P2P applications. LimeWire is not adware, but Limewire is the biggest crap magnet around. I would remove it as you did with BitGrabber.


Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):
LimeWire 4.9.37
Party Gaming



Now lets run AVG Anti-Spyware in safe mode.

IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning proccess:
  • Launch AVG AntiSpyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG AntiSpyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your desktop (This is important)
  • Close AVG AntiSpyware and reboot your system back into Normal Mode.
In your next reply, please include these log(s):

* AVG AntiSpyware Report
* HijackThis log (new)


Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.
  • 0

#7
musntgrumble

musntgrumble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi

I have the full version of AVG installed. How do i follow the instructions below? They dont
seem to be on the full version.

thanks



=========================================================
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"
============================================================
  • 0

#8
Kenny94

Kenny94

    Member 1K

  • Member
  • PipPipPipPip
  • 1,595 posts
How we talking about AVG Anti-Spyware not AVG Anti-Virus. Please see attach.

Attached Thumbnails

  • Avg.JPG

  • 0

#9
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP