Ran the free AVG and it didn't find anything.
Internet Explorer Properties:General Tab:
Type of file: Application
Description: Internet Explorer
Location: C:\Program Files\Internet Explorer
Size: 91.0 KB (93,184 bytes)
Size on disk: 92.0 KB (94,208 bytes)
Created: Saturday, January 24, 2004, 1:56:23 PM
Modified: Wednesday, August 04, 2004, 3:56:50 AM
Accessed: Today, July 13, 2005, 11:33:15 PM
Attributes: Read-only and hidden both unchecked
Version Tab:
File version: 6.0.2900.2180
Description: Internet Explorer
Copyright: © Microsoft Corporation. All rights reserved.
Other version informationCompany: Microsoft Corporation
File Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Internal Name: iexplore
Language: English (United States)
Original File Name: iexplore.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 6.00.2900.2180
Compatibility Tab:
Everything grayed out
Summary Tab:
Nothing filled in.
"Silent Runners.vbs", revision 39,
http://www.silentrunners.org/Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"wmvtsr" = "C:\WINDOWS\system32\wmvtsr.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{E76568E0-C231-11D3-B155-0090961B771E}" = "Shell Extension for Virus Chaser"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Virus Chaser\Shellexe.dll" ["New Technology Wave Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
VcrShellExtMenu\(Default) = "{E76568E0-C231-11D3-B155-0090961B771E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Virus Chaser\Shellexe.dll" ["New Technology Wave Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Phill\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{0E17D5B7-9F5D-4FEE-9DF6-CA6EE38B68A8}\
"ButtonText" = "ieSpell"
"MenuText" = "ieSpell"
"Script" = "res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM" ["Red Egg Software"]
{1606D6F9-9D3B-4AEA-A025-ED5B2FD488E7}\
"MenuText" = "ieSpell Options"
"Script" = "res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM" ["Red Egg Software"]
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 39 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 12 seconds.
---------- (total run time: 73 seconds)
Panda ScanThe D2 files (diablo 2) and WOL (ra2 matching filter) were there long before this problem started occuring and I'd like to keep them.
Incident Status Location
Possible Virus. No disinfected C:\Documents and Settings\Phill\My Documents\d2 stuff\d2bundle\D2Bundle\Bots\EasySpam31a.zip[SpamConfig.exe]
Possible Virus. No disinfected C:\Documents and Settings\Phill\My Documents\Msn Received Files\WOL Matching Filter.exe
Possible Virus. No disinfected C:\Documents and Settings\Phill\My Documents\ra2\WOL Matching Filter.exe
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/WinAD No disinfected C:\Program Files\Virus Chaser\infected.!!!\MediaAccX (1).dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\banner.dll
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\biini.inf
Adware:Adware/SearchTheWeb No disinfected C:\WINDOWS\system32\Cache\mswinstall.exe
Adware:Adware/KeenValue No disinfected C:\WINDOWS\system32\drivers\etc\hosts.bho
Spyware:Spyware/XXXToolbar No disinfected C:\WINDOWS\system32\msbb\fiz1
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.008
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.bin
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmlparse.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\xmltok.dll