Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

POP UPS

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

POP UPS

Unread postby dazmug » January 15th, 2007, 8:10 am

Helllo

I have a major problem with advertising pop ups on my desktop. I am running XP home and the problem occurs on IE 7 (No problems with Mozilla)

I have set IE7 on the high setting for pop ups, have run Norton Internet 2007 scans, the latest Adaware, Spybot and Trojan hunter as advised on your website but it does not find or cure the cause of the problem.

I have run hijackthis and have posted my log file below

regards
Darren
Logfile of HijackThis v1.99.1
Scan saved at 11:57:51, on 15/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=3109
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=3109
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: Shell=
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WIN TYPE EQ PLAY] C:\Documents and Settings\All Users\Application Data\Option sign win type\IntraTons.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://itsallwatsonwatsonwatson.spaces. ... nPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/039a27c4597 ... xIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) - http://helloworlda.razorstream.com/razo ... trol40.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F90B726-6AF6-43EC-AEA5-43990BFB5932}: NameServer = 194.106.56.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{869BD662-085A-4BA2-8819-E23EB677F9E4}: NameServer = 194.106.56.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B5FA34A-C644-40CD-A6EC-1DF4AACAA0F9}: NameServer = 194.106.56.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F90B726-6AF6-43EC-AEA5-43990BFB5932}: NameServer = 194.106.56.6
O18 - Protocol: bw+0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {4BFD13D0-F4A0-4ABE-BAB9-55E3EF694AF3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
dazmug
Regular Member
 
Posts: 17
Joined: January 15th, 2007, 7:40 am
Location: Cornwall
Advertisement
Register to Remove

Unread postby askey127 » January 15th, 2007, 9:56 am

Hi dazmug,
Reviewing you log. Be right back.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby askey127 » January 15th, 2007, 10:14 am

dazmug,
There are quite a few things to do here. Just take them one at a time.
-----------------------------------------------------------
Please note that as long as you're using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, Peer to Peer file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation. Additional information on the safety of Peer to Peer programs themselves is here : http://p2p.malwareremoval.com/

We need to first disable a couple of programs that may prevent our "FIX" from working properly.
-----------------------------------------------------------
Disable Windows Defender
Go to Start > All Programs > Windows Defender.
Click on the Tools menu, click General Settings, Scroll down to Real-Time Protection Options section and Deactivate the Real-Time Protection system.

Then, in the toolbar across the top there is a little downpointing arrow next to the question mark icon.
Click on that, get a drop down list. One of the options is to exit Windows Defender.
Click on that, and there will be a pop up asking if you are sure you want to exit. Click Yes/OK.
-----------------------------------------------------------
Disable Trojan Hunter Guard
Go to TrojanHunter Guard in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red. Right click it and select settings. Uncheck "Load at startup" and Uncheck "Enabled".
-----------------------------------------------------------
Download and install CCleaner from here.
Set Options in CCleaner and run Cleaning Scan. Open the CCleaner program.
( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck "Only delete files in Windows Temp folders older than 48 hours".
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button. Check "Only delete files in Windows Temp folders older than 48 hours".
-----------------------------------------------------------
Remove Program with CCleaner
Open CCleaner.
In the Left Pane, click Tools.
Verify that Uninstall is highlighted in color, or click on it.
Click / Highlight Desktop Messenger or Logitech Desktop Messenger
Click the Run Uninstaller button.
Wait until CCleaner shows task completion.
Exit CCleaner
-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis.
Click Scan. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/039a27c4597 ... xIE601.cab
O16 - DPF: {86425144-8E97-41D5-8BCF-302812D44692} (RazorStreamControl.CaptureControl) - http://helloworlda.razorstream.com/razo ... trol40.cab

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked.
-----------------------------------------------------------
Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs. Available from http://www.javacoolsoftware.com/spywareblaster.html
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.
-----------------------------------------------------------
Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

NEW HJT LOG

Unread postby dazmug » January 15th, 2007, 5:00 pm

I think I followed your instructions ok, hows the log looking
Regards
Darren

Logfile of HijackThis v1.99.1
Scan saved at 20:55:19, on 15/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=3109
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=3109
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: Shell=
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WIN TYPE EQ PLAY] C:\Documents and Settings\All Users\Application Data\Option sign win type\IntraTons.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://itsallwatsonwatsonwatson.spaces. ... nPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F90B726-6AF6-43EC-AEA5-43990BFB5932}: NameServer = 194.106.56.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{869BD662-085A-4BA2-8819-E23EB677F9E4}: NameServer = 194.106.56.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B5FA34A-C644-40CD-A6EC-1DF4AACAA0F9}: NameServer = 194.106.56.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F90B726-6AF6-43EC-AEA5-43990BFB5932}: NameServer = 194.106.56.6
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
dazmug
Regular Member
 
Posts: 17
Joined: January 15th, 2007, 7:40 am
Location: Cornwall

Unread postby askey127 » January 15th, 2007, 6:38 pm

dazmug,
Your system looks OK
-----------------------------------------------------------
Re-Enable Trojan Hunter Guard
Go to TrojanHunter Guard in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red.
Right click it and select settings. Check "Load at startup" and "Enabled".
-----------------------------------------------------------
Disable WinXP System Restore
Disable your System Restore to remove malware files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing them. The only way to erase these files is to temporarily disable System Restore. You will lose all previous restore points which are likely to be infected.
- Right-click My Computer, and then click Properties.
- On the System Restore tab, put a Check mark in the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
If you are not prompted to reboot, do it on your own.
-----------------------------------------------------------
After the Reboot,
Enable WinXP System Restore
- Right-click My Computer, and then click Properties.
- On the System Restore tab, Clear the Check mark beside the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
The Disable/Re-enable System Restore sequence is not to be done regularly, but only once after the removal of malware.

I think your machine should be OK. If you have any further problems or questions, feel free to ask.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

POP UPS

Unread postby dazmug » January 16th, 2007, 2:59 am

Dear Askey127

Unfortunately I am still getting the pop ups! Is there anything else I could try?

Darren
dazmug
Regular Member
 
Posts: 17
Joined: January 15th, 2007, 7:40 am
Location: Cornwall

Unread postby askey127 » January 16th, 2007, 3:55 pm

dazmug,
There's always the possibility of a rootkit. Let's check that and some additional items.
-----------------------------------------------------------
Download Blacklight Beta from here:
http://www.f-secure.com/blacklight/try_blacklight.html
* Hit I accept. It will take you to the download page.
* Download blbeta.exe and save it to the C:\
* Once saved... double click blbeta.exe to install the program.
Go to Start-->Run, copy in the following text and press Enter:
C:\blbeta.exe /expert
(space between blbeta.exe and /expert)

Accept the agreement, leave [X]scan through Windows Explorer checked.
Click > scan, Then > next
You'll see a list of all items found.
There will also be a log in C:\ with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste the contents of this log into your next reply.
-----------------------------------------------------------
Please download WinPFind2.
  • Extract the files to a folder(eg: C:\WinPFind2).
  • Double click WinPFind2.exe to start the program.
  • Click the Select All button in the File Options box of the Configuration tab(this is the tab the program opens up to by default).
  • Click the Run all Scans button.
  • When its finished scanning you will see Scans Complete! at the bottom left of the program.
  • Click the Export to Text button.
  • Notepad will open with the results of the scan and the log will be saved to the folder that you extracted the program to(C:\WinPFind2\WinPFind2.txt)
  • Post the log in your next reply please. You may need to split the log over a couple posts so that it doesn't get cut off. If so please use the [Start Post #1] and [Start Post #2] deliminators in the log to split the log up.

So we are looking for the Blacklight log and the WinPFind log in your next post.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

blacklight beta results

Unread postby dazmug » January 17th, 2007, 5:11 am

01/16/07 22:12:18 [Info]: BlackLight Engine 1.0.55 initialized
01/16/07 22:12:18 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/16/07 22:12:18 [Note]: 7019 4
01/16/07 22:12:18 [Note]: 7005 0
01/16/07 22:12:27 [Note]: 7006 0
01/16/07 22:12:27 [Note]: 7011 676
01/16/07 22:12:27 [Note]: 7026 0
01/16/07 22:12:27 [Note]: 7026 0
01/16/07 22:12:31 [Note]: FSRAW library version 1.7.1021
01/16/07 22:18:46 [Note]: 2000 1012
01/16/07 22:18:46 [Note]: 2000 1012
01/16/07 22:24:00 [Note]: 7007 0
dazmug
Regular Member
 
Posts: 17
Joined: January 15th, 2007, 7:40 am
Location: Cornwall

winpfind2 results Post#1

Unread postby dazmug » January 17th, 2007, 5:14 am

Logfile created on: 17/01/2007 09:06:25
WinPFind2 by OldTimer - Version 1.0.15 Folder = C:\Documents and Settings\Joanne\Desktop\WinPFind2\
Microsoft Windows XP (Version = Service Pack 2)
Internet Explorer (Version - 7.0.5730.11)


[Start Post #1]

Processes
Image Name---------------ProcessID--Thread Count--Parent ID--Base Priority--
#Full Path
##(Version Info)

alcwzrd.exe--------------002308-----0004----------000676-----Normal---------
#c:\windows\alcwzrd.exe
##(RealTek Semicoductor Corp. [Ver = 1.1.0.20 | Size = 2805248 bytes | Date = 04/05/2005 08:01:36 | Attr = ])

aluschedulersvc.exe------000132-----0006----------000836-----Normal---------
#c:\program files\symantec\liveupdate\aluschedulersvc.exe
##(Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Date = 02/09/2006 23:36:34 | Attr = ])

appsvc32.exe-------------001604-----0017----------000836-----Normal---------
#c:\program files\common files\symantec shared\appcore\appsvc32.exe
##(Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Date = 02/09/2006 04:33:40 | Attr = ])

ati2evxx.exe-------------001820-----0004----------000792-----Normal---------
#c:\windows\system32\ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 376832 bytes | Date = 07/06/2005 20:38:32 | Attr = ])

ati2evxx.exe-------------001000-----0004----------000836-----Normal---------
#c:\windows\system32\ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 376832 bytes | Date = 07/06/2005 20:38:32 | Attr = ])

ccapp.exe----------------002476-----0045----------000676-----Normal---------
#c:\program files\common files\symantec shared\ccapp.exe
##(Symantec Corporation [Ver = 106.1.3.3 | Size = 107112 bytes | Date = 28/11/2006 20:51:24 | Attr = ])

ccsvchst.exe-------------001472-----0063----------000836-----Normal---------
#c:\program files\common files\symantec shared\ccsvchst.exe
##(Symantec Corporation [Ver = 106.1.3.3 | Size = 107624 bytes | Date = 28/11/2006 20:51:24 | Attr = ])

googletoolbarnotifier.exe002556-----0006----------000676-----Normal---------
#c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe
##(Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Date = 14/01/2007 09:40:58 | Attr = ])

ipodservice.exe----------003184-----0012----------000836-----Normal---------
#c:\program files\ipod\bin\ipodservice.exe
##(Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Date = 30/10/2006 09:36:32 | Attr = ])

itunes.exe---------------002248-----0020----------000676-----Normal---------
#c:\program files\itunes\itunes.exe
##(Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 15338560 bytes | Date = 30/10/2006 09:36:32 | Attr = ])

ituneshelper.exe---------002408-----0004----------000676-----Normal---------
#c:\program files\itunes\ituneshelper.exe
##(Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Date = 30/10/2006 09:36:36 | Attr = ])

jusched.exe--------------002360-----0001----------000676-----Normal---------
#c:\program files\java\jre1.5.0_10\bin\jusched.exe
##(Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Date = 09/11/2006 15:07:30 | Attr = ])

khalmnpr.exe-------------000900-----0016----------000744-----Normal---------
#c:\program files\common files\logitech\khal\khalmnpr.exe
##(Logitech Inc. [Ver = 2.42.230 | Size = 28160 bytes | Date = 04/08/2005 01:42:00 | Attr = ])

limewire.exe-------------003136-----0025----------000676-----Normal---------
#c:\program files\limewire\limewire.exe
##( [Ver = | Size = 159744 bytes | Date = 22/08/2006 15:45:56 | Attr = ])

photoshopelementsdeviceconnect.exe000512-----0006----------000836-----Normal---------
#c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe
##( [Ver = | Size = 118784 bytes | Date = 20/10/2004 02:40:46 | Attr = ])

photoshopelementsfileagent.exe002020-----0007----------000836-----Normal---------
#c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
##( [Ver = | Size = 98304 bytes | Date = 20/10/2004 03:47:54 | Attr = ])

qttask.exe---------------002400-----0002----------000676-----Normal---------
#c:\program files\quicktime\qttask.exe
##(Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Date = 25/10/2006 18:58:18 | Attr = ])

realsched.exe------------002324-----0004----------000676-----Normal---------
#c:\program files\common files\real\update_ob\realsched.exe
##(RealNetworks, Inc. [Ver = 0.1.0.3018 | Size = 180269 bytes | Date = 03/09/2005 17:11:04 | Attr = ])

setpoint.exe-------------000744-----0004----------000676-----Normal---------
#c:\program files\logitech\setpoint\setpoint.exe
##(Logitech Inc. [Ver = 2.42.257 | Size = 528384 bytes | Date = 04/08/2005 01:42:00 | Attr = ])

soundman.exe-------------002284-----0002----------000676-----Normal---------
#c:\windows\soundman.exe
##(Realtek Semiconductor Corp. [Ver = 1, 0, 0, 17 | Size = 90112 bytes | Date = 03/05/2005 16:43:50 | Attr = ])

symlcsvc.exe-------------002304-----0006----------000836-----Normal---------
#c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
##(Symantec Corporation [Ver = 1.9.1.1034 | Size = 1087680 bytes | Date = 13/01/2007 19:00:48 | Attr = ])

winpfind2.exe------------004452-----0003----------000676-----Normal---------
#c:\documents and settings\joanne\desktop\winpfind2\winpfind2.exe
##(OldTimer Tools [Ver = 1.0.15.0 | Size = 397312 bytes | Date = 16/11/2006 06:07:22 | Attr = ])


Registry Entries

#Value
##(Version Info)

<<< >> Internet Explorer Settings << >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.bbc.co.uk/weather/5day.shtml?id=3109
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.google.com
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL
#http://go.microsoft.com/fwlink/?LinkId=69157
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL
#http://go.microsoft.com/fwlink/?LinkId=54896
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#%SystemRoot%\system32\blank.htm
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.bbc.co.uk/weather/5day.shtml?id=3109
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar
#http://www.google.com/ie
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.google.com
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#C:\WINDOWS\system32\blank.htm
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch
#http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant
#http://www.google.com/ie
##

HKCU\Software\Microsoft\Internet Explorer\urlSearchHooks\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
#SweetIM For Internet Explorer = C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
##(Macrogaming [Ver = 1, 0, 0, 12 | Size = 552960 bytes | Date = 12/04/2006 10:57:16 | Attr = R ])

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable
#0
##

<<< >> BHO's << >>>

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
#Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
##(Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Date = 07/06/2006 10:09:22 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
#AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
##(Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Date = 13/12/2004 23:56:50 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
#SWEETIE Class = C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
##(Macrogaming [Ver = 1, 0, 0, 12 | Size = 552960 bytes | Date = 12/04/2006 10:57:16 | Attr = R ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}
#Reg Data - Value does not exist = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
##(Symantec Corporation [Ver = 2007.1.00.133 | Size = 93400 bytes | Date = 06/09/2006 05:18:24 | Attr = R ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
# = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
##(Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Date = 31/05/2005 01:04:00 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
#SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Date = 09/11/2006 15:21:52 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
#Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
##(Microsoft Corporation [Ver = 4.000.246.1 | Size = 323904 bytes | Date = 06/04/2006 23:02:02 | Attr = ])

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
#Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
##(Google Inc. [Ver = 4, 0, 1601, 3576 | Size = 2403392 bytes | Date = 14/01/2007 09:40:56 | Attr = R ])

<<< >> Internet Explorer Bars, Toolbars and Extensions << >>>

<<< HKLM-> Internet Explorer Bars >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
#&Tip of the Day = %SystemRoot%\system32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Date = 04/09/2006 06:12:56 | Attr = ])

<<< HKCU-> Internet Explorer Bars >>>

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
#Shell Search Band = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Date = 14/09/2006 08:31:26 | Attr = ])

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
#Favorites Band = %SystemRoot%\system32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Date = 04/09/2006 06:12:56 | Attr = ])

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
#History Band = %SystemRoot%\system32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2900.2987 (xpsp.060901-0211) | Size = 1497088 bytes | Date = 04/09/2006 06:12:56 | Attr = ])

<<< HKLM-> Internet Explorer ToolBars >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
#&Google = c:\program files\google\googletoolbar1.dll
##(Google Inc. [Ver = 4, 0, 1601, 3576 | Size = 2403392 bytes | Date = 14/01/2007 09:40:56 | Attr = R ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}
#Easy-WebPrint = C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
##( [Ver = 2, 5, 0, 25 | Size = 405504 bytes | Date = 16/04/2004 18:43:12 | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{90222687-F593-4738-B738-FBEE9C7B26DF}
#Show Norton Toolbar = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
##(Symantec Corporation [Ver = 2007.1.00.133 | Size = 510152 bytes | Date = 06/09/2006 05:18:36 | Attr = R ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
#SweetIM For Internet Explorer = C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
##(Macrogaming [Ver = 1, 0, 0, 12 | Size = 552960 bytes | Date = 12/04/2006 10:57:16 | Attr = R ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
#Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
##(Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Date = 07/06/2006 10:09:22 | Attr = ])

<<< HKCU-> Internet Explorer ToolBars >>>

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
#Reg Data - Key not found = Reg Data - Key not found
##(File not found)

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Date = 14/09/2006 08:31:26 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}
#Reg Data - Key not found = Reg Data - Key not found
##(File not found)

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
#&Links = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp.060713-0238) | Size = 8457728 bytes | Date = 13/07/2006 14:03:24 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
#&Google = c:\program files\google\googletoolbar1.dll
##(Google Inc. [Ver = 4, 0, 1601, 3576 | Size = 2403392 bytes | Date = 14/01/2007 09:40:56 | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
#SweetIM For Internet Explorer = C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
##(Macrogaming [Ver = 1, 0, 0, 12 | Size = 552960 bytes | Date = 12/04/2006 10:57:16 | Attr = R ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
#Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
##(Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Date = 07/06/2006 10:09:22 | Attr = ])

<<< HKCU-> Internet Explorer CmdMapping >>>

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#6 - Sun Java Console
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
#4 - Reg Data - Value does not exist
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
#5 - Create Mobile Favorite...
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
#3 - Reg Data - Value does not exist
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750}
#0 - Reg Data - Key not found
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683}
#2 - Reg Data - Key not found
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\NextId
#7
##

<<< HKLM-> Internet Explorer Extensions >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
##(Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Date = 09/11/2006 15:21:54 | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
#MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
##(Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Date = 09/11/2006 15:21:52 | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
#ButtonText: Create Mobile Favorite = Reg Data - Value does not exist
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
#MenuText: Create Mobile Favorite... = C:\PROGRA~1\MI3AA1~1\INetRepl.dll
##(Microsoft Corporation [Ver = 4.1.4841.0 | Size = 135168 bytes | Date = 15/11/2005 19:42:44 | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
#ButtonText: Research = Reg Data - Value does not exist
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B205A35E-1FC4-4CE3-818B-899DBBB3388C}
#MenuText: Reg Data - Value does not exist = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}
#MenuText: @xpsp3res.dll,-20001 = Reg Data - Key not found
##(File not found)

<<< HKCU-> Internet Explorer Menu Extensions >>>

HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
#res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
##(Microsoft Corporation [Ver = 11.0.5612 | Size = 10073144 bytes | Date = 13/08/2003 01:34:38 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Easy-WebPrint Add To Print List
#res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
##( [Ver = 2, 5, 0, 25 | Size = 200704 bytes | Date = 16/04/2004 18:42:08 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Easy-WebPrint High Speed Print
#res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
##( [Ver = 2, 5, 0, 25 | Size = 200704 bytes | Date = 16/04/2004 18:42:08 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Easy-WebPrint Preview
#res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
##( [Ver = 2, 5, 0, 25 | Size = 200704 bytes | Date = 16/04/2004 18:42:08 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\MenuExt\Easy-WebPrint Print
#res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
##( [Ver = 2, 5, 0, 25 | Size = 200704 bytes | Date = 16/04/2004 18:42:08 | Attr = ])

<<< >> Approved Shell Extensions (Non-Microsoft only) << >>>

<<< HKLM-> Approved Shell Extensions >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}
#Autoplay for SlideShow = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
#Taskbar and Start Menu = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{42071714-76d4-11d1-8b24-00a0c9068ff3}
#Display Panning CPL Extension = deskpan.dll
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{764BF0E1-F219-11ce-972D-00AA00A14F56}
#Shell extensions for file compression = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{7A9D77BD-5403-11d2-8785-2E0420524153}
#User Accounts = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{7F1CF152-04F8-453A-B34C-E609530A9DC8}
#NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(Nero AG [Ver = 1.1.0.6 | Size = 1511424 bytes | Date = 21/01/2005 12:34:06 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
#Encryption Context Menu = Reg Data - Key not found
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{88895560-9AA2-1069-930E-00AA0030EBC8}
#HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll
##(Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{B327765E-D724-4347-8B16-78AE18552FC3}
#NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(Nero AG [Ver = 1.1.0.6 | Size = 1511424 bytes | Date = 21/01/2005 12:34:06 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
#iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll
##(Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Date = 30/10/2006 09:36:36 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}
#TrojanHunter Menu Shell Extension = C:\PROGRA~1\TROJAN~1.6\contmenu.dll
##( [Ver = | Size = 314368 bytes | Date = 22/08/2004 19:51:54 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
#Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll
##(RealNetworks, Inc. [Ver = 1.0.1.1783 | Size = 49198 bytes | Date = 03/09/2005 17:11:06 | Attr = ])

<<< >> ContextMenuHandlers (Non-Microsoft only) << >>>

<<< HKLM-> ContextMenuHandlers >>>

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
#{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll
##(Symantec Corporation [Ver = 14.0.0.89 | Size = 173728 bytes | Date = 07/09/2006 05:38:28 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\TrojanHunter
#{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll
##( [Ver = | Size = 314368 bytes | Date = 22/08/2004 19:51:54 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
#{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll
##( [Ver = | Size = 314368 bytes | Date = 22/08/2004 19:51:54 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
#{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll
##(Symantec Corporation [Ver = 14.0.0.89 | Size = 173728 bytes | Date = 07/09/2006 05:38:28 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
#{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll
##( [Ver = | Size = 314368 bytes | Date = 22/08/2004 19:51:54 | Attr = ])

<<< >> ColumnHandlers (Non-Microsoft only) << >>>

<<< HKLM-> ColumnHandlers >>>

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
#NeroDigitalColumnHandler Class = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
##(Nero AG [Ver = 1.1.0.6 | Size = 1511424 bytes | Date = 21/01/2005 12:34:06 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
#PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
##(Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Date = 14/12/2004 00:20:02 | Attr = ])

<<< >> File Associations Keys << >>>

HKLM\SOFTWARE\Classes\.bat\\''
#batfile
##

HKLM\SOFTWARE\Classes\batfile\shell\open\command\\''
#"%1" %*
##

HKLM\SOFTWARE\Classes\.cmd\\''
#cmdfile
##

HKLM\SOFTWARE\Classes\cmdfile\shell\open\command\\''
#"%1" %*
##

HKLM\SOFTWARE\Classes\.com\\''
#comfile
##

HKLM\SOFTWARE\Classes\comfile\shell\open\command\\''
#"%1" %*
##

HKLM\SOFTWARE\Classes\.exe\\''
#exefile
##

HKLM\SOFTWARE\Classes\exefile\shell\open\command\\''
#"%1" %*
##

HKLM\SOFTWARE\Classes\.hta\\''
#htafile
##

HKLM\SOFTWARE\Classes\htafile\shell\open\command\\''
#C:\WINDOWS\system32\mshta.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.js\\''
#JSFile
##

HKLM\SOFTWARE\Classes\jsfile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.jse\\''
#JSEFile
##

HKLM\SOFTWARE\Classes\jsefile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\scrfile\shell\open\command\\''
#"%1" /S
##

HKLM\SOFTWARE\Classes\.vbe\\''
#VBEFile
##

HKLM\SOFTWARE\Classes\vbefile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.vbs\\''
#VBSFile
##

HKLM\SOFTWARE\Classes\vbsfile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.wsf\\''
#WSFFile
##

HKLM\SOFTWARE\Classes\wsffile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.wsh\\''
#WSHFile
##

HKLM\SOFTWARE\Classes\wshfile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.txt\\''
#txtfile
##

HKLM\SOFTWARE\Classes\txtfile\shell\open\command\\''
#%SystemRoot%\system32\NOTEPAD.EXE %1
##

<<< >> Registry Run Keys << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AlcWzrd
#ALCWZRD.EXE
##(RealTek Semicoductor Corp. [Ver = 1.1.0.20 | Size = 2805248 bytes | Date = 04/05/2005 08:01:36 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ccApp
#"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
##(Symantec Corporation [Ver = 106.1.3.3 | Size = 107112 bytes | Date = 28/11/2006 20:51:24 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Easy-PrintToolBox
#C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
##(CANON INC. [Ver = 1, 1, 0, 0 | Size = 409600 bytes | Date = 14/01/2004 01:10:02 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\High Definition Audio Property Page Shortcut
#HDAShCut.exe
##(Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 61952 bytes | Date = 07/01/2005 15:07:16 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper
#"C:\Program Files\iTunes\iTunesHelper.exe"
##(Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Date = 30/10/2006 09:36:36 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Logitech Hardware Abstraction Layer
#KHALMNPR.EXE
##(Logitech Inc. [Ver = 2.42.230 | Size = 28160 bytes | Date = 22/07/2005 22:25:30 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck
#C:\WINDOWS\system32\NeroCheck.exe
##(Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Date = 09/07/2001 08:50:42 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\osCheck
#"C:\Program Files\Norton Internet Security\osCheck.exe"
##(Symantec Corporation [Ver = 10.0.0.247 | Size = 26248 bytes | Date = 06/09/2006 01:22:28 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task
#"C:\Program Files\QuickTime\qttask.exe" -atboottime
##(Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Date = 25/10/2006 18:58:18 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SoundMan
#SOUNDMAN.EXE
##(Realtek Semiconductor Corp. [Ver = 1, 0, 0, 17 | Size = 90112 bytes | Date = 03/05/2005 16:43:50 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched
#"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
##(Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Date = 09/11/2006 15:07:30 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TkBellExe
#"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
##(RealNetworks, Inc. [Ver = 0.1.0.3018 | Size = 180269 bytes | Date = 03/09/2005 17:11:04 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WIN TYPE EQ PLAY
#C:\Documents and Settings\All Users\Application Data\Option sign win type\IntraTons.exe
##( [Ver = | Size = 527360 bytes | Date = 04/12/2006 18:02:48 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows Defender
#"C:\Program Files\Windows Defender\MSASCui.exe" -hide
##(Microsoft Corporation [Ver = 1.1.1593.0 | Size = 866584 bytes | Date = 03/11/2006 18:20:12 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
#Installed = 1
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
#Installed = 1
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
#Installed = 1
##

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe
#C:\WINDOWS\system32\ctfmon.exe
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\H/PC Connection Agent
#"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
##(Microsoft Corporation [Ver = 4.1.4841.0 | Size = 1200128 bytes | Date = 15/11/2005 19:44:14 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RealPlayer
#"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
##(RealNetworks, Inc. [Ver = 6.0.12.857 | Size = 1003520 bytes | Date = 30/05/2006 08:48:04 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\swg
#C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
##(Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Date = 14/01/2007 09:40:58 | Attr = ])

<<< >> Miscellaneous Startup Keys << >>>

<<< AppInit DLLs >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
#
##(File not found)

<<< Image File Execution Options >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
#Debugger = ntsd -d
##

<<< Shell Service Object Delay Load >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn
#{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp.060713-0238) | Size = 8457728 bytes | Date = 13/07/2006 14:03:24 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder
#{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp.060713-0238) | Size = 8457728 bytes | Date = 13/07/2006 14:03:24 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray
#{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\UPnPMonitor
#{e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239616 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck
#{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll
##(Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 231424 bytes | Date = 07/11/2006 21:03:36 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WPDShServiceObj
#{AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll
##(Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 133632 bytes | Date = 18/10/2006 21:47:22 | Attr = ])

<<< Shell Execute Hooks >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
#Microsoft AntiMalware ShellExecuteHook = C:\PROGRA~1\WINDOW~4\MpShHook.dll
##(Microsoft Corporation [Ver = 1.1.1593.0 | Size = 83224 bytes | Date = 03/11/2006 18:20:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972}
#URL Exec Hook = shell32.dll
##(Microsoft Corporation [Ver = 6.00.2900.2951 (xpsp.060713-0238) | Size = 8457728 bytes | Date = 13/07/2006 14:03:24 | Attr = ])

<<< Shared Task Scheduler >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}
#Browseui preloader = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Date = 14/09/2006 08:31:26 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030}
#Component Categories cache daemon = %SystemRoot%\system32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2900.2995 (xpsp.060913-0019) | Size = 1022976 bytes | Date = 14/09/2006 08:31:26 | Attr = ])

<<< SafeBoot Option >>>

<<< HKLM Command Processor AutoRun >>>

HKLM\SOFTWARE\Microsoft\Command Processor\\AutoRun
#
##

<<< HKCU Command Processor AutoRun >>>

<<< Security Providers >>>

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
#msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
##

<<< BootExecute >>>

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\\BootExecute
#autocheck autochk *;
##

<<< PendingFileRenameOperations >>>

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\\PendingFileRenameOperations
#\??\C:\WINDOWS\TEMP\symlcsv1.exe;
##

<<< FileRenameOperations >>>

<<< ExcludeFromKnownDlls >>>

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\\ExcludeFromKnownDlls
#
##

<<< >> Disabled MSConfig Items << >>>

<<< >> User Agent Post Platform << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\SIMBAR Enabled
#
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\SIMBAR={47CEF2BF-6DB3-4590-95C8-633929B390D3}
#
##

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\SIMBAR=0
#
##

<<< >> Winlogon << >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\AltDefaultDomainName
#JO
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\AltDefaultUserName
#Joanne
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\AutoAdminLogon
#Reg Data - Value does not exist
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\DefaultDomainName
#JO
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\DefaultUserName
#Joanne
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
#Reg Data - Value does not exist
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System
#
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
#C:\WINDOWS\system32\userinit.exe,
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet
#rundll32 shell32,Control_RunDLL "sysdm.cpl"
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
#Ati2evxx.dll
##(ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 46080 bytes | Date = 07/06/2005 20:39:38 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
#crypt32.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
#cryptnet.dll
##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
#cscdll.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
#sclgntfy.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
#WlNotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
#WgaLogon.dll
##(Microsoft Corporation [Ver = 1.5.0540.0 | Size = 702768 bytes | Date = 19/06/2006 15:20:42 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

<<< >> DNS Name Servers << >>>

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1F90B726-6AF6-43EC-AEA5-43990BFB5932}
#194.106.56.6 (Fujitsu Siemens Computers WLAN 802.11b/g D1705/D1706)
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{63379B54-2EE4-447D-B827-26F59D7645CF}
# (1394 Net Adapter)
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{869BD662-085A-4BA2-8819-E23EB677F9E4}
#194.106.56.6 (Realtek RTL8139/810x Family Fast Ethernet NIC)
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B5FA34A-C644-40CD-A6EC-1DF4AACAA0F9}
#194.106.56.6 (1394 Net Adapter)
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B1CB855F-4270-4253-9C6F-326995E8EEF0}
# ()
##

<<< >> All Winsock2 Catalogs << >>>

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
#%SystemRoot%\System32\winrnr.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16896 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

<<< >> Protocol Handlers (Non-Microsoft only) << >>>

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ipp
#
##(File not found)

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\mctp
#C:\Program Files\Microsoft ActiveSync\aatp.dll
##(File not found)

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp
#
##(File not found)

<<< >> Protocol Filters (Non-Microsoft only) << >>>
dazmug
Regular Member
 
Posts: 17
Joined: January 15th, 2007, 7:40 am
Location: Cornwall

[Start Post #2]

Unread postby dazmug » January 17th, 2007, 5:15 am

[Start Post #2]

Services
Name--Internal Name--Startup Type--State--Service Type--
#Path
##(Version Info)

Adobe Active File Monitor--AdobeActiveFileMonitor--Automatic--Running--Win32, running in it's own process--
#C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
##( [Ver = | Size = 98304 bytes | Date = 20/10/2004 03:47:54 | Attr = ])

Ati HotKey Poller--Ati HotKey Poller--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\Ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4117 | Size = 376832 bytes | Date = 07/06/2005 20:38:32 | Attr = ])

Automatic LiveUpdate Scheduler--Automatic LiveUpdate Scheduler--Automatic--Running--Win32, running in it's own process--
#"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
##(Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Date = 02/09/2006 23:36:34 | Attr = ])

Symantec Event Manager--ccEvtMgr--Automatic--Running--Win32, running in a shared process--
#"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
##(Symantec Corporation [Ver = 106.1.3.3 | Size = 107624 bytes | Date = 28/11/2006 20:51:24 | Attr = ])

Symantec Settings Manager--ccSetMgr--Automatic--Running--Win32, running in a shared process--
#"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
##(Symantec Corporation [Ver = 106.1.3.3 | Size = 107624 bytes | Date = 28/11/2006 20:51:24 | Attr = ])

Symantec Lic NetConnect service--CLTNetCnService--Automatic--Running--Win32, running in a shared process--
#"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
##(Symantec Corporation [Ver = 106.1.3.3 | Size = 107624 bytes | Date = 28/11/2006 20:51:24 | Attr = ])

iPod Service--iPod Service--On Demand--Running--Win32, running in it's own process--
#"C:\Program Files\iPod\bin\iPodService.exe"
##(Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Date = 30/10/2006 09:36:32 | Attr = ])

Photoshop Elements Device Connect--PhotoshopElementsDeviceConnect--Automatic--Running--Win32, running in it's own process--
#C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
##( [Ver = | Size = 118784 bytes | Date = 20/10/2004 02:40:46 | Attr = ])

Symantec Core LC--Symantec Core LC--On Demand--Running--Win32, running in it's own process--
#"C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
##(Symantec Corporation [Ver = 1.9.1.1034 | Size = 1087680 bytes | Date = 13/01/2007 19:00:48 | Attr = ])

Symantec AppCore Service--SymAppCore--Automatic--Running--Win32, running in it's own process--
#"C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
##(Symantec Corporation [Ver = 1.0.00.101 | Size = 46736 bytes | Date = 02/09/2006 04:33:40 | Attr = ])


Files
Full Path
#Details

%SystemDrive%
#

%ProgramFilesDir%
#

%WinDir%
#

%System%
#

C:\WINDOWS\SYSTEM32\dfrg.msc
#PEC2 ( [Ver = | Size = 41397 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
#PTech (Microsoft Corporation [Ver = 1.5.0723.1 | Size = 1474864 bytes | Date = 12/12/2006 10:45:04 | Attr = ])

C:\WINDOWS\SYSTEM32\MRT.exe
#PECompact2 (Microsoft Corporation [Ver = 1.24.1635.0 | Size = 10980776 bytes | Date = 02/01/2007 23:19:44 | Attr = ])

C:\WINDOWS\SYSTEM32\MRT.exe
#aspack (Microsoft Corporation [Ver = 1.24.1635.0 | Size = 10980776 bytes | Date = 02/01/2007 23:19:44 | Attr = ])

C:\WINDOWS\SYSTEM32\ntbackup.exe
#WSUD (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 1135616 bytes | Date = 17/08/2001 22:36:52 | Attr = ])

C:\WINDOWS\SYSTEM32\ntdll.dll
#aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\nusrmgr.cpl
#WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\rasdlg.dll
#Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\wbdbase.deu
#winsync ( [Ver = | Size = 1309184 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\WgaTray.exe
#PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 19/06/2006 15:19:26 | Attr = ])

C:\WINDOWS\SYSTEM32\wmploc.dll
#PEC2 (Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 8231936 bytes | Date = 18/10/2006 21:47:20 | Attr = ])

C:\WINDOWS\SYSTEM32\wmploc.dll
#WSUD (Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 8231936 bytes | Date = 18/10/2006 21:47:20 | Attr = ])

%System%\Drivers folder and sub-folders
#

%windir% + sub-dirs for System or Hidden files less than 60 days old
#

C:\WINDOWS\bootstat.dat
# ( [Ver = | Size = 2048 bytes | Date = 16/01/2007 09:18:44 | Attr = S])

C:\WINDOWS\QTFont.qfn
# ( [Ver = | Size = 54156 bytes | Date = 17/01/2007 08:40:38 | Attr = H ])

C:\WINDOWS\system32\zllictbl.dat
# ( [Ver = | Size = 4212 bytes | Date = 03/01/2007 19:15:20 | Attr = H ])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat
# ( [Ver = | Size = 7894 bytes | Date = 22/12/2006 11:53:02 | Attr = S])

C:\WINDOWS\system32\config\default.LOG
# ( [Ver = | Size = 1024 bytes | Date = 17/01/2007 05:09:16 | Attr = H ])

C:\WINDOWS\system32\config\SAM.LOG
# ( [Ver = | Size = 1024 bytes | Date = 17/01/2007 08:41:26 | Attr = H ])

C:\WINDOWS\system32\config\SECURITY.LOG
# ( [Ver = | Size = 1024 bytes | Date = 17/01/2007 05:19:04 | Attr = H ])

C:\WINDOWS\system32\config\software.LOG
# ( [Ver = | Size = 1024 bytes | Date = 17/01/2007 08:47:14 | Attr = H ])

C:\WINDOWS\system32\config\system.LOG
# ( [Ver = | Size = 1024 bytes | Date = 16/01/2007 22:24:06 | Attr = H ])

C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
# ( [Ver = | Size = 1024 bytes | Date = 13/01/2007 03:00:44 | Attr = H ])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD
# ( [Ver = | Size = 558 bytes | Date = 20/11/2006 03:01:28 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD
# ( [Ver = | Size = 146 bytes | Date = 20/11/2006 03:01:28 | Attr = S])

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
# ( [Ver = | Size = 1024 bytes | Date = 17/01/2007 02:03:00 | Attr = H ])

C:\WINDOWS\system32\drivers\etc\Hosts.bak
# ( [Ver = | Size = 4102 bytes | Date = 02/01/2007 08:22:04 | Attr = RH ])

C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\ab021988-d03b-437c-b48e-ea31d2190540
# ( [Ver = | Size = 388 bytes | Date = 30/11/2006 22:10:40 | Attr = HS])

C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
# ( [Ver = | Size = 24 bytes | Date = 30/11/2006 22:10:40 | Attr = HS])

C:\WINDOWS\Tasks\B9E01A2590B3829D.job
# ( [Ver = | Size = 264 bytes | Date = 17/01/2007 08:00:02 | Attr = H ])

C:\WINDOWS\Tasks\MP Scheduled Scan.job
# ( [Ver = | Size = 330 bytes | Date = 17/01/2007 01:59:38 | Attr = H ])

C:\WINDOWS\Tasks\SA.DAT
# ( [Ver = | Size = 6 bytes | Date = 16/01/2007 09:18:50 | Attr = H ])

CPL files
#

C:\WINDOWS\SYSTEM32\access.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
# (Realtek Semiconductor Corp. [Ver = 1.1.0.7 | Size = 294912 bytes | Date = 03/05/2005 16:44:12 | Attr = ])

C:\WINDOWS\SYSTEM32\appwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\bthprops.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\desk.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\firewall.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\hdwwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\inetcpl.cpl
# (Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1817088 bytes | Date = 17/10/2006 12:05:48 | Attr = ])

C:\WINDOWS\SYSTEM32\intl.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\irprops.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\joy.cpl
# (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\jpicpl32.cpl
# (Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49265 bytes | Date = 09/11/2006 15:07:28 | Attr = ])

C:\WINDOWS\SYSTEM32\main.cpl
# (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\mbllnk.cpl
# (AvantGo, Inc. [Ver = 3.3 Build 864 | Size = 69632 bytes | Date = 06/12/2004 13:07:08 | Attr = ])

C:\WINDOWS\SYSTEM32\mmsys.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\ncpa.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\NeroBurnRights.cpl
# (Ahead Software AG [Ver = 1, 0, 0, 2 | Size = 57344 bytes | Date = 09/10/2002 11:36:14 | Attr = ])

C:\WINDOWS\SYSTEM32\netsetup.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\nusrmgr.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\odbccp32.cpl
# (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\powercfg.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\RTSndMgr.CPL
# (Realtek Semiconductor Corp. [Ver = 1.0.0.4 | Size = 262144 bytes | Date = 26/05/2005 12:14:48 | Attr = ])

C:\WINDOWS\SYSTEM32\sysdm.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\telephon.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\timedate.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\wscui.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\wuaucpl.cpl
# (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 26/05/2005 03:16:30 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\access.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
# (Microsoft Corporation [Ver = 7.00.5730.11 (winmain(wmbla).061017-1135) | Size = 1817088 bytes | Date = 17/10/2006 12:05:48 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
# (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\main.cpl
# (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
# (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
# (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
# (Microsoft Corporation [Ver = 5.1.4111.00 (xpsp_sp2_rtm.040803-2158) | Size = 155648 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
# (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 04/08/2004 12:00:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
# (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 26/05/2005 03:16:30 | Attr = ])

Auto-Start Folders
#

HKLM->Explorer\Shell Folders\\Common Startup
# = C:\Documents and Settings\All Users\Start Menu\Programs\Startup

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
#C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Date = 20/10/2004 00:12:24 | Attr = ])

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
#C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Date = 14/12/2004 02:44:06 | Attr = ])

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
#( [Ver = | Size = 84 bytes | Date = 18/08/2005 16:15:04 | Attr = HS])

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
#C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc. [Ver = 2.42.257 | Size = 528384 bytes | Date = 04/08/2005 01:42:00 | Attr = ])

HKLM->Explorer\User Shell Folders\\Common Startup
# = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup
# = C:\Documents and Settings\Joanne\Start Menu\Programs\Startup

C:\Documents and Settings\Joanne\Start Menu\Programs\Startup\Desktop Manager.lnk
#C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited [Ver = 4.1.1.9 (Release build by atse) | Size = 1085534 bytes | Date = 24/02/2006 12:27:48 | Attr = ])

C:\Documents and Settings\Joanne\Start Menu\Programs\Startup\desktop.ini
#( [Ver = | Size = 84 bytes | Date = 18/08/2005 16:15:04 | Attr = HS])

C:\Documents and Settings\Joanne\Start Menu\Programs\Startup\LimeWire On Startup.lnk
#C:\Program Files\LimeWire\LimeWire.exe ( [Ver = | Size = 159744 bytes | Date = 22/08/2006 15:45:56 | Attr = ])

HKCU->Explorer\User Shell Folders\\Startup
# = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
#

Config.nt: Line 54
#dos=high, umb

Config.nt: Line 55
#device=%SystemRoot%\system32\himem.sys

Config.nt: Line 56
#files=40

AutoExec.nt: Line 1
#@echo off

AutoExec.nt: Line 8
#lh %SystemRoot%\system32\mscdexnt.exe

AutoExec.nt: Line 11
#lh %SystemRoot%\system32\redir

AutoExec.nt: Line 14
#lh %SystemRoot%\system32\dosx

AutoExec.nt: Line 36
#SET BLASTER=A220 I5 D1 P330 T3

Miscellaneous Folders
#

AllUsers ApplicationData Folder
#

C:\Documents and Settings\All Users\Application Data\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 18/08/2005 18:08:12 | Attr = HS])

C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
# ( [Ver = | Size = 1783 bytes | Date = 20/11/2006 19:45:42 | Attr = ])

CurrentUser ApplicationData Folder
#

C:\Documents and Settings\Joanne\Application Data\$_hpcst$.hpc
# ( [Ver = | Size = 2508 bytes | Date = 15/01/2006 18:13:00 | Attr = ])

C:\Documents and Settings\Joanne\Application Data\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 18/08/2005 18:08:12 | Attr = HS])

C:\Documents and Settings\Joanne\Application Data\wklnhst.dat
# ( [Ver = | Size = 0 bytes | Date = 03/09/2005 16:00:22 | Attr = ])

Program Files Folder
#

Common Files Folder
#

DPF files
#

{00B71CFB-6864-4346-A978-C0A14556272C}
#Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/ms ... b31267.cab

{14B87622-7E19-4EA8-93B3-97215F77A6BC}
#MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Me ... b31267.cab

{17492023-C23A-453E-A040-C7C580BBF700}
#Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
#Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/Shar ... vSniff.cab

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
#MSN Photo Upload Tool - CodeBase = http://itsallwatsonwatsonwatson.spaces. ... nPUpld.cab

{644E432F-49D3-41A1-8DD5-E099162EEEC5}
#Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/Shar ... /cabsa.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93}
#Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
#MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Me ... b31267.cab

{B8BE5E93-A60C-4D26-A2DC-220313175592}
#ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZI ... b32846.cab

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
#Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
#Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
#Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

Hosts file = 734 bytes. Reading all entries.
#C:\WINDOWS\System32\drivers\etc\Hosts

# Copyright (c) 1993-1999 Microsoft Corp.
#

#
#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#

#
#

# This file contains the mappings of IP addresses to host names. Each
#

# entry should be kept on an individual line. The IP address should
#

# be placed in the first column followed by the corresponding host name.
#

# The IP address and the host name should be separated by at least one
#

# space.
#

#
#

# Additionally, comments (such as these) may be inserted on individual
#

# lines or following the machine name denoted by a '#' symbol.
#

#
#

# For example:
#

#
#

# 102.54.94.97 rhino.acme.com # source server
#

# 38.25.63.10 x.acme.com # x client host
#


#

127.0.0.1 localhost
#
dazmug
Regular Member
 
Posts: 17
Joined: January 15th, 2007, 7:40 am
Location: Cornwall

Unread postby askey127 » January 17th, 2007, 7:32 pm

dazmug,
I have had a computer problem here due to weather and power outages, so I will not be able to give you a reply until approximately afternoon Thursday US East Coast time.
Thank you for your understanding.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby askey127 » January 18th, 2007, 4:27 pm

dazmug,
You are not showing any significant malware that I can see in the WinPFind log.
What kind of Popups are you getting? Are they gaming oriented?
It's just possible the popups are coming from something you chose to use, like that SweetIMBar?
You can remove the program to find out, per below. They do disclaim any responsibility for behavior of their "third party" associates. They could be anybody.
Their license document is here : http://www.sweetim.com/eula.html
I have also included instructions to update your Java application. You have a leftover version 1.5 rev 6 which is old enough to be risky, along with a version 1.5 rev 10.
-----------------------------------------------------------
Use Add/Remove Programs In Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
SweetIMBar
Sweetie
Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
------------------------------------------------------------
Update your Java.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
  • Close any programmes you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel > Add/Remove Programs.
  • Check any item with Java Runtime Environment, JRE, J2SE, or Java Webstart in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer once all Java components are removed.

Then download the latest version of Java Runtime Environment, and install it to your computer.

Please post a new HJT log and tell me how it's running. I'm especially interested in the content or purveyor of any popups. May help track down the source.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Pop ups

Unread postby dazmug » January 22nd, 2007, 3:35 pm

Hi Askey

I have attached my Hijackthis log file below. Iv bhave done what you instructed plus have also remove limewire.

The pop ups are mainly gambling sites 888.com and adult dating sites, sites telling us we have won a new laptop pc. There are also some normal sies like Tesco supermarket!

They always tend to open IE in a new window, its as though something is ipening up IE rather than it being a normal pop up.

regards
Darren


Logfile of HijackThis v1.99.1
Scan saved at 19:29:49, on 22/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=3109
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=3109
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: Shell=
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WIN TYPE EQ PLAY] C:\Documents and Settings\All Users\Application Data\Option sign win type\IntraTons.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://itsallwatsonwatsonwatson.spaces. ... nPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ ... 586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F90B726-6AF6-43EC-AEA5-43990BFB5932}: NameServer = 194.106.56.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{869BD662-085A-4BA2-8819-E23EB677F9E4}: NameServer = 194.106.56.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B5FA34A-C644-40CD-A6EC-1DF4AACAA0F9}: NameServer = 194.106.56.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F90B726-6AF6-43EC-AEA5-43990BFB5932}: NameServer = 194.106.56.6
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
dazmug
Regular Member
 
Posts: 17
Joined: January 15th, 2007, 7:40 am
Location: Cornwall

Unread postby askey127 » January 22nd, 2007, 5:49 pm

dazmug,
-----------------------------------------------------------
Set Your Computer to Show All Files
  1. Click Start.
  2. Click My Computer.
  3. Select the Tools menu and click Folder Options.
  4. Select the View Tab.
  5. Under the Hidden files and folders heading, select Show hidden files and folders.
  6. Uncheck Hide protected operating system files (recommended).
  7. Click Yes to confirm.
  8. Uncheck the Hide file extensions for known file types.
  9. Click OK.

-----------------------------------------------------------
Disable Windows Defender
Go to Start > All Programs > Windows Defender.
Click on the Tools menu, click General Settings, Scroll down to Real-Time Protection Options section and Deactivate the Real-Time Protection system.

Then, in the toolbar across the top there is a little downpointing arrow next to the question mark icon.
Click on that, get a drop down list. One of the options is to exit Windows Defender.
Click on that, and there will be a pop up asking if you are sure you want to exit. Click Yes/OK.
-----------------------------------------------------------
Disable Trojan Hunter Guard
Go to TrojanHunter Guard in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red. Right click it and select settings. Uncheck "Load at startup" and "Enabled".
-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis.
Click Scan. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)


R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked.
-----------------------------------------------------------
File and Folder Deletion.
In Windows Explorer (My Computer), select View, Details. Then navigate to this folder. Find and Delete if present.
You may have to delete all the underlying files and folders before an entire folder can be deleted.

C:\Program Files\Macrogaming\SweetIMBarForIE\

If you have any problem deleting a file, right click the file and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete. If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the filename is in there, highlight it and click End Process, then retry Delete.
Note the name and location of any items you cannot delete.
-----------------------------------------------------------
Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby dazmug » January 23rd, 2007, 5:48 pm

Hi Askey

I have followed your instructions. I am still getting the pop ups!

Hijackthis file attached

Darren


Logfile of HijackThis v1.99.1
Scan saved at 21:46:37, on 23/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=3109
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/weather/5day.shtml?id=3109
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080
F2 - REG:system.ini: Shell=
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WIN TYPE EQ PLAY] C:\Documents and Settings\All Users\Application Data\Option sign win type\IntraTons.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://itsallwatsonwatsonwatson.spaces. ... nPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ ... 586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F90B726-6AF6-43EC-AEA5-43990BFB5932}: NameServer = 194.106.56.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{869BD662-085A-4BA2-8819-E23EB677F9E4}: NameServer = 194.106.56.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B5FA34A-C644-40CD-A6EC-1DF4AACAA0F9}: NameServer = 194.106.56.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F90B726-6AF6-43EC-AEA5-43990BFB5932}: NameServer = 194.106.56.6
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
dazmug
Regular Member
 
Posts: 17
Joined: January 15th, 2007, 7:40 am
Location: Cornwall
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 57 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware