Hi, thankls for help to date. I have posted as requested the SR file.
The problems - Windows Restore window is still blank, got it back first time by running the olereg script from the web, gone again now though!
When i scroll a page on the web it seems to "refresh" or "scroll" on to the screen. When i open the dxdiag in RUN, there is no capacity to enable directdraw or 3d. Maybe a format of C and reinstall would do it, i gather that i would not have to qwipe the other drives on my PC, thanks agin, G
"Silent Runners.vbs", revision 44,
http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"TClockEx" = "C:\Program Files\TClockEx\TCLOCKEX.EXE" ["Dale Nurden"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]
"Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{0A87E45F-537A-40B4-B812-E2544C21A09F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SpywareBlock Class"
\InProcServer32\(Default) = "D:\SpyCatcher 2006\SCActiveBlock.dll" ["Tenebril Inc."]
{A17B153F-2267-4161-A165-73DCD6C31BEF}\(Default) = (no title provided)
-> {HKLM...CLSID} = "ba3HelperObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ba3bho.dll" [empty string]
{C333CF63-767F-4831-94AC-E683D962C63C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "CoTGT_BHO Class"
\InProcServer32\(Default) = "C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "Wireless Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {HKLM...CLSID} = "Wheel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {HKLM...CLSID} = "Activities Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {HKLM...CLSID} = "Buttons Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\Office\OLKFSTUB.DLL" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{00000000-0000-0000-0000-000000000052}" = "shredderse"
-> {HKLM...CLSID} = "shredderse"
\InProcServer32\(Default) = "c:\program files\steganos security suite 5\shredderse.dll" [null data]
"{5bec20a0-388e-11d4-a2ab-0080adc9a395}" = "SteganosShell5"
-> {HKLM...CLSID} = "SteganosShell5"
\InProcServer32\(Default) = "c:\program files\steganos security suite 5\steganosshell5.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\NokiaPhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {HKLM...CLSID} = "Contact View"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\ContactView.dll" ["Nokia"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Documents and Settings\Graeme Sturrock\My Documents\rarext.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
INFECTION WARNING! "AppInit_DLLs" = "interceptor.dll,wbsys.dll" [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! WB\DLLName = "D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll" [file not found]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
shredderse\(Default) = "{00000000-0000-0000-0000-000000000052}"
-> {HKLM...CLSID} = "shredderse"
\InProcServer32\(Default) = "c:\program files\steganos security suite 5\shredderse.dll" [null data]
SteganosShell5\(Default) = "{5bec20a0-388e-11d4-a2ab-0080adc9a395}"
-> {HKLM...CLSID} = "SteganosShell5"
\InProcServer32\(Default) = "c:\program files\steganos security suite 5\steganosshell5.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Documents and Settings\Graeme Sturrock\My Documents\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
shredderse\(Default) = "{00000000-0000-0000-0000-000000000052}"
-> {HKLM...CLSID} = "shredderse"
\InProcServer32\(Default) = "c:\program files\steganos security suite 5\shredderse.dll" [null data]
SteganosShell5\(Default) = "{5bec20a0-388e-11d4-a2ab-0080adc9a395}"
-> {HKLM...CLSID} = "SteganosShell5"
\InProcServer32\(Default) = "c:\program files\steganos security suite 5\steganosshell5.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Documents and Settings\Graeme Sturrock\My Documents\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Documents and Settings\Graeme Sturrock\My Documents\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Graeme Sturrock\Application Data\Mozilla\Firefox\Desktop Background.bmp"
Startup items in "Graeme Sturrock" & "All Users" startup folders:
-----------------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"LightSurf" -> shortcut to: "C:\Program Files\LightSurf\Common\IconMgr.exe" [** WMI GetObject error **]
Enabled Scheduled Tasks:
------------------------
"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
"FRU Task #Hewlett-Packard#hp psc 1200 series#1101776447" -> launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1101776447"" [empty string]
"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScanType config -Privileges restricted" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 14
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll" ["Yahoo! Inc."]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Messenger"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Messenger"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll" ["Yahoo! Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll" ["Yahoo! Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
Missing lines (compared with English-language version):
HIJACK WARNING! "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows Defender Service, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 57 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 17 seconds.
---------- (total run time: 110 seconds)