1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Adware identifies a win32-gen infection

Discussion in 'Malware and Virus Removal Archive' started by daftdog, 2007/04/03.

  1. 2007/04/03
    daftdog

    daftdog Inactive Thread Starter

    Joined:
    2007/04/03
    Messages:
    10
    Likes Received:
    0
    Hi Everyone,
    My Avast software tells me that my PC is infected with a trojan, win32-gen. It's symptoms are annoying pop-ups, and slow performance. Pops are anything from scantily clad women to "download this now to protect yourself" sort of stuff.

    I read a few things on this forunm and going by the advice given, i downloaded HiJack This and ran a scan.


    Here is my log from hjt: Any help would be most appreciated (and my mother-in-law would love me for ever..lol. its her pc )
    Thanks,

    Paul

    Logfile of HijackThis v1.99.1
    Scan saved at 17:12:04, on 03/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\PV92Tray.exe
    C:\Program Files\Common Files\PrivacyProtector\prpcw.exe
    C:\WINDOWS\system32\gsicon.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe
    c:\program files\common files\aol\1133633940\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    c:\program files\common files\aol\1133633940\ee\aolsoftware.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\AOL 9.0d\aoltray.exe
    C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AOL 9.0d\waol.exe
    C:\Program Files\AOL 9.0d\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Robert bell\Desktop\hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.incredimail.com/page.asp...02154&setup_id=7&aff_id=102&addon=IncrediMail
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [prpcw] "C:\Program Files\Common Files\PrivacyProtector\prpcw.exe" -c
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe "
    O4 - HKLM\..\Run: [TrayBitsGramInfo] C:\Documents and Settings\All Users\Application Data\THIS TWO TRAY BITS\scr corn.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpeedItUpEX] "C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI
    O4 - HKCU\..\Run: [ante ball] C:\DOCUME~1\ROBERT~1\APPLIC~1\INTRAD~1\Soapbags.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0d\aoltray.exe
    O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.4/WinSSWebAgent.CAB
    O16 - DPF: {15AC034D-14DF-4AF8-9D02-29E1F56A8235} (Virgin Digital MusicNet Class) - http://www.virgindigital.co.uk/activeX/VirginWMA.cab
    O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
    O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://honeyspoem.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137013445187
    O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://media.grab.com/media/35f4a8/games/files/1147/axhost.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
    O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://privacyprotector.com/.freeware/cab/installprivacyprotector.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2E1081E1-5DCC-413C-947A-68A3B766E647}: NameServer = 205.188.146.145
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
    daftdog,
    #1
  2. 2007/04/03
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Hello and welcome to WindowsBBS Forums.

    This looks to be a LOP infection, so we'll use the special tool created for it, and you can then bask in the love of your mother-in-law. :D

    Below you will find the results from my analysis of your HijackThis! log file. Please read all instructions carefully before performing any steps.

    Please do as instructed below in the order presented.

    :arrow: Please follow these instructions, exactly, for proper HJT installation. Please place HJT into ITS OWN PERMANANT FOLDER. It must not be installed on the desktop nor in any temp folders.

    You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Move HijackThis.exe into this folder (C:\HJT\HijackThis.exe). When you run HijackThis.exe from C:\HJT folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary which is easily accessible.


    Please Download NoLop.exe to your desktop.
    • First close any other programs you have running as this will require a reboot
    • Double click NoLop.exe to run it
    • Carefully type the CLSID given by your forum helper into the lower text area. Then click the button labeled "Search and Destroy" <>
    • When scanning is finished you will be prompted to reboot only if infected, Click OK
    • Now click the "REBOOT" Button.
    • A Message should popup from NoLop if not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
    Note:If you receive the error, that mscomctl.ocx or one of its dependencies are not correctly registered, please download this file to your system32 folder then rerun the program: http://www.boletrice.com/downloads/mscomctl.ocx
     
    TeMerc,
    #2


  3. to hide this advert.

  4. 2007/04/03
    daftdog

    daftdog Inactive Thread Starter

    Joined:
    2007/04/03
    Messages:
    10
    Likes Received:
    0
    Hi TeMerc,

    Thanks for the reply. Did what you suggested but didnt fix the problem.

    i ran the NoLop.exe file, but didnt have the CLSID as requested. It found an infection and i rebooted, but the pop-ups still appear.

    When i ran the HJT software again, i am confused as to the "Fixed checked" part as nothing is checked and i do not know what to check (or even if i have to..)

    Here are the new Logs as you requested be posted.

    Logfile of HijackThis v1.99.1
    Scan saved at 20:50:22, on 03/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\PV92Tray.exe
    C:\Program Files\Common Files\PrivacyProtector\prpcw.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\gsicon.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\AOL 9.0d\aoltray.exe
    C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
    c:\program files\common files\aol\1133633940\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    c:\program files\common files\aol\1133633940\ee\aolsoftware.exe
    C:\Program Files\AOL 9.0d\waol.exe
    C:\Program Files\AOL 9.0d\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.incredimail.com/page.asp...02154&setup_id=7&aff_id=102&addon=IncrediMail
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [prpcw] "C:\Program Files\Common Files\PrivacyProtector\prpcw.exe" -c
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe "
    O4 - HKLM\..\Run: [TrayBitsGramInfo] C:\Documents and Settings\All Users\Application Data\THIS TWO TRAY BITS\scr corn.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpeedItUpEX] "C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI
    O4 - HKCU\..\Run: [ante ball] C:\DOCUME~1\ROBERT~1\APPLIC~1\INTRAD~1\Soapbags.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0d\aoltray.exe
    O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
    O4 - Global Startup: NoLop.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.4/WinSSWebAgent.CAB
    O16 - DPF: {15AC034D-14DF-4AF8-9D02-29E1F56A8235} (Virgin Digital MusicNet Class) - http://www.virgindigital.co.uk/activeX/VirginWMA.cab
    O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
    O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://honeyspoem.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137013445187
    O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://media.grab.com/media/35f4a8/games/files/1147/axhost.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
    O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://privacyprotector.com/.freeware/cab/installprivacyprotector.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2E1081E1-5DCC-413C-947A-68A3B766E647}: NameServer = 205.188.146.145
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


    NoLop! Log by Skate_Punk_21

    Fix running from: C:\Documents and Settings\Robert bell\Desktop
    [03/04/2007]
    [20:23:00]

    ---Infection Files Found/Removed---
    C:\WINDOWS\tasks\A3CD01EA901EB6DA.job

    Beginning Removal...
    Rebooting...
    Removing Lop's Leftover Files/Folders...
    Editing Registry...
    **Fix Complete!**

    ---Listing AppData sub directories---

    C:\Documents and Settings\Administrator\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Adobe
    C:\Documents and Settings\All Users\Application Data\Aol
    C:\Documents and Settings\All Users\Application Data\Aol Downloads
    C:\Documents and Settings\All Users\Application Data\Apple Computer
    C:\Documents and Settings\All Users\Application Data\Canonbj
    C:\Documents and Settings\All Users\Application Data\Contour Design
    C:\Documents and Settings\All Users\Application Data\Google
    C:\Documents and Settings\All Users\Application Data\Gtek
    C:\Documents and Settings\All Users\Application Data\Mcafee.com
    C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    C:\Documents and Settings\All Users\Application Data\Metacafe
    C:\Documents and Settings\All Users\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Mumbojumbo
    C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    C:\Documents and Settings\All Users\Application Data\Playfirst -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Popcap
    C:\Documents and Settings\All Users\Application Data\Pure Networks
    C:\Documents and Settings\All Users\Application Data\Quicktime
    C:\Documents and Settings\All Users\Application Data\Sonypicturesgames
    C:\Documents and Settings\All Users\Application Data\Starware
    C:\Documents and Settings\All Users\Application Data\This Two Tray Bits
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    C:\Documents and Settings\All Users\Application Data\Zylom
    C:\Documents and Settings\Default User\Application Data\Microsoft
    C:\Documents and Settings\Linda Bell\Application Data\Adobe
    C:\Documents and Settings\Linda Bell\Application Data\Adobeaum
    C:\Documents and Settings\Linda Bell\Application Data\Adobeum -- EMPTY Directory
    C:\Documents and Settings\Linda Bell\Application Data\Ahead
    C:\Documents and Settings\Linda Bell\Application Data\Aol
    C:\Documents and Settings\Linda Bell\Application Data\Apple Computer
    C:\Documents and Settings\Linda Bell\Application Data\Google
    C:\Documents and Settings\Linda Bell\Application Data\Gtek
    C:\Documents and Settings\Linda Bell\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Linda Bell\Application Data\Identities
    C:\Documents and Settings\Linda Bell\Application Data\Lavasoft
    C:\Documents and Settings\Linda Bell\Application Data\Macromedia
    C:\Documents and Settings\Linda Bell\Application Data\Mcafee.com Personal Firewall
    C:\Documents and Settings\Linda Bell\Application Data\Metacafe
    C:\Documents and Settings\Linda Bell\Application Data\Microsoft
    C:\Documents and Settings\Linda Bell\Application Data\Motive
    C:\Documents and Settings\Linda Bell\Application Data\Real
    C:\Documents and Settings\Linda Bell\Application Data\Roxio
    C:\Documents and Settings\Linda Bell\Application Data\Sun
    C:\Documents and Settings\Linda Bell\Application Data\Versiontracker Pro
    C:\Documents and Settings\Linda Bell\Application Data\Wholesecurity
    C:\Documents and Settings\Linda Bell\Application Data\Windows Live Safety Center
    C:\Documents and Settings\Linda Bell\Application Data\You've Got Pictures Screensaver
    C:\Documents and Settings\Linda Bell\Application Data\Zylom
    C:\Documents and Settings\Localservice\Application Data\Intradrive
    C:\Documents and Settings\Localservice\Application Data\Macromedia
    C:\Documents and Settings\Localservice\Application Data\Microsoft
    C:\Documents and Settings\Networkservice\Application Data\Microsoft
    C:\Documents and Settings\Robert Bell\Application Data\Adobe
    C:\Documents and Settings\Robert Bell\Application Data\Adobeum
    C:\Documents and Settings\Robert Bell\Application Data\Ahead
    C:\Documents and Settings\Robert Bell\Application Data\Aol
    C:\Documents and Settings\Robert Bell\Application Data\Apple Computer
    C:\Documents and Settings\Robert Bell\Application Data\Drivecleaner Free
    C:\Documents and Settings\Robert Bell\Application Data\Google
    C:\Documents and Settings\Robert Bell\Application Data\Gtek
    C:\Documents and Settings\Robert Bell\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Robert Bell\Application Data\Identities
    C:\Documents and Settings\Robert Bell\Application Data\Intradrive
    C:\Documents and Settings\Robert Bell\Application Data\Lavasoft
    C:\Documents and Settings\Robert Bell\Application Data\Leadertech
    C:\Documents and Settings\Robert Bell\Application Data\Macromedia
    C:\Documents and Settings\Robert Bell\Application Data\Magic Match
    C:\Documents and Settings\Robert Bell\Application Data\Mcafee.com Personal Firewall
    C:\Documents and Settings\Robert Bell\Application Data\Microsoft
    C:\Documents and Settings\Robert Bell\Application Data\Motive
    C:\Documents and Settings\Robert Bell\Application Data\Mozilla
    C:\Documents and Settings\Robert Bell\Application Data\Msninstaller
    C:\Documents and Settings\Robert Bell\Application Data\Pctv4me
    C:\Documents and Settings\Robert Bell\Application Data\Playfirst
    C:\Documents and Settings\Robert Bell\Application Data\Privacyprotector
    C:\Documents and Settings\Robert Bell\Application Data\Real
    C:\Documents and Settings\Robert Bell\Application Data\Roxio
    C:\Documents and Settings\Robert Bell\Application Data\Sun
    C:\Documents and Settings\Robert Bell\Application Data\Versiontracker Pro
    C:\Documents and Settings\Robert Bell\Application Data\Wholesecurity
    C:\Documents and Settings\Robert Bell\Application Data\Wildfire
    C:\Documents and Settings\Robert Bell\Application Data\You've Got Pictures Screensaver
    C:\Documents and Settings\Robert Bell\Application Data\Zylom

    Any more help you can give, would be appreciated..

    Thanks
     
    daftdog,
    #3
  5. 2007/04/03
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Well the tool did remove part of the infection, just not all of it. We'll get the rest manually.

    The section posted above referencing 'Fix Checked' was a decription of the procedure and what happens when you hit the 'Fix Checked' button. You were not supposed to do any 'fixing' yet.

    But we are now. :p


    Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.incredimail.com/page.asp?...on=IncrediMail

    R3 - URLSearchHook: (no name) - - (no file)


    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKLM\..\Run: [TrayBitsGramInfo] C:\Documents and Settings\All Users\Application Data\THIS TWO TRAY BITS\scr corn.exe

    O4 - HKCU\..\Run: [ante ball] C:\DOCUME~1\ROBERT~1\APPLIC~1\INTRAD~1\Soapbags.ex e

    O4 - Global Startup: NoLop.exe


    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -

    O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries...1071_em_XP.cab

    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab

    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://media.grab.com/media/35f4a8/g...147/axhost.cab

    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://privacyprotector.com/.freewar...yprotector.cab


    Search for, and delete, if found, the following files/folders:
    C:\Documents and Settings\All Users\Application Data\THIS TWO TRAY BITS<<<<---this folder
    C:\DOCUME~1\ROBERT~1\APPLIC~1\INTRAD~1\Soapbags.exe<<<--this file

    Reboot post a new HJT log back into this thread please.
     
    TeMerc,
    #4
  6. 2007/04/04
    daftdog

    daftdog Inactive Thread Starter

    Joined:
    2007/04/03
    Messages:
    10
    Likes Received:
    0
    Hi Again TeMerc,

    I did everything you suggested in the last post and the only problem i had was that the system wouldn't let me delete the THIS TWO TRAY BITS folder, as a program was using a file in it. So i ran HJT and saved a log file, then i rebooted and did manage to delete the THIS TWO TRAY BITS folder and i ran HJT and saved another log file . Both of which are posted below.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:58:22, on 04/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Common Files\PrivacyProtector\prpcw.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe
    c:\progra~1\intern~1\iexplore.exe
    c:\program files\common files\aol\1133633940\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    c:\program files\common files\aol\1133633940\ee\aolsoftware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HJT\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
    O4 - HKLM\..\Run: [prpcw] "C:\Program Files\Common Files\PrivacyProtector\prpcw.exe" -c
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpeedItUpEX] "C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI
    O4 - HKCU\..\Run: [ante ball] C:\DOCUME~1\ROBERT~1\APPLIC~1\INTRAD~1\Soapbags.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0d\aoltray.exe
    O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.4/WinSSWebAgent.CAB
    O16 - DPF: {15AC034D-14DF-4AF8-9D02-29E1F56A8235} (Virgin Digital MusicNet Class) - http://www.virgindigital.co.uk/activeX/VirginWMA.cab
    O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://honeyspoem.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137013445187
    O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
    O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Logfile of HijackThis v1.99.1
    Scan saved at 12:08:36, on 04/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\PV92Tray.exe
    C:\Program Files\Common Files\PrivacyProtector\prpcw.exe
    C:\WINDOWS\system32\gsicon.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\AOL 9.0d\aoltray.exe
    C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
    c:\program files\common files\aol\1133633940\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    c:\program files\common files\aol\1133633940\ee\aolsoftware.exe
    C:\HJT\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
    O4 - HKLM\..\Run: [prpcw] "C:\Program Files\Common Files\PrivacyProtector\prpcw.exe" -c
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpeedItUpEX] "C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI
    O4 - HKCU\..\Run: [ante ball] C:\DOCUME~1\ROBERT~1\APPLIC~1\INTRAD~1\Soapbags.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0d\aoltray.exe
    O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.4/WinSSWebAgent.CAB
    O16 - DPF: {15AC034D-14DF-4AF8-9D02-29E1F56A8235} (Virgin Digital MusicNet Class) - http://www.virgindigital.co.uk/activeX/VirginWMA.cab
    O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://honeyspoem.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137013445187
    O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
    O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


    :mad:The pop-ups still appear though lol.

    If you have any more advice, i thank you in advance.. and may a thousand fleas infest the armpits of your enemies..lol
     
    daftdog,
    #5
  7. 2007/04/04
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Ok, lets try safe mode fix.

    Reboot, into safe mode, this way:
    Turn on the computer
    Immediately begin tapping the <F8> key.
    Use the arrow keys to highlight Safe Mode and press the <Enter> key.

    Also, enable the 'Show Hidden Folders' option, like this:
    Click Start.
    Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    Click OK.

    Run HJT, and place a check next to the following lines, then, with all browsers and windows closed, hit 'Fix checked':

    O4 - HKCU\..\Run: [ante ball] C:\DOCUME~1\ROBERT~1\APPLIC~1\INTRAD~1\Soapbags.exe

    Search for, and delete, if found, the following files/folders:
    C:\DOCUME~1\ROBERT~1\APPLIC~1\INTRAD~1\Soapbags.exe<<<--this file

    Reboot post a new HJT log back into this thread please.
     
    TeMerc,
    #6
  8. 2007/04/04
    daftdog

    daftdog Inactive Thread Starter

    Joined:
    2007/04/03
    Messages:
    10
    Likes Received:
    0
    Here is the new log file. pop ups still appearing and my firewall reports nagiluhb.exe is trying to access the internet. Its path is C:\WINDOWS\system32\nagiluhb.exe, but cant find it in that folder when i look for it.

    Logfile of HijackThis v1.99.1
    Scan saved at 17:59:52, on 04/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\PV92Tray.exe
    C:\Program Files\Common Files\PrivacyProtector\prpcw.exe
    C:\WINDOWS\system32\gsicon.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\AOL 9.0d\aoltray.exe
    c:\program files\common files\aol\1133633940\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
    c:\program files\common files\aol\1133633940\ee\aolsoftware.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
    O4 - HKLM\..\Run: [prpcw] "C:\Program Files\Common Files\PrivacyProtector\prpcw.exe" -c
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpeedItUpEX] "C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0d\aoltray.exe
    O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.4/WinSSWebAgent.CAB
    O16 - DPF: {15AC034D-14DF-4AF8-9D02-29E1F56A8235} (Virgin Digital MusicNet Class) - http://www.virgindigital.co.uk/activeX/VirginWMA.cab
    O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
    O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://honeyspoem.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137013445187
    O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
    O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
    daftdog,
    #7
  9. 2007/04/04
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Ok, lets do a couple of things to dig deeper.

    First thing I'd like you to do is to rename the HijackThis executable, hijackthis.exe to <anything of your choice> .exe, as long you change it's name.

    Then Please download SilentRunners from here

    Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run.
    Silent Runners will ask if you want to skip the supplementary search.
    Please select 'No' to include them.
    Then select 'Yes' to confirm the search.
    When the scan is finished, a message will pop up and a logfile will have been created on the desktop.

    Please post the entire contents of this logfile created back into this thread for me to see along with a new HJT log, created after the rename.
     
    TeMerc,
    #8
  10. 2007/04/05
    daftdog

    daftdog Inactive Thread Starter

    Joined:
    2007/04/03
    Messages:
    10
    Likes Received:
    0
    Hi again.. did as ordered..lol

    Logfile of HijackThis v1.99.1
    Scan saved at 16:06:32, on 05/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\PV92Tray.exe
    C:\Program Files\Common Files\PrivacyProtector\prpcw.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\gsicon.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\program files\common files\aol\1133633940\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    c:\program files\common files\aol\1133633940\ee\aolsoftware.exe
    C:\Program Files\AOL 9.0d\aoltray.exe
    C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
    C:\Program Files\AOL 9.0d\waol.exe
    C:\Program Files\AOL 9.0d\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\WINDOWS\system32\linkprd.exe
    c:\program files\common files\aol\1133633940\ee\anotify.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\humptydumpty.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
    O4 - HKLM\..\Run: [prpcw] "C:\Program Files\Common Files\PrivacyProtector\prpcw.exe" -c
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpeedItUpEX] "C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0d\aoltray.exe
    O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.4/WinSSWebAgent.CAB
    O16 - DPF: {15AC034D-14DF-4AF8-9D02-29E1F56A8235} (Virgin Digital MusicNet Class) - http://www.virgindigital.co.uk/activeX/VirginWMA.cab
    O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
    O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://honeyspoem.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137013445187
    O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
    O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2E1081E1-5DCC-413C-947A-68A3B766E647}: NameServer = 205.188.146.145
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    ------------------------------------------------------------------
    "Silent Runners.vbs ", revision R50, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++} "


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "SpeedItUpEX" = " "C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI" [ "MicroSmarts LLC."]
    "msnmsgr" = " "C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [ "Sun Microsystems, Inc."]
    "HostManager" = "C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe" [ "America Online, Inc."]
    "VSOCheckTask" = " "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask" [ "Networks Associates Technology, Inc"]
    "VirusScan Online" = " "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" " [ "Networks Associates Technology, Inc"]
    "MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ "Networks Associates Technology, Inc"]
    "MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [ "Networks Associates Technology, Inc"]
    "DriverMagicLogon" = " "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot" [ "SymplisIT Corporation"]
    "AOL Spyware Protection" = " "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" " [null data]
    "QuickTime Task" = " "C:\Program Files\QuickTime\qttask.exe" -atboottime" [ "Apple Computer, Inc."]
    "AOLDialer" = "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [ "AOL LLC"]
    "RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" [ "RealNetworks, Inc."]
    "MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ "McAfee Security"]
    "PCTVOICE" = "pctspk.exe" [empty string]
    "PV92TRAY" = "PV92Tray.exe" [ "PCtel Inc."]
    "prpcw" = " "C:\Program Files\Common Files\PrivacyProtector\prpcw.exe" -c" [null data]
    "GSICONEXE" = "gsicon.exe" [ "GlobespanVirata, Inc."]
    "DSLAGENTEXE" = "dslagent.exe USB" [null data]
    "%FP%Friendly fts.exe" = " "C:\Program Files\VoyagerTest\fts.exe" " [ "Friendly Technologies"]
    "(Default)" = "(empty string)" [file not found]
    "(Default)" = (unknown data type)

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "IE7 Uninstall Stub "
    \StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS]
    >{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer "
    \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper "
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" [ "Adobe Systems Incorporated"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class "
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" [ "Sun Microsystems, Inc."]
    {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\(Default) = "AOL Toolbar Launcher "
    -> {HKLM...CLSID} = "AOL Toolbar Launcher "
    \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll" [ "America Online, Inc."]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Windows Live Sign-in Helper "
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Windows Live Toolbar Helper "
    \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext "
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" [ "Hilgraeve, Inc."]
    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast "
    -> {HKLM...CLSID} = "avast "
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" [ "ALWIL Software"]
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders "
    -> {HKLM...CLSID} = "My Sharing Folders "
    \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "
    -> {HKLM...CLSID} = "WPDShServiceObj Class "
    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info "
    -> {HKLM...CLSID} = "PDF Shell Extension "
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" [ "Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24} "
    -> {HKLM...CLSID} = "avast "
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" [ "ALWIL Software"]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24} "
    -> {HKLM...CLSID} = "avast "
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" [ "ALWIL Software"]


    Default executables:
    --------------------

    HKCU\Software\Classes\.bat\(Default) = (value not set)

    HKCU\Software\Classes\.cmd\(Default) = (value not set)

    HKCU\Software\Classes\.com\(Default) = (value not set)

    HKCU\Software\Classes\.exe\(Default) = (value not set)

    HKCU\Software\Classes\.hta\(Default) = "htafile "


    Group Policies {policy setting}:
    --------------------------------

    Note: detected settings may not have any effect.

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Devices: Allow undock without having to log on}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp "


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\system32\BIOGEM~1.SCR" (biogems2006.scr) [ "ScreenTime Media"]


    Startup items in "Robert bell" & "All Users" startup folders:
    -------------------------------------------------------------

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ "Adobe Systems Incorporated"]
    "AOL 9.0 Tray Icon" -> shortcut to: "C:\Program Files\AOL 9.0d\aoltray.exe -check" [ "America Online, Inc."]
    "AOL Broadband Check-Up" -> shortcut to: "C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe -boot" [ "Motive Communications, Inc."]


    Enabled Scheduled Tasks:
    ------------------------

    "Check Updates for Windows Live Toolbar" -> launches: "C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE" [MS]
    "McAfee.com Update Check (WILLOW-Linda Bell)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [ "Networks Associates Technology, Inc"]
    "McAfee.com Update Check (WILLOW-Robert bell)" -> launches: "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe /Schedule" [ "Networks Associates Technology, Inc"]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{DE9C389F-3316-41A7-809B-AA305ED9D922} "
    -> {HKLM...CLSID} = "AOL Toolbar "
    \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll" [ "America Online, Inc."]
    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} "
    -> {HKLM...CLSID} = "Windows Live Toolbar "
    \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan "
    -> {HKLM...CLSID} = "McAfee VirusScan "
    \InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" [ "Networks Associates Technology, Inc"]
    "{DE9C389F-3316-41A7-809B-AA305ED9D922}" = "AOL Toolbar "
    -> {HKLM...CLSID} = "AOL Toolbar "
    \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll" [ "America Online, Inc."]
    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)
    -> {HKLM...CLSID} = "Windows Live Toolbar "
    \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

    Explorer Bars

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
    {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Real.com "
    \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console "
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} "
    -> {HKCU...CLSID} = "Java Plug-in "
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" [ "Sun Microsystems, Inc."]
    -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06 "
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" [ "Sun Microsystems, Inc."]

    {3369AF0D-62E9-4BDA-8103-B4C75499B578}\
    "ButtonText" = "AOL Toolbar "
    "CLSIDExtension" = "{DE9C389F-3316-41A7-809B-AA305ED9D922} "
    -> {HKLM...CLSID} = "AOL Toolbar "
    \InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll" [ "America Online, Inc."]

    {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
    "ButtonText" = "Real.com "

    {E2E2DD38-D088-4134-82B7-F2BA38496583}\
    "MenuText" = "@xpsp3res.dll,-20001 "
    "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger "
    "MenuText" = "Windows Messenger "
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    AOL TopSpeed Monitor, AOL TopSpeedMonitor, "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" [ "America Online, Inc"]
    avast! Antivirus, avast! Antivirus, " "C:\Program Files\Alwil Software\Avast4\ashServ.exe" " [null data]
    avast! iAVS4 Control Service, aswUpdSv, " "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" " [null data]
    avast! Mail Scanner, avast! Mail Scanner, " "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" [ "ALWIL Software"]
    avast! Web Scanner, avast! Web Scanner, " "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" [ "ALWIL Software"]
    Machine Debug Manager, MDM, " "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" " [MS]
    McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe" [ "McAfee Corporation"]
    McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" [ "Network Associates, Inc."]
    McAfee.com VirusScan Online Realtime Engine, MCVSRte, "c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding" [ "Networks Associates Technology, Inc"]
    Messenger Sharing Folders USN Journal Reader service, usnjsvc, " "C:\Program Files\MSN Messenger\usnsvc.exe" " [MS]
    WAN Miniport (ATW) Service, WANMiniportService, " "C:\WINDOWS\wanmpsvc.exe" " [ "America Online, Inc."]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    Canon BJ Language Monitor iP3300\Driver = "CNMLM84.DLL" [ "CANON INC."]


    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 351 seconds.
    ---------- (total run time: 617 seconds)
     
    daftdog,
    #9
  11. 2007/04/06
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    OK, that didn't show me what I was hoping I'd find.

    Lets try another way to gather info.

    Open HJT, click the [None of the above, just start the program] button.
    Then click the [Config] button in the lower right hand of the program.
    Then select the [Misc Tools] button.
    In the upper left hand side of the program tick the two boxes [List also minor sections (full)] button and the [List empty sections (complete)] and hit the [Generate StarupList log] button, select 'Yes' when prompted by the dialog box. The resultant scan will produce a notepad log file, please paste that log file back here for me to review.
     
    TeMerc,
    #10
  12. 2007/04/10
    daftdog

    daftdog Inactive Thread Starter

    Joined:
    2007/04/03
    Messages:
    10
    Likes Received:
    0
    Hi Again TelMerc

    Hope you had a good holiday weekend.

    Here is the HJT log file

    StartupList report, 10/04/2007, 12:04:51
    StartupList version: 1.52.2
    Started from : C:\HJT\humptydumpty.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\PV92Tray.exe
    C:\Program Files\Common Files\PrivacyProtector\prpcw.exe
    C:\WINDOWS\system32\gsicon.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\AOL 9.0d\aoltray.exe
    c:\program files\common files\aol\1133633940\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    c:\program files\common files\aol\1133633940\ee\aolsoftware.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    C:\Program Files\AOL 9.0d\waol.exe
    C:\Program Files\AOL 9.0d\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\humptydumpty.exe
    c:\program files\common files\aol\1133633940\ee\anotify.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0d\aoltray.exe
    AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    HostManager = C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
    MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    DriverMagicLogon = "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
    AOL Spyware Protection = "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    PCTVOICE = pctspk.exe
    PV92TRAY = PV92Tray.exe
    prpcw = "C:\Program Files\Common Files\PrivacyProtector\prpcw.exe" -c
    GSICONEXE = gsicon.exe
    DSLAGENTEXE = dslagent.exe USB
    %FP%Friendly fts.exe = "C:\Program Files\VoyagerTest\fts.exe "
    (Default) =

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    SpeedItUpEX = "C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\system32\BIOGEM~1.SCR
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
    (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
    (no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Check Updates for Windows Live Toolbar.job
    McAfee.com Update Check (WILLOW-Linda Bell).job
    McAfee.com Update Check (WILLOW-Robert bell).job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Office Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
    CODEBASE = http://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab

    [StagingUI Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\StagingUI.ocx
    CODEBASE = http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab

    [Controller Class]
    InProcServer32 = C:\WINDOWS\system32\WINSSWEBAGENT.DLL
    CODEBASE = https://www.windowsonecare.com/install/cli/1.0.0971.4/WinSSWebAgent.CAB

    [Virgin Digital MusicNet Class]
    InProcServer32 = C:\WINDOWS\system32\VDIGITAL\VDIGITAL.DLL
    CODEBASE = http://www.virgindigital.co.uk/activeX/VirginWMA.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Windows Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
    CODEBASE = http://download.microsoft.com/downl...-40e1-a617-af65a72a0465/LegitCheckControl.cab

    [{201B9B37-848F-40BD-90EA-7B8F0AA89D6A}]
    CODEBASE = http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab

    [DiameterTransfer Control]
    InProcServer32 = C:\WINDOWS\SISObj\DIAMET~1.OCX
    CODEBASE = http://www.sis.com/download/SISTransfer.cab

    [Symantec AntiVirus scanner]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

    [CPlayFirstTriJinxControl Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67.dll
    CODEBASE = http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab

    [ZoneBuddy Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx
    CODEBASE = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab

    [{3DA5D23B-EFE1-4181-ADB7-7D457567AACA}]
    CODEBASE = http://zone.msn.com/bingame/pacz/default/pandaonline.cab

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\opuc.dll
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

    [QDiagAOLCCUpdateObj Class]
    InProcServer32 = C:\WINDOWS\system32\qdiagcc.ocx
    CODEBASE = http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab

    [McAfee.com Operating System Class]
    InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll
    CODEBASE = http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab

    [MSN Photo Upload Tool]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
    CODEBASE = http://honeyspoem.spaces.live.com//PhotoUpload/MsnPUpld.cab

    [ZonePAChat Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx
    CODEBASE = http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab

    [Windows Live Safety Center Base Module]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
    CODEBASE = http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab

    [Symantec RuFSI Utility Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    [AtlAtomadersCtlAttrib Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\Atomaders.dll
    CODEBASE = http://zone.msn.com/bingame/amad/default/atomaders.cab

    [MUWebControl Class]
    InProcServer32 = C:\WINDOWS\system32\muweb.dll
    CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137013445187

    [ZPA_DMNO Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\zpa_dmno.ocx
    CODEBASE = http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab

    [ZoneAxRcMgr Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZAxRcMgr.ocx
    CODEBASE = http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab

    [{AA59202C-5E41-48FC-AF7D-324F5FD6A9F1}]
    CODEBASE = http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab

    [MsnMessengerSetupDownloadControl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
    CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

    [MSN Games - Installer]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
    CODEBASE = http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

    [DwnldGroupMgr Class]
    InProcServer32 = C:\WINDOWS\system32\McGDMgr.dll
    CODEBASE = http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab

    [Zylom Games Player]
    InProcServer32 = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
    CODEBASE = http://game08.zylom.com/activex/zylomgamesplayer.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
    CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    [iTunesDetector Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ITDetector.ocx
    CODEBASE = http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

    [TikGames Online Control]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\gpcontrol.dll
    CODEBASE = http://zone.msn.com/bingame/pacz/default/pandaonline.cab

    [StadiumProxy Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\StProxy.dll
    CODEBASE = http://zone.msn.com/binframework/v10/StProxy.cab41227.cab

    [SCEWebLauncherCtl Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\SCEWebLauncher.Ocx
    CODEBASE = http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab

    [PopCapLoader Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.2\popcaploader.dll
    CODEBASE = http://zone.msn.com/bingame/popcaploader_v10.cab

    [HeartbeatCtl Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
    CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

    [InfosFinder2.InfosFinder]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\INFOSFINDER2.OCX
    CODEBASE = http://support.packardbell.com/files/activex/InfosFinder2.CAB

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://chat.msn.com/controls/msnchat45.cab

    [ZPA_Backgammon Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZPA_Backgammon.ocx
    CODEBASE = http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll
    WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

    --------------------------------------------------
    End of report, 13,776 bytes
    Report generated in 5.610 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
    daftdog,
    #11
  13. 2007/04/10
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    My weekend was good, thanks for asking. Hope you had a pleasant one too.

    The log generated was not complete, it appears as tho you failed to tick those two boxes. The log should be longer, and likely take up more than one posts limit, like this one

    Can you please try it again, and apologies if my instructions were not clear.
     
    TeMerc,
    #12
  14. 2007/04/10
    daftdog

    daftdog Inactive Thread Starter

    Joined:
    2007/04/03
    Messages:
    10
    Likes Received:
    0
    Hi Again,

    I followed the instructions again and this is the log file given.. It fits in this single post, as you can see..:confused:

    StartupList report, 10/04/2007, 17:03:02
    StartupList version: 1.52.2
    Started from : C:\HJT\humptydumpty.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\wanmpsvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\PV92Tray.exe
    C:\Program Files\Common Files\PrivacyProtector\prpcw.exe
    C:\WINDOWS\system32\gsicon.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\AOL 9.0d\aoltray.exe
    c:\program files\common files\aol\1133633940\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    c:\program files\common files\aol\1133633940\ee\aolsoftware.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AOL 9.0d\waol.exe
    C:\Program Files\AOL 9.0d\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\humptydumpty.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0d\aoltray.exe
    AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    HostManager = C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
    MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    DriverMagicLogon = "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
    AOL Spyware Protection = "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    PCTVOICE = pctspk.exe
    PV92TRAY = PV92Tray.exe
    prpcw = "C:\Program Files\Common Files\PrivacyProtector\prpcw.exe" -c
    GSICONEXE = gsicon.exe
    DSLAGENTEXE = dslagent.exe USB
    %FP%Friendly fts.exe = "C:\Program Files\VoyagerTest\fts.exe "
    (Default) =

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    SpeedItUpEX = "C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\system32\BIOGEM~1.SCR
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
    (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
    (no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    At1.job
    Check Updates for Windows Live Toolbar.job
    McAfee.com Update Check (WILLOW-Linda Bell).job
    McAfee.com Update Check (WILLOW-Robert bell).job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Office Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
    CODEBASE = http://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab

    [StagingUI Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\StagingUI.ocx
    CODEBASE = http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab

    [Controller Class]
    InProcServer32 = C:\WINDOWS\system32\WINSSWEBAGENT.DLL
    CODEBASE = https://www.windowsonecare.com/install/cli/1.0.0971.4/WinSSWebAgent.CAB

    [Virgin Digital MusicNet Class]
    InProcServer32 = C:\WINDOWS\system32\VDIGITAL\VDIGITAL.DLL
    CODEBASE = http://www.virgindigital.co.uk/activeX/VirginWMA.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Windows Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
    CODEBASE = http://download.microsoft.com/downl...-40e1-a617-af65a72a0465/LegitCheckControl.cab

    [{201B9B37-848F-40BD-90EA-7B8F0AA89D6A}]
    CODEBASE = http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab

    [DiameterTransfer Control]
    InProcServer32 = C:\WINDOWS\SISObj\DIAMET~1.OCX
    CODEBASE = http://www.sis.com/download/SISTransfer.cab

    [Symantec AntiVirus scanner]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

    [CPlayFirstTriJinxControl Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67.dll
    CODEBASE = http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab

    [ZoneBuddy Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx
    CODEBASE = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab

    [{3DA5D23B-EFE1-4181-ADB7-7D457567AACA}]
    CODEBASE = http://zone.msn.com/bingame/pacz/default/pandaonline.cab

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\opuc.dll
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

    [QDiagAOLCCUpdateObj Class]
    InProcServer32 = C:\WINDOWS\system32\qdiagcc.ocx
    CODEBASE = http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab

    [McAfee.com Operating System Class]
    InProcServer32 = C:\WINDOWS\system32\mcinsctl.dll
    CODEBASE = http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab

    [MSN Photo Upload Tool]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
    CODEBASE = http://honeyspoem.spaces.live.com//PhotoUpload/MsnPUpld.cab

    [ZonePAChat Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx
    CODEBASE = http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab

    [Windows Live Safety Center Base Module]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
    CODEBASE = http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab

    [Symantec RuFSI Utility Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    [AtlAtomadersCtlAttrib Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\Atomaders.dll
    CODEBASE = http://zone.msn.com/bingame/amad/default/atomaders.cab

    [MUWebControl Class]
    InProcServer32 = C:\WINDOWS\system32\muweb.dll
    CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137013445187

    [ZPA_DMNO Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\zpa_dmno.ocx
    CODEBASE = http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab

    [ZoneAxRcMgr Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZAxRcMgr.ocx
    CODEBASE = http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab

    [{AA59202C-5E41-48FC-AF7D-324F5FD6A9F1}]
    CODEBASE = http://us2-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab

    [MsnMessengerSetupDownloadControl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
    CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

    [MSN Games - Installer]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
    CODEBASE = http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

    [DwnldGroupMgr Class]
    InProcServer32 = C:\WINDOWS\system32\McGDMgr.dll
    CODEBASE = http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab

    [Zylom Games Player]
    InProcServer32 = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
    CODEBASE = http://game08.zylom.com/activex/zylomgamesplayer.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
    CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    [iTunesDetector Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ITDetector.ocx
    CODEBASE = http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

    [TikGames Online Control]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\gpcontrol.dll
    CODEBASE = http://zone.msn.com/bingame/pacz/default/pandaonline.cab

    [StadiumProxy Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\StProxy.dll
    CODEBASE = http://zone.msn.com/binframework/v10/StProxy.cab41227.cab

    [SCEWebLauncherCtl Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\SCEWebLauncher.Ocx
    CODEBASE = http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab

    [PopCapLoader Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.2\popcaploader.dll
    CODEBASE = http://zone.msn.com/bingame/popcaploader_v10.cab

    [HeartbeatCtl Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
    CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

    [InfosFinder2.InfosFinder]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\INFOSFINDER2.OCX
    CODEBASE = http://support.packardbell.com/files/activex/InfosFinder2.CAB

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://chat.msn.com/controls/msnchat45.cab

    [ZPA_Backgammon Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZPA_Backgammon.ocx
    CODEBASE = http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll
    WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

    --------------------------------------------------
    End of report, 13,695 bytes
    Report generated in 1.750 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
    daftdog,
    #13
  15. 2007/04/10
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Auuughhhrrr.........I just realized what the problem is, and its totally my fault.

    when you rename HJT executable, the start up list does not work properly.

    Please rename it back to hijackthis.exe.

    My apologies, that is something I should catch right off the bat.
     
    TeMerc,
    #14
  16. 2007/04/10
    daftdog

    daftdog Inactive Thread Starter

    Joined:
    2007/04/03
    Messages:
    10
    Likes Received:
    0
    No Probs..

    Ive ran half a dozen other scans as well today and just now it seems to be popup free, but ive ran the scan as well and

    Here it is now....

    StartupList report, 10/04/2007, 21:30:59
    StartupList version: 1.52.2
    Started from : C:\HJT\hijackthis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\PV92Tray.exe
    C:\Program Files\Common Files\PrivacyProtector\prpcw.exe
    C:\WINDOWS\system32\gsicon.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\AOL 9.0d\aoltray.exe
    c:\program files\common files\aol\1133633940\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    c:\program files\common files\aol\1133633940\ee\aolsoftware.exe
    C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\AOL 9.0d\waol.exe
    C:\Program Files\AOL 9.0d\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HJT\hijackthis.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Robert bell\Start Menu\Programs\Startup]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0d\aoltray.exe
    AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    HostManager = C:\Program Files\Common Files\AOL\1133633940\ee\AOLSoftware.exe
    VSOCheckTask = "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    VirusScan Online = "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
    MCAgentExe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    MCUpdateExe = C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    DriverMagicLogon = "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
    AOL Spyware Protection = "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    MPFExe = C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    PCTVOICE = pctspk.exe
    PV92TRAY = PV92Tray.exe
    prpcw = "C:\Program Files\Common Files\PrivacyProtector\prpcw.exe" -c
    GSICONEXE = gsicon.exe
    DSLAGENTEXE = dslagent.exe USB
    %FP%Friendly fts.exe = "C:\Program Files\VoyagerTest\fts.exe "
    (Default) =
    !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    SpeedItUpEX = "C:\Program Files\SpeedItUpExtreme\SpeedItUpEx.exe" -MINI
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    --------------------------------------------------

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

    --------------------------------------------------

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    StubPath = C:\WINDOWS\system32\ieudinit.exe

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}]
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{4b218e3e-bc98-4770-93d3-2731b9329278}] *
    StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

    --------------------------------------------------

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\system32\BIOGEM~1.SCR
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Registry Editor'

    Registry check passed

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
    (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
    (no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Check Updates for Windows Live Toolbar.job
    McAfee.com Update Check (WILLOW-Linda Bell).job
    McAfee.com Update Check (WILLOW-Robert bell).job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Microsoft XML Parser for Java]
    OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

    [Office Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
    CODEBASE = http://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab

    [StagingUI Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\StagingUI.ocx
    CODEBASE = http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab

    [Controller Class]
    InProcServer32 = C:\WINDOWS\system32\WINSSWEBAGENT.DLL
    CODEBASE = https://www.windowsonecare.com/install/cli/1.0.0971.4/WinSSWebAgent.CAB

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Windows Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
    CODEBASE = http://download.microsoft.com/downl...-40e1-a617-af65a72a0465/LegitCheckControl.cab

    [CPlayFirstTriJinxControl Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67.dll
    CODEBASE = http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab

    [ZoneBuddy Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx
    CODEBASE = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab

    [{3DA5D23B-EFE1-4181-ADB7-7D457567AACA}]
    CODEBASE = http://zone.msn.com/bingame/pacz/default/pandaonline.cab

    [Office Update Installation Engine]
    InProcServer32 = C:\WINDOWS\opuc.dll
    CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

    [MSN Photo Upload Tool]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
    CODEBASE = http://honeyspoem.spaces.live.com//PhotoUpload/MsnPUpld.cab

    [ZonePAChat Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx
    CODEBASE = http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab

    [Windows Live Safety Center Base Module]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
    CODEBASE = http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab

    [AtlAtomadersCtlAttrib Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\Atomaders.dll
    CODEBASE = http://zone.msn.com/bingame/amad/default/atomaders.cab

    [MUWebControl Class]
    InProcServer32 = C:\WINDOWS\system32\muweb.dll
    CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137013445187

    [ZPA_DMNO Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\zpa_dmno.ocx
    CODEBASE = http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [ZoneAxRcMgr Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZAxRcMgr.ocx
    CODEBASE = http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab

    [MsnMessengerSetupDownloadControl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
    CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

    [MSN Games - Installer]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
    CODEBASE = http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

    [Java Plug-in]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [Java Plug-in 1.5.0_06]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [TikGames Online Control]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\gpcontrol.dll
    CODEBASE = http://zone.msn.com/bingame/pacz/default/pandaonline.cab

    [StadiumProxy Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\StProxy.dll
    CODEBASE = http://zone.msn.com/binframework/v10/StProxy.cab41227.cab

    [SCEWebLauncherCtl Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\SCEWebLauncher.Ocx
    CODEBASE = http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab

    [PopCapLoader Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.2\popcaploader.dll
    CODEBASE = http://zone.msn.com/bingame/popcaploader_v10.cab

    [HeartbeatCtl Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
    CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://chat.msn.com/controls/msnchat45.cab

    [ZPA_Backgammon Object]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZPA_Backgammon.ocx
    CODEBASE = http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab40641.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll
    Protocol #14: C:\WINDOWS\system32\mswsock.dll
    Protocol #15: C:\WINDOWS\system32\mswsock.dll
    Protocol #16: C:\WINDOWS\system32\mswsock.dll
    Protocol #17: C:\WINDOWS\system32\mswsock.dll
     
    daftdog,
    #15
  17. 2007/04/10
    daftdog

    daftdog Inactive Thread Starter

    Joined:
    2007/04/03
    Messages:
    10
    Likes Received:
    0
    Second Part

    --------------------------------------------------

    Enumerating Windows NT/2000/XP services

    Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
    Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
    AFD: \SystemRoot\System32\drivers\afd.sys (system)
    Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
    Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
    A4Tech PS/2 Port Mouse Driver: system32\DRIVERS\Amps2prt.sys (manual start)
    AOL TopSpeed Monitor: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (autostart)
    Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
    avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
    RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
    Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
    ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
    ATWPKT2: \??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
    avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)
    avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
    avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)
    AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
    AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
    AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
    Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
    Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
    COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    CO_Mon: \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys (manual start)
    Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Creative SB16/AWE32/AWE64 Driver (WDM): system32\drivers\ctlsb16.sys (manual start)
    DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Disk Driver: system32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    dmio: System32\drivers\dmio.sys (disabled)
    dmload: System32\drivers\dmload.sys (disabled)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
    Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
    Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    ESS Audio Driver (WDM): system32\drivers\ess.sys (manual start)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
    Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
    Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
    FltMgr: system32\DRIVERS\fltMgr.sys (system)
    Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
    Game Port Enumerator: system32\DRIVERS\gameenum.sys (manual start)
    GlobeSpan USB ADSL LAN Modem: system32\DRIVERS\glausb.sys (manual start)
    Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
    Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    HTTP: System32\Drivers\HTTP.sys (manual start)
    HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
    i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
    InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
    CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
    IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
    Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
    IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
    IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
    IPSEC driver: system32\DRIVERS\ipsec.sys (system)
    IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
    Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
    Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    McAfee.com McShield: c:\PROGRA~1\mcafee.com\vso\mcshield.exe (manual start)
    McAfee SecurityCenter Update Manager: C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (manual start)
    McAfee.com VirusScan Online Realtime Engine: c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding (autostart)
    Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
    Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
    Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
    Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
    MPFIREWL: System32\Drivers\MpFirewall.sys (system)
    McAfee Personal Firewall Service: C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (autostart)
    WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
    Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
    Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
    Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
    Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
    Mtlmnt5: system32\DRIVERS\Mtlmnt5.sys (manual start)
    Mtlstrm: system32\DRIVERS\Mtlstrm.sys (manual start)
    NaiFiltr: system32\DRIVERS\NaiFiltr.sys (manual start)
    Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
    NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
    Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
    NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
    NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
    Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
    Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
    Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
    Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    NtMtlFax: system32\DRIVERS\NtMtlFax.sys (manual start)
    IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
    Parallel port driver: system32\DRIVERS\parport.sys (manual start)
    PCI Bus Driver: system32\DRIVERS\pci.sys (system)
    PCIIde: system32\DRIVERS\pciide.sys (system)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
    PPPoEWin Miniport: system32\DRIVERS\PPPoEWin.SYS (manual start)
    WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
    Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
    W2K Pctel Serial Device Driver: system32\DRIVERS\ptserial.sys (manual start)
    Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
    Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
    Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
    Rdbss: system32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
    RecAgent: system32\DRIVERS\RecAgent.sys (system)
    Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
    Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
    Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: system32\DRIVERS\RTL8139.SYS (manual start)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Secdrv: system32\DRIVERS\secdrv.sys (manual start)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
    Serial port driver: system32\DRIVERS\serial.sys (system)
    StarForce Protection Environment Driver (version 1.x): System32\drivers\sfdrv01.sys (system)
    StarForce Protection Helper Driver (version 2.x): System32\drivers\sfhlp02.sys (system)
    StarForce Protection Synchronization Driver (version 2.x): System32\drivers\sfsync02.sys (system)
    Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SiS300i: system32\DRIVERS\sis300ip.sys (manual start)
    SiS315: system32\DRIVERS\sisgrp.sys (manual start)
    Service for SiS7018 Driver (WDM): system32\drivers\sis7018.sys (manual start)
    SiS AGP Filter: system32\DRIVERS\SISAGPX.sys (system)
    SiSkp: system32\drivers\srvkp.sys (system)
    Smart Link 56K Modem Driver: system32\DRIVERS\slntamr.sys (manual start)
    SlNtHal: system32\DRIVERS\Slnthal.sys (manual start)
    SlWdmSup: system32\DRIVERS\SlWdmSup.sys (manual start)
    Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    System Restore Filter Driver: \SystemRoot\system32\DRIVERS\sr.sys (disabled)
    System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Srv: system32\DRIVERS\srv.sys (manual start)
    SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
    SigmaTel 3D Environmental Audio: system32\drivers\stac97na.sys (manual start)
    STAC97NH: system32\drivers\stac97nh.sys (manual start)
    Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)
    Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{211CEA6C-71B0-40EE-9D59-F3B14E951A4F} (manual start)
    Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
    Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
    Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
    Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    TVICHW32: \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS (manual start)
    Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
    Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
    USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
    Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
    Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
    USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
    Messenger Sharing Folders USN Journal Reader service: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start)
    VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
    W2K Vmodem: system32\DRIVERS\vmodem.sys (manual start)
    W2K Vpctcom: system32\DRIVERS\vpctcom.sys (manual start)
    Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
    W2K Vvoice: system32\DRIVERS\vvoice.sys (manual start)
    Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
    WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
    WAN Miniport (ATW) Service: "C:\WINDOWS\wanmpsvc.exe" (autostart)
    Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
    Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
    Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
    Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
    Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
    Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: *Registry value not found*

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll
    WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *No values found*

    --------------------------------------------------

    End of report, 40,936 bytes
    Report generated in 5.500 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
    daftdog,
    #16
  18. 2007/04/10
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    And I'm certainly not seeing anything to indicate something hidden. Did these other scans find anything and remove it?
     
    TeMerc,
    #17
  19. 2007/04/12
    daftdog

    daftdog Inactive Thread Starter

    Joined:
    2007/04/03
    Messages:
    10
    Likes Received:
    0
    Hi TelMerc

    The scans i did on Tuesday seem to have worked (when i tested on Tuesday night) but not sure if its still the case, as i haven't spoken to the mother-in-law since then.

    Can i take this opportunity to give thanks for all your help in trying to fix this.

    Next time i am down at the mother in laws, i will post the link to the help page i used... It was longggggggggggggggggg..lol.

    Cheers

    Paul
     
    daftdog,
    #18

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...