1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Blue Screen of Spyware Infection? Can't get rid of it.

Discussion in 'Virus & Other Malware Removal' started by mcfabolous13, Jan 2, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. mcfabolous13

    mcfabolous13 Thread Starter

    Joined:
    Jan 2, 2006
    Messages:
    17
    I have run Adaware and Microsoft Antispy. They found a bunch of various things, and I got rid of them. There is still the blue screen with a black rectangle that says "Spyware Infection. Your system is infected with spyware. Windows recommends you to use a spyware removal tool to prevent loss of important data and increase system performance. Using this PC before having it cleaned from spyware threats is highly discouraged." I don't seem to get any popups, but I can't change my desktop picture or anything. Thanks in advance for your help.
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi mcfabolous13

    Welcome to TSG! :)

    Please do this:

    * Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. mcfabolous13

    mcfabolous13 Thread Starter

    Joined:
    Jan 2, 2006
    Messages:
    17
    Here is my HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:58:49 AM, on 1/2/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
    C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134860931105
    O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0B3BE34F-A486-454E-B2D9-8D4F54F1A820}: NameServer = 85.255.116.171,85.255.112.210
    O17 - HKLM\System\CCS\Services\Tcpip\..\{24206469-6E3D-4F7F-A3E3-B339EEE5E2D4}: NameServer = 85.255.116.171,85.255.112.210
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A48C638F-071F-4D77-AF2F-B1D139569361}: NameServer = 85.255.116.171,85.255.112.210
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0B3BE34F-A486-454E-B2D9-8D4F54F1A820}: NameServer = 85.255.116.171,85.255.112.210
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0B3BE34F-A486-454E-B2D9-8D4F54F1A820}: NameServer = 85.255.116.171,85.255.112.210
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Click here to download smitRem.exe.
    • Save the file to your desktop.
    • It is a self extracting file.
    • Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
    • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.


    * Download the trial version of Ewido Security Suite here.
    • Install ewido.
    • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido
    • It will prompt you to update click the OK button and it will go to the main screen
    • On the left side of the main screen click update
    • Click on Start and let it update.
    • DO NOT run a scan yet. You will do that later in safe mode.


    * Click here for info on how to boot to safe mode if you don't already know how.


    * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
    Wait for the tool to complete and disk cleanup to finish.


    * Run Ewido:
    • Click on scanner
    • Click Complete System Scan and the scan will begin.
    • During the scan it will prompt you to clean files, click OK
    • When the scan is finished, look at the bottom of the screen and click the Save report button.
    • Save the report to your desktop


    * Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


    * Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


    * Restart back into Windows normally now.


    * Run ActiveScan online virus scan here

    When the scan is finished, save the results from the scan!

    Post a new HiJackThis log along with the results from ActiveScan
     
  5. mcfabolous13

    mcfabolous13 Thread Starter

    Joined:
    Jan 2, 2006
    Messages:
    17
    There seems to be a problem with the smitRem link. I tried to search for a mirror, but was unsuccessful finding one. Could you maybe point me towards another download site, or give me some idea of why I am having trouble downloading it?
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
  7. mcfabolous13

    mcfabolous13 Thread Starter

    Joined:
    Jan 2, 2006
    Messages:
    17
    ActiveScan seems to keep getting hung up on a printer file. I ran it twice and both times it seems to stall out at the same point. Should I just let it sit and see if keeps going or do you have some other advice for me?
     
  8. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Wait it out a while.
     
  9. mcfabolous13

    mcfabolous13 Thread Starter

    Joined:
    Jan 2, 2006
    Messages:
    17
    when i try to do a my computer scan it seems to stall still and then randomly closed. i am trying now to do a local drives scan. should i go back and try to do a my computer scan or will the local drives scan be sufficient?
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Skip that one and try this one:

    Run Kaspersky online virus scan here.

    When the scan is finished, Save the results from the scan!

    Post a new HiJackThis log along with the results from Kaspersky scan
     
  11. mcfabolous13

    mcfabolous13 Thread Starter

    Joined:
    Jan 2, 2006
    Messages:
    17
    Here is the HJT Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:56:49 PM, on 1/2/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
    C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\AIM\aim.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134860931105
    O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0B3BE34F-A486-454E-B2D9-8D4F54F1A820}: NameServer = 85.255.116.171,85.255.112.210
    O17 - HKLM\System\CCS\Services\Tcpip\..\{24206469-6E3D-4F7F-A3E3-B339EEE5E2D4}: NameServer = 85.255.116.171,85.255.112.210
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A48C638F-071F-4D77-AF2F-B1D139569361}: NameServer = 85.255.116.171,85.255.112.210
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0B3BE34F-A486-454E-B2D9-8D4F54F1A820}: NameServer = 85.255.116.171,85.255.112.210
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0B3BE34F-A486-454E-B2D9-8D4F54F1A820}: NameServer = 85.255.116.171,85.255.112.210
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
     
  12. mcfabolous13

    mcfabolous13 Thread Starter

    Joined:
    Jan 2, 2006
    Messages:
    17
    And the Kaspersky Log:

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Monday, January 02, 2006 22:56:09
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 3/01/2006
    Kaspersky Anti-Virus database records: 158496
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 99143
    Number of viruses found: 19
    Number of infected objects: 36
    Number of suspicious objects: 0
    Duration of the scan process: 5127 sec

    Infected Object Name - Virus Name
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-35538907-132df47c.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.z
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-35538907-132df47c.zip/VB.class Infected: Trojan.Java.ClassLoader.ak
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-35538907-132df47c.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-35538907-132df47c.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-35538907-26dfa6ea.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.z
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-35538907-26dfa6ea.zip/VB.class Infected: Trojan.Java.ClassLoader.ak
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-35538907-26dfa6ea.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-35538907-26dfa6ea.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-18d51691-7416b317.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-18d51691-7416b317.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-18d51691-7416b317.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-18d51691-7416b317.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-18d51691-7416b317.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-28b7c93d-36a41c38.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-28b7c93d-36a41c38.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-28b7c93d-36a41c38.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-28b7c93d-36a41c38.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-28b7c93d-36a41c38.zip Infected: Trojan-Downloader.Java.OpenConnection.v
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderms.jar-105ca895-7fc95e17.zip/Counter.class Infected: Trojan.Java.ClassLoader.h
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderms.jar-105ca895-7fc95e17.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderms.jar-105ca895-7fc95e17.zip/Parser.class Infected: Trojan.Java.ClassLoader.d
    C:\Documents and Settings\Michael McFadden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderms.jar-105ca895-7fc95e17.zip Infected: Trojan.Java.ClassLoader.d
    C:\System Volume Information\_restore{718A5E85-71A2-4F25-8813-A3A1224E9A28}\RP267\A0018090.exe Infected: Trojan-Downloader.Win32.Small.bgv
    C:\System Volume Information\_restore{718A5E85-71A2-4F25-8813-A3A1224E9A28}\RP267\A0018091.exe Infected: Trojan-Downloader.Win32.Small.bgv
    C:\System Volume Information\_restore{718A5E85-71A2-4F25-8813-A3A1224E9A28}\RP267\A0018092.exe Infected: Trojan-Dropper.Win32.SurfSide.a
    C:\System Volume Information\_restore{718A5E85-71A2-4F25-8813-A3A1224E9A28}\RP267\A0018095.ocx Infected: Trojan-Downloader.Win32.VB.ez
    C:\System Volume Information\_restore{718A5E85-71A2-4F25-8813-A3A1224E9A28}\RP267\A0018096.exe Infected: Trojan-Clicker.Win32.VB.ei
    C:\System Volume Information\_restore{718A5E85-71A2-4F25-8813-A3A1224E9A28}\RP267\A0018102.exe Infected: not-virus:Hoax.Win32.Renos.al
    C:\System Volume Information\_restore{718A5E85-71A2-4F25-8813-A3A1224E9A28}\RP268\A0018196.exe Infected: Trojan-Downloader.Win32.Small.adu
    C:\System Volume Information\_restore{718A5E85-71A2-4F25-8813-A3A1224E9A28}\RP268\A0018198.exe Infected: Trojan-Dropper.Win32.SurfSide.a
    C:\System Volume Information\_restore{718A5E85-71A2-4F25-8813-A3A1224E9A28}\RP268\A0018199.dll/EXE-file Infected: Trojan-Dropper.Win32.Small.ht
    C:\System Volume Information\_restore{718A5E85-71A2-4F25-8813-A3A1224E9A28}\RP268\A0018199.dll Infected: Trojan-Dropper.Win32.Small.ht
    C:\System Volume Information\_restore{718A5E85-71A2-4F25-8813-A3A1224E9A28}\RP268\A0018200.exe Infected: Trojan.Win32.Dialer.ay
    C:\System Volume Information\_restore{718A5E85-71A2-4F25-8813-A3A1224E9A28}\RP268\A0018202.exe Infected: Trojan-Downloader.Win32.Small.buy
    C:\System Volume Information\_restore{718A5E85-71A2-4F25-8813-A3A1224E9A28}\RP268\A0018204.exe Infected: not-virus:Hoax.Win32.Renos.al
    C:\System Volume Information\_restore{718A5E85-71A2-4F25-8813-A3A1224E9A28}\RP268\A0018205.exe Infected: Trojan-Downloader.Win32.Small.awa

    Scan process completed.
     
  13. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Go to Control Panel > Java. On the General tab under "Temporary Internet Files" click the "Delete Files button to clear the Java cache.


    * Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!


    * Click here for info on how to boot to safe mode if you don't already know how.


    Reboot into Safe Mode


    Doubleclick WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    Reboot back to Normal Mode!


    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Copy and paste WinPFind.txt in your next post here please.
     
  14. mcfabolous13

    mcfabolous13 Thread Starter

    Joined:
    Jan 2, 2006
    Messages:
    17
    and here is the WinPFind.txt:

    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
    Internet Explorer Version: 6.0.2900.2180

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...

    Checking %System% folder...
    PEC2 3/18/2003 8:05:50 PM 2052096 C:\WINDOWS\SYSTEM32\atl71.pdb
    PEC2 8/29/2002 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
    PEC2 10/26/2004 5:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
    PECompact2 10/26/2004 5:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
    PTech 11/4/2005 4:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
    PEC2 3/18/2003 10:20:02 PM 10357760 C:\WINDOWS\SYSTEM32\mfc71.pdb
    PEC2 3/18/2003 9:28:40 PM 8252416 C:\WINDOWS\SYSTEM32\MFC71d.pdb
    PEC2 3/18/2003 10:12:14 PM 10333184 C:\WINDOWS\SYSTEM32\mfc71u.pdb
    PEC2 3/18/2003 9:31:58 PM 8293376 C:\WINDOWS\SYSTEM32\mfc71ud.pdb
    PECompact2 12/8/2005 7:20:26 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 12/8/2005 7:20:26 PM 2714976 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 8/3/2004 11:56:38 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
    Umonitor 8/3/2004 11:56:46 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
    FSG! 12/31/2005 5:21:34 PM 8329 C:\WINDOWS\SYSTEM32\rzspy.exe
    winsync 8/29/2002 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

    Checking %System%\Drivers folder and sub-folders...

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    1/2/2006 11:15:10 PM S 2048 C:\WINDOWS\bootstat.dat
    12/29/2005 10:44:44 PM H 54156 C:\WINDOWS\QTFont.qfn
    12/18/2005 6:03:40 PM H 0 C:\WINDOWS\inf\oem14.inf
    1/2/2006 3:47:10 PM H 0 C:\WINDOWS\LastGood\INF\oem15.inf
    1/2/2006 3:47:10 PM H 0 C:\WINDOWS\LastGood\INF\oem15.PNF
    11/30/2005 11:17:10 PM S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat
    12/1/2005 7:12:48 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat
    1/2/2006 11:15:02 PM H 8192 C:\WINDOWS\system32\config\default.LOG
    1/2/2006 11:15:26 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
    1/2/2006 11:15:10 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
    1/2/2006 11:15:42 PM H 73728 C:\WINDOWS\system32\config\software.LOG
    1/2/2006 11:15:16 PM H 905216 C:\WINDOWS\system32\config\system.LOG
    12/16/2005 3:00:40 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    11/17/2005 11:43:24 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\8d313574-9a07-420d-ba11-f16acdc58fcf
    11/17/2005 11:43:24 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
    1/2/2006 11:14:08 PM H 6 C:\WINDOWS\Tasks\SA.DAT

    Checking for CPL files...
    8/19/2003 2:20:04 AM 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
    Creative Technology Ltd. 5/28/2001 1:47:00 PM 32768 C:\WINDOWS\SYSTEM32\AudioHQU.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
    Creative Technology Ltd. 3/30/2001 2:00:00 AM 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
    Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
    Microsoft Corporation 8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
    AvantGo, Inc. 2/21/2003 4:58:26 AM 69632 C:\WINDOWS\SYSTEM32\MBLLNK.CPL
    Microsoft Corporation 8/3/2004 11:56:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
    Microsoft Corporation 8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
    NVIDIA Corporation 4/1/2005 3:16:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
    Microsoft Corporation 8/29/2002 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
    Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
    Microsoft Corporation 8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
    Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
    Microsoft Corporation 8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
    Microsoft Corporation 8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
    Microsoft Corporation 8/29/2002 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
    Microsoft Corporation 8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
    Microsoft Corporation 8/3/2004 11:56:58 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
    Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
    NVIDIA Corporation 7/28/2003 2:19:00 PM 143360 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\nvtuicpl.cpl

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    1/2/2006 3:43:44 PM 2335 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    11/29/2004 1:47:58 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    1/21/2005 2:39:36 AM 831 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    11/28/2004 8:22:34 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

    Checking files in %USERPROFILE%\Startup folder...
    11/29/2004 1:47:58 AM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

    Checking files in %USERPROFILE%\Application Data folder...
    11/28/2004 8:22:34 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    SV1 =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Adobe.Acrobat.ContextMenu
    {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
    = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
    Google Toolbar Helper = c:\program files\google\googletoolbar2.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}
    AcroIEToolbarHelper Class = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{182EC0BE-5110-49C8-A062-BEB1D02A220B}
    Adobe PDF = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = %SystemRoot%\system32\shdocvw.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {47833539-D0C5-4125-9FA8-0819E2EAAC93} = Adobe PDF : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
    ButtonText = Create Mobile Favorite :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
    MenuText = Create Mobile Favorite... : C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
    ButtonText = Research :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
    ButtonText = AIM : C:\Program Files\AIM\aim.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
    ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    nwiz nwiz.exe /install
    WINDVDPatch CTHELPER.EXE
    UpdReg C:\WINDOWS\UpdReg.EXE
    Jet Detection "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
    CTStartup C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    RemoteControl "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
    QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
    type32 "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    Acrobat Assistant 7.0 "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

    NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    {0228e555-4f9c-4e35-a3ec-b109a192b4c2} C:\Program Files\Google\Gmail Notifier\gnotify.exe
    D-Link AirPlus G C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    ANIWZCS2Service C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

    NoDriveTypeAutoRun _
    NoActiveDesktopChanges 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption
    legalnoticetext
    shutdownwithoutlogon 1
    undockwithoutlogon 1
    DisableTaskMgr 0


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
    NoAddingComponents 0
    NoComponents 0
    NoDeletingComponents 0
    NoEditingComponents 0
    NoCloseDragDropBands 0
    NoMovingBands 0
    NoHTMLWallPaper 0
    NoChangingWallPaper 0

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoDriveTypeAutoRun 145
    NoActiveDesktop 0
    NoSaveSettings 0
    ClassicShell 0
    NoThemesTab 0

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    DisableTaskMgr 0
    NoColorChoice 0
    NoSizeChoice 0
    NoDispScrSavPage 0
    NoDispCPL 0
    NoVisualStyleChoice 0
    NoDispSettingsPage 0
    NoDispAppearancePage 0
    NoDispBackgroundPage 0


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
    SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    Shell = Explorer.exe
    System =

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
    Scan completed on 1/2/2006 11:24:23 PM
     
  15. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Copy these instructions to notepad and save them to your desktop. You will need them to refer to.



    * Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0B3BE34F-A486-454E-B2D9-8D4F54F1A820}: NameServer = 85.255.116.171,85.255.112.210

    O17 - HKLM\System\CCS\Services\Tcpip\..\{24206469-6E3D-4F7F-A3E3-B339EEE5E2D4}: NameServer = 85.255.116.171,85.255.112.210

    O17 - HKLM\System\CCS\Services\Tcpip\..\{A48C638F-071F-4D77-AF2F-B1D139569361}: NameServer = 85.255.116.171,85.255.112.210

    O17 - HKLM\System\CS1\Services\Tcpip\..\{0B3BE34F-A486-454E-B2D9-8D4F54F1A820}: NameServer = 85.255.116.171,85.255.112.210

    O17 - HKLM\System\CS2\Services\Tcpip\..\{0B3BE34F-A486-454E-B2D9-8D4F54F1A820}: NameServer = 85.255.116.171,85.255.112.210



    * Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .

    • Double-click the Network Connections icon
    • Right-click the Local Area Connection icon and select Properties.
    • Hilight Internet Protocol (TCP/IP) and click the Properties button.
    • Be sure Obtain DNS server address automatically is selected.
    • OK your way out.


    * Go to Start > Run and type in cmd
    • Click OK.
    • This will open a commad prompt.
    • Type or copy and paste the following line in the command window:

      ipconfig /flushdns

    • Hit Enter
    • Exit the command window



    * Restart your computer.


    * Go here and do an online virus scan. Choose "Complete Scan" and select all drives to scan.

    When the scan is finished, anything that it cannot clean have it delete it.

    Post a new HiJackThis log and report back what the Housecall scan found.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/430312

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice