Sign in to follow this  
bhenry

I have been highjacked?

Recommended Posts

Please help!

I have completed the 4 steps and attached info below. I am working from another machine as the infected one is having great difficulties.

Step # 1

OTM run and ERDNT.exe file save to a flash drive and desktop.

Step # 2

Here is the best scan log I can provide. I am unable to get update. "error - 1"

Logfile created: 11/17/2010 16:31:13
Ad-Aware version: 8.3.3
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Administrator

*********************** Definitions database information ***********************
Lavasoft definition file: 149.470
Genotype definition file version: Unknown
Extended engine definition file: 6910.0

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 97070
Objects detected: 0


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0



Scan and cleaning complete: Finished correctly after 5814 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\,E:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Wed Nov 10 20:55:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Wed Nov 10 02:55:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Wed Nov 10 08:55:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Wed Nov 10 14:55:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Nov 10 20:55:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: Default.eGL, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: false
ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: false
ID: modules, enabled:1
ID: processprotection, enabled:0, value: false
ID: onaccessprotection, enabled:0, value: false
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true


****************************** System information ******************************
Computer name: BASEMENT
Processor name: Intel® Celeron® CPU 2.53GHz
Processor identifier: x86 Family 15 Model 4 Stepping 1
Processor speed: ~2534MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1025, number of processors 1, processor features: [MMX,SSE,SSE2]
Physical memory available: 429084672 bytes
Physical memory total: 804765696 bytes
Virtual memory available: 1905188864 bytes
Virtual memory total: 2147352576 bytes
Memory load: 46%
Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Windows startup mode:

Running processes:
PID: 580 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 628 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 652 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 700 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 712 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 876 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 968 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1092 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1152 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1232 name: C:\Program Files\AVG\AVG9\avgchsvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1316 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2040 name: C:\WINDOWS\Explorer.EXE owner: Administrator domain: BASEMENT
PID: 1024 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Administrator domain: BASEMENT
PID: 1116 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1264 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 956 name: C:\WINDOWS\System32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1604 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Administrator domain: BASEMENT

Startup items:
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: IE Privacy Keeper
imagepath: "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
Name: SunJavaUpdateSched
imagepath: C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
Name: AVG9_TRAY
imagepath: C:\PROGRA~1\AVG\AVG9\avgtray.exe
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: nwiz
imagepath: nwiz.exe /install
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Name: VirtualCloneDrive
imagepath: "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
Name: HP Software Update
imagepath: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime
Name: SoundMan
imagepath: SOUNDMAN.EXE
Name: NeroCheck
imagepath: C:\WINDOWS\system32\NeroCheck.exe
Name: MMTray
imagepath: C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
Name: mmtask
imagepath: "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
Name: LyraHD2TrayApp
imagepath: "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
Name: AdaptecDirectCD
imagepath: "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
Name: Google Desktop Search
imagepath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Name: Adobe Photo Downloader
imagepath: "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
Name: MSConfig
imagepath: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
Name: XML Service
imagepath: msxml32.exe
Name: System Recovery Scheduling Service
imagepath: srss.exe
Name: Windows Client/Server Runtime Server
imagepath: csrs.exe
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: Windows Client/Server Runtime Server
imagepath: csrs.exe
Name: msnmsgr
imagepath: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Name: OTM
imagepath: "C:\Documents and Settings\Administrator\Desktop\OTM.exe"
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel MEDIA FOLDERS INDEXER 8.LNK
imagepath: C:\Corel\Graphics8\Programs\MFIndexer.exe
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
imagepath: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 900 series) - 1.lnk
imagepath: C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
imagepath: C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
imagepath: C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
imagepath: C:\Program Files\Microsoft Office\Office\OSA.EXE
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
imagepath: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express Calendar Checker For My Custom Edition.lnk
imagepath: C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
imagepath: C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-ca\bin\WindowsSearch.exe

Bootexecute items:
Name:
imagepath: autocheck autochk *

Running services:
Name: Browser
displayname: Computer Browser
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: dmserver
displayname: Logical Disk Manager
Name: Dnscache
displayname: DNS Client
Name: Eventlog
displayname: Event Log
Name: helpsvc
displayname: Help and Support
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: Netman
displayname: Network Connections
Name: PlugPlay
displayname: Plug and Play
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: srservice
displayname: System Restore Service
Name: TermService
displayname: Terminal Services
Name: winmgmt
displayname: Windows Management Instrumentation
Name: WZCSVC
displayname: Wireless Zero Configuration

Step # 3

Here is the GMER Log:


GMER 1.0.15.15530 - [url="http://www.gmer.net"]http://www.gmer.net[/url]
Autostart scan 2010-11-17 18:21:45
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\[email protected] = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@Systemkdril.exe = kdril.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
[email protected] = avgrsstx.dll
[email protected] = WgaLogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs = C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile [email protected] = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
[email protected] = "C:\Program Files\AVG\AVG9\avgwdsvc.exe"
[email protected] = C:\Program Files\Canon\CAL\CALMAIN.exe
[email protected] = C:\Program Files\DynDNS Updater\DynDNS.exe
[email protected] = "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
[email protected] = "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
[email protected] = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
MSSQL$[email protected] = C:\Program Files\Microsoft SQL Server\MSSQL$PRIMAVERA\Binn\sqlservr.exe -sPRIMAVERA /*file not found*/
[email protected] = C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER /*file not found*/
[email protected] = "C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll" /prefetch:1
[email protected] = %SystemRoot%\system32\nvsvc32.exe
[email protected] = %SystemRoot%\system32\drivers\scsiport.sys

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@IE Privacy Keeper"C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup = "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
@SunJavaUpdateSchedC:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe = C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
@AVG9_TRAYC:\PROGRA~1\AVG\AVG9\avgtray.exe = C:\PROGRA~1\AVG\AVG9\avgtray.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@VirtualCloneDrive"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s = "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
@HP Software UpdateC:\Program Files\HP\HP Software Update\HPWuSchd2.exe = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@NeroCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@MMTrayC:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe = C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
@mmtask"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" = "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
@LyraHD2TrayApp"C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" = "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
@AdaptecDirectCD"C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
@Google Desktop Search"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
@Adobe Photo Downloader"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices >>>
@XML Servicemsxml32.exe /*file not found*/ = msxml32.exe /*file not found*/
@System Recovery Scheduling Servicesrss.exe /*file not found*/ = srss.exe /*file not found*/
@Windows Client/Server Runtime Servercsrs.exe /*file not found*/ = csrs.exe /*file not found*/
[email protected] = "C:\Documents and Settings\Administrator\Desktop\OTM.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\[email protected] = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*HyperTerminal Icon Ext*/C:\WINDOWS\System32\hticons.dll /*file not found*/ = C:\WINDOWS\System32\hticons.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{5E44E225-A408-11CF-B581-008029601108} /*Adaptec DirectCD Shell Extension*/C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll = C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll
@{E0D79300-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\wzshlext.dll = C:\PROGRA~1\WinZip\wzshlext.dll
@{E0D79301-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\wzshlext.dll = C:\PROGRA~1\WinZip\wzshlext.dll
@{E0D79302-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WinZip\wzshlext.dll = C:\PROGRA~1\WinZip\wzshlext.dll
@{0A082D00-EC93-11D0-B1E6-80580BC10627} /*Corel Media Folder Root Menu Handler*/C:\Corel\Graphics8\programs\CMFFld80.dll = C:\Corel\Graphics8\programs\CMFFld80.dll
@{0FBF99C1-4127-11D1-B1E6-C17E96D9180A} /*Folder To Corel Media Folder Menu Handler*/C:\Corel\Graphics8\programs\CMFFld80.dll = C:\Corel\Graphics8\programs\CMFFld80.dll
@{854AF161-1AE1-11D1-AB9B-00C0F00683EB} /*Corel Media Folder*/C:\Corel\Graphics8\programs\CMFFld80.dll = C:\Corel\Graphics8\programs\CMFFld80.dll
@{E856F161-1AE5-11d1-AB9B-00C0F00683EB} /*Corel Media Folder*/C:\Corel\Graphics8\programs\CMFFld80.dll = C:\Corel\Graphics8\programs\CMFFld80.dll
@{CDB89701-262F-11D1-AB9C-00C0F00683EB} /*Corel Media Find Folder*/C:\Corel\Graphics8\programs\CMFFld80.dll = C:\Corel\Graphics8\programs\CMFFld80.dll
@{F8152501-455F-11D1-B1E6-444553540000} /*Corel Media Folder Copy Hook Handler*/C:\Corel\Graphics8\programs\CMFFld80.dll = C:\Corel\Graphics8\programs\CMFFld80.dll
@{8E524B0D-04F0-11D1-B74A-00A0C90646A4} /*IconFactTemp.NSIconHandlerFactory*/C:\Corel\Graphics8\programs\CNSFlt80.dll = C:\Corel\Graphics8\programs\CNSFlt80.dll
@{A2AC368A-F883-11D0-B745-00A0C90646A4} /*NSFiltManDll.FiltManCom*/C:\Corel\Graphics8\programs\CNSFlt80.dll = C:\Corel\Graphics8\programs\CNSFlt80.dll
@{B63FCD5A-2396-11D1-B762-00A0C90646A4} /*¼*/C:\Corel\Graphics8\programs\CMFFnd80.dll = C:\Corel\Graphics8\programs\CMFFnd80.dll
@{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} /*TIShelEx Shell Extension*/C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll = C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll
@{13E7F612-F261-4391-BEA2-39DF4F3FA311} /*Windows Desktop Search*/C:\Program Files\MSN Toolbar Suite\EXT2.05.0001.1119\en-ca\msnlExt.dll = C:\Program Files\MSN Toolbar Suite\EXT2.05.0001.1119\en-ca\msnlExt.dll
@{97090E2F-3062-4459-855B-014F0D3CDBB1} /*MSN Deskbar*/C:\Program Files\MSN Toolbar Suite\DB2.05.0000.1082\en-ca\deskbar.dll = C:\Program Files\MSN Toolbar Suite\DB2.05.0000.1082\en-ca\deskbar.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Universal Plug and Play Devices*/(null) =
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG Shell Extension*/C:\Program Files\AVG\AVG9\avgse.dll = C:\Program Files\AVG\AVG9\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG Find Extension*/(null) =
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{B7056B8E-4F99-44f8-8CBD-282390FE5428} /*VirtualCloneDrive*/C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll = C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{506F4668-F13E-4AA1-BB04-B43203AB3CC0} /*{506F4668-F13E-4AA1-BB04-B43203AB3CC0}*/C:\Program Files\Microsoft Office\Office12\VISSHE.DLL = C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
@{D66DC78C-4F61-447F-942B-3FB6980118CF} /*{D66DC78C-4F61-447F-942B-3FB6980118CF}*/C:\Program Files\Microsoft Office\Office12\VISSHE.DLL = C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} /*Snagit*/C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll = C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
@{CF74B903-3389-469c-B3B6-0204D204FCBD} /*SnagIt Shell Extension*/C:\Program Files\TechSmith\Snagit 9\SnagitShellExt.dll = C:\Program Files\TechSmith\Snagit 9\SnagitShellExt.dll
@{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Program Files\Windows Live\Mail\mailcomm.dll = C:\Program Files\Windows Live\Mail\mailcomm.dll
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG9 Shell [email protected]{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG9\avgse.dll
[email protected]{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
[email protected]{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\Snagit 9\SnagitShellExt.dll
[email protected]{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = "C:\Program Files\Norton Internet Security\Engine\17.8.0.5\NavShExt.dll"
[email protected]{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[email protected]{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
[email protected]{0FBF99C1-4127-11D1-B1E6-C17E96D9180A} = C:\Corel\Graphics8\programs\CMFFld80.dll
[email protected]{CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\Snagit 9\SnagitShellExt.dll
[email protected]{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[email protected]{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG9 Shell [email protected]{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG9\avgse.dll
[email protected]{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
[email protected]{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = "C:\Program Files\Norton Internet Security\Engine\17.8.0.5\NavShExt.dll"
[email protected]{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
[email protected]{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{00C6482D-C502-44C8-8409-FCE54AD9C208}C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll = C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
@{0347C33E-8762-4905-BF09-768834316C61}C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll = C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}C:\Program Files\AVG\AVG9\avgssie.dll = C:\Program Files\AVG\AVG9\avgssie.dll
@{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll = C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
@{6D53EC84-6AAE-4787-AEEE-F4628F01010C}C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL = C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{A3BC75A2-1F87-4686-AA43-5347D756017C}C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll = C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll = C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll
@{D4027C7F-154A-4066-A1AD-4243D8127440}C:\Program Files\Ask.com\GenericAskToolbar.dll = C:\Program Files\Ask.com\GenericAskToolbar.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
@{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll = C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

HKCU\Control Panel\[email protected] = %SystemRoot%\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\[email protected] = C:\Program Files\Internet Explorer\Plugins\NPUPano.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/[email protected] = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
[email protected] = C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
[email protected] = C:\WINDOWS\system32\msvidctl.dll
[email protected] = C:\WINDOWS\System32\itss.dll
[email protected] = C:\WINDOWS\System32\msvidctl.dll
[email protected] = C:\Program Files\AVG\AVG9\avgpp.dll
[email protected] = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
[email protected] = %SystemRoot%\System32\inetcomm.dll
[email protected] = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
[email protected] = C:\WINDOWS\System32\itss.dll
[email protected] = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
[email protected] = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
[email protected] = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
[email protected] = C:\WINDOWS\system32\msvidctl.dll
[email protected] = C:\WINDOWS\System32\wiascr.dll

HKLM\Software\Classes\PROTOCOLS\Handler\[email protected] = C:\Program Files\Windows Live\Mail\mailcomm.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Corel MEDIA FOLDERS INDEXER 8.LNK = Corel MEDIA FOLDERS INDEXER 8.LNK
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
HPAiODevice(hp psc 900 series) - 1.lnk = HPAiODevice(hp psc 900 series) - 1.lnk
Microsoft Find Fast.lnk = Microsoft Find Fast.lnk
NkbMonitor.exe.lnk = NkbMonitor.exe.lnk
Office Startup.lnk = Office Startup.lnk
Service Manager.lnk = Service Manager.lnk
Ulead Photo Express Calendar Checker For My Custom Edition.lnk = Ulead Photo Express Calendar Checker For My Custom Edition.lnk
Windows Desktop Search.lnk = Windows Desktop Search.lnk

---- EOF - GMER 1.0.15 ----


Step #4

Here is the Highjackthis log:



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:35:35 PM, on 11/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://windowsupdate.microsoft.com/"]http://windowsupdate.microsoft.com/[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {4CA9620D-E062-6AC1-8471-155504FB2E4F} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB2.05.0000.1082\en-ca\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [XML Service] msxml32.exe
O4 - HKLM\..\RunServices: [System Recovery Scheduling Service] srss.exe
O4 - HKLM\..\RunServices: [Windows Client/Server Runtime Server] csrs.exe
O4 - HKLM\..\RunOnce: [OTM] "C:\Documents and Settings\Administrator\Desktop\OTM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows Client/Server Runtime Server] csrs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Client/Server Runtime Server] csrs.exe (User 'Default user')
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS2.05.0001.1119\en-ca\bin\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - [url="http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab"]http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url="http://go.microsoft.com/fwlink/?linkid=39204"]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - [url="http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab"]http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab[/url]
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - [url="http://messenger.zone.msn.com/binary/MineSweeper.cab"]http://messenger.zone.msn.com/binary/MineSweeper.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url="http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab"]http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab[/url]
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - [url="http://upload.facebook.com/controls/FacebookPhotoUploader3.cab"]http://upload.facebook.com/controls/Facebo...toUploader3.cab[/url]
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [url="http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab"]http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab[/url]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [url="http://upload.facebook.com/controls/FacebookPhotoUploader.cab"]http://upload.facebook.com/controls/Facebo...otoUploader.cab[/url]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [url="http://go.divx.com/plugin/DivXBrowserPlugin.cab"]http://go.divx.com/plugin/DivXBrowserPlugin.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url="http://messenger.zone.msn.com/binary/MessengerStatsClient.cab"]http://messenger.zone.msn.com/binary/Messe...StatsClient.cab[/url]
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - [url="http://img.funtigo.com/images/uploader/ssiPictureUploader.cab"]http://img.funtigo.com/images/uploader/ssi...ureUploader.cab[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url="http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab"]http://messenger.msn.com/download/MsnMesse...pDownloader.cab[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url="http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab"]http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url="http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab"]http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab[/url]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [url="http://www.adobe.com/products/acrobat/nos/gp.cab"]http://www.adobe.com/products/acrobat/nos/gp.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]https://download.macromedia.com/pub/shockwa...ash/swflash.cab[/url]
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - [url="http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab"]http://upload.facebook.com/controls/Facebo...Uploader4_5.cab[/url]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [url="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab"]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/url]
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - [url="http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326"]http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326[/url]
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - [url="http://walmart.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab"]http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab[/url]?
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url="http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab"]http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab[/url]
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - [url="http://messenger.zone.msn.com/binary/SolitaireShowdown.cab"]http://messenger.zone.msn.com/binary/SolitaireShowdown.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F19639F-3F00-4E58-B1B6-BC63A8270DB1}: NameServer = 85.255.114.73,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{51486A4B-D838-4747-9DA3-8912C4BF8DF7}: NameServer = 85.255.114.73,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2455EF4-DA52-4258-8B6E-EAEA71293817}: NameServer = 85.255.114.73,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6FF5342-76C5-4990-95E0-3D080CFDB78E}: NameServer = 85.255.114.73,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 15318 bytes


Thanks in advance, would not have made it this far without this help so far. I still hold a glimmer of hope.

Bigball

Share this post


Link to post
Share on other sites
Download ComboFix here :

[url="http://download.bleepingcomputer.com/sUBs/ComboFix.exe"][b][color="blue"]Link 1[/color][/b][/url]
[url="http://www.forospyware.com/sUBs/ComboFix.exe"][b][color="blue"]Link 2[/color][/b][/url]


[color="purple"][b]* IMPORTANT !!! Save ComboFix.exe to your Desktop[/b][/color]

[list]
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

[url="http://www.bleepingcomputer.com/forums/topic114351.html"][b]Click me[/b][/url]


[*]Double click on ComboFix.exe & follow the prompts.


[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
[/list]
[color="blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color]


[center][img]http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif[/img][/center]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

[img]http://img.photobucket.com/albums/v706/ried7/whatnext.png[/img]


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the [b]C:\ComboFix.txt[/b] log in your next reply.

Share this post


Link to post
Share on other sites
[quote name='Rorschach112' post='123736' date='Nov 19 2010, 07:54 AM']Download ComboFix here :

[url="http://download.bleepingcomputer.com/sUBs/ComboFix.exe"][b][color="blue"]Link 1[/color][/b][/url]
[url="http://www.forospyware.com/sUBs/ComboFix.exe"][b][color="blue"]Link 2[/color][/b][/url]
[color="purple"][b]* IMPORTANT !!! Save ComboFix.exe to your Desktop[/b][/color][list]
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

[url="http://www.bleepingcomputer.com/forums/topic114351.html"][b]Click me[/b][/url]
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
[/list][color="blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color]
[center][img]http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif[/img][/center]
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

[img]http://img.photobucket.com/albums/v706/ried7/whatnext.png[/img]
Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the [b]C:\ComboFix.txt[/b] log in your next reply.[/quote]


;) I followed the instructions on stopping virus software and installed combofix. It stopped install (I think) and told me it would be unsafe to continue and i needed to uninstall AVG. I have been in safe mode this whole time. I tried to uninstall in safe mode and recieved an error that it could not uninstall. I went out of safe mode and tried to uninstall again, still no luck, same error.


Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Access is denied.

notice the comment "access is denied" but not sure why. In safe mode I logged in as administrator, and in normal mode i logged in as user with admin privleges, had a look at the user accounts and there is not a seperate admin account just my login name account (again I am the listed administrator).

I have attached the report log that it provided also. Best I could do to compress the file (7 Mb) hope it works for you.

Not sure how to proceed next????

Share this post


Link to post
Share on other sites
Sign in to follow this