It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

Trojan / SideFind / Pop up Frustration!

Posted 11/7/2004 8:02 PM
#4432
User avatar

Chris20 Member

Date Joined Nov 2016
Total Posts: 9
[2] <br/>Hi, can you’s help me please. I’m having problems since I downloaded an update for my MSN Plus. <br/> <br/>I ran Lavasoft Ad-aware and Bazooka Scanner and got the results below. <br/> <br/>Lavasoft Ad-Aware - Win32.TrojanDownloader.Swizzor.br <br/> <br/>I quarantined the virus but every time I run Ad-Aware the same virus shows up. <br/> <br/>Bazooka Scanner - Items found: <br/> <br/>SideFind <br/> <br/>W32.Sobig.f <br/> <br/>I’ve tried following their removal instructions but its not helped. <br/> <br/>--------------------------------------------------------- <br/> <br/>I’ve got the following anti-virus / spyware removal programs: <br/> <br/>Lavasoft Ad-Aware SE Personal (virus found, see above) <br/> <br/>Avast! Antivirus (no virus found) <br/> <br/>AVG 6.0 (no virus found) <br/> <br/>CWS Shredder (results shown below) <br/> <br/>Spybot - Search & Destroy (no virus found) <br/> <br/>Avast! virus cleaner tool (no virus found) <br/> <br/>Hijack This (results shown below) <br/> <br/> <br/> <br/>CWS SHREDDER RESULTS: <br/> <br/>System Information: <br/> <br/>Windows XP (5.01.2600 SP2) <br/> <br/>Windows dir: C:\WINDOWS <br/> <br/>Windows system dir: C:\WINDOWS\system32 <br/> <br/>Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (734 bytes, A) <br/> <br/>Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe <br/> <br/>UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\System32\Userinit.exe <br/> <br/>Found Win.ini file: C:\WINDOWS\win.ini (675 bytes, A) <br/> <br/>Found System.ini file: C:\WINDOWS\system.ini (302 bytes, A) <br/> <br/> <br/> <br/>HIJACKTHIS RESULTS: <br/> <br/>Logfile of HijackThis v1.98.2 <br/> <br/>Scan saved at 18:21:31, on 07/11/2004 <br/> <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/> <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/> <br/>C:\WINDOWS\System32\smss.exe <br/> <br/>C:\WINDOWS\system32\winlogon.exe <br/> <br/>C:\WINDOWS\system32\services.exe <br/> <br/>C:\WINDOWS\system32\lsass.exe <br/> <br/>C:\WINDOWS\system32\svchost.exe <br/> <br/>C:\WINDOWS\System32\svchost.exe <br/> <br/>C:\WINDOWS\system32\LEXBCES.EXE <br/> <br/>C:\WINDOWS\system32\spoolsv.exe <br/> <br/>C:\WINDOWS\system32\LEXPPS.EXE <br/> <br/>C:\WINDOWS\Explorer.EXE <br/> <br/>C:\Program Files\ntl\broadband medic\bin\mad.exe <br/> <br/>C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE <br/> <br/>C:\Program Files\ntl\broadband medic\bin\mpbtn.exe <br/> <br/>C:\Program Files\Grisoft\AVG6\avgcc32.exe <br/> <br/>C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe <br/> <br/>C:\Program Files\Messenger Plus! 3\MsgPlus.exe <br/> <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/> <br/>C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <br/> <br/>C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe <br/> <br/>C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/> <br/>C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe <br/> <br/>C:\Program Files\BBC News alerts\skinkers.exe <br/> <br/>C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe <br/> <br/>C:\Program Files\Tweaks and Tools\ttmem.exe <br/> <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/> <br/>C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/> <br/>C:\PROGRA~1\Grisoft\AVG6\avgserv.exe <br/> <br/>C:\WINDOWS\System32\svchost.exe <br/> <br/>C:\WINDOWS\system32\ZoneLabs\vsmon.exe <br/> <br/>C:\Kickchat$cript[2.0]\mirc.exe <br/> <br/>C:\Program Files\ntl\broadband medic\bin\MotiveBrowser.exe <br/> <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/> <br/>C:\Program Files\Microsoft Works\wkswp.exe <br/> <br/>C:\Program Files\Microsoft Works\MSWorks.exe <br/> <br/>C:\Program Files\Microsoft Works\wkgdcach.exe <br/> <br/>c:\progra~1\intern~1\iexplore.exe <br/> <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/> <br/>C:\Program Files\InterMute\SpySubtract\CWShredder.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mjcyriyjwd.com/kiRyq9MDAzJ_kpeAsGDsr/bRb1sxRp3MtzXZtIM5d5RO1pTny7lTMWk/ZpyyxOYZ.html <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/ <br/> <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/ <br/> <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve <br/> <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080 <br/> <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local> <br/> <br/>F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe <br/> <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/> <br/>O2 - BHO: Slow dash - {412863A3-776B-4EE7-A6E4-8BE69534818E} - C:\PROGRA~1\PILEBIKE\CASTWMA.dll (file missing) <br/> <br/>O2 - BHO: (no name) - {46447405-0700-52BD-AFEA-7F15D524F33D} - C:\DOCUME~1\CHRISB~1\APPLIC~1\PILEBIKE\BIN GRAM.exe <br/> <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/> <br/>O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll <br/> <br/>O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup <br/> <br/>O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" <br/> <br/>O4 - HKLM\..\Run: [Qwik-Fix] "C:\Program Files\PivX Qwik-Fix\QwikFix.exe" splash <br/> <br/>O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe <br/> <br/>O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" <br/> <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/> <br/>O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <br/> <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/> <br/>O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" <br/> <br/>O4 - HKLM\..\Run: [Logo play enc multi] C:\Documents and Settings\All Users\Application Data\type save logo play\Newbore.exe <br/> <br/>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/> <br/>O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe <br/> <br/>O4 - HKCU\..\Run: [TrayX] C:\WINDOWS\winppr32.exe /sinc <br/> <br/>O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe <br/> <br/>O4 - HKCU\..\Run: [BBCNewsalertsCluster] C:\Program Files\BBC News alerts\skinkers.exe <br/> <br/>O4 - HKCU\..\Run: [SkySportsCluster] C:\Program Files\Sky Alerts\skinkers.exe <br/> <br/>O4 - HKCU\..\Run: [Play Flaw] C:\DOCUME~1\CHRISB~1\APPLIC~1\HIDELO~1\Atom Platform.exe <br/> <br/>O4 - Startup: BBCTicker.lnk = C:\Program Files\BBC Ticker\BBCTicker.exe <br/> <br/>O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe <br/> <br/>O4 - Startup: Tweaks & Tools - Memory manager.lnk = C:\Program Files\Tweaks and Tools\ttmem.exe <br/> <br/>O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe <br/> <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 <br/> <br/>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe <br/> <br/>O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) <br/> <br/>O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll <br/> <br/>O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe <br/> <br/>O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe <br/> <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/> <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/> <br/>O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll <br/> <br/>O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ <br/> <br/>O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://chat-j3.freeserve.com/Java/cfs31235.cab <br/> <br/>O16 - DPF: ChatSpace Full Java Client 3.1.0.245 - http://chat-a3.freeserve.com/Java/cfs31245.cab <br/> <br/>O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab <br/> <br/>O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab <br/> <br/>O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab <br/> <br/>O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB <br/> <br/>O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab <br/> <br/>O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab <br/> <br/>O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab <br/> <br/>O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab <br/> <br/>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21170c6df5c0e507d705/netzip/RdxIE601.cab <br/> <br/>O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipbrowser.com.sg/fvlite/fvliteY.cab <br/> <br/>O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab <br/> <br/>O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab <br/> <br/>O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab <br/> <br/>O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab <br/> <br/>O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4358/mcfscan.cab <br/> <br/>O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab <br/> <br/>O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx <br/> <br/>O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab <br/> <br/>O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab <br/> <br/>--------------------------------------------------------- <br/> <br/>I’m also receiving pop-ups despite my Windows XP service pack 2 pop up blocker being on. In the pop-up blocker settings menu there are entries that I never added: <br/> <br/>Lop.com <br/> <br/>Mysearchnow.com <br/> <br/>www.lop.com <br/> <br/>www.mysearchnow.com <br/> <br/>Everytime I remove these entries they just add themselves back. <br/> <br/>----------------------------------------------------------- <br/> <br/>Sorry about the message being so long. <br/> <br/>Chris <br/>[/2]
Posted 11/8/2004 11:57 AM
#4452
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hey :cool: <br/> <br/>[color=#800080>http://home9.inet.tele.dk/le01/Sikkerhed.htm</FONT></A> <br/><BR style="mso-special-character: line-break">[/color]<SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">[color=#0000ff>http://download.lavasoft.de.edgesuite.n...leaner.exe</A>] <br/> <br/><SPAN class=postbody>Close Ad-Aware SE build 1.04 and Ad-Watch (if running) <br/><SPAN class=postbody>Install the VX2 Cleaner <br/><SPAN class=postbody>Start Ad-Aware SE build 1.04 <br/><SPAN class=postbody>Go to “Plug-ins” <br/><SPAN class=postbody>Select the VX2 Cleaner plug-in and click “Run Plugin” <br/><SPAN class=postbody>If your computer isn’t infected, click “Close”. <br/> <br/><SPAN class=postbody>If your computer is infected: <br/> <br/><SPAN class=postbody>Select “Clean System” <br/><SPAN class=postbody>Reboot your computer <br/><SPAN class=postbody>Scan your computer with Ad-Aware <br/><SPAN class=postbody>Remove any VX2 objects detected <br/><SPAN class=postbody>Reboot your computer again <br/><SPAN class=postbody>Run a second scan to make sure the files have been removed from your computer [/color] <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB"><SPAN class=postbody><SPAN class=postbody><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">[color=#0000ff>http://www.safer-networking.org/index.php?page=mirrors</FONT></A><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB"> <br/><FONT face="Times New Roman"><SPAN class=postbody>Install the program and then start it. Once the program has started make sure you are in the Spybot-S&D section. Click on the "Search for Updates" button. Download all updates. In some cases the program will restart after an update. When updated, click on the Immunize "Scan System" button. When the Check is over, fix all marked with red<o:p></o:p> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: green; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder [b]IN[/b] temp. <br/>C:\Windows\Temp\ <br/>C:\Documents and Settings\<Your Profile>\Local Settings\Temp\ <br/>C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\ <br/>C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> <<<This will delete your files in your internet cache--including cookies. <br/><SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: green; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\ <br/>Empty your "Recycle Bin"<SPAN lang=EN-GB style="FONT-SIZE: 9pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/><BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB"><o:p></o:p> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">Reboot and post new logfile<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB"><SPAN style="mso-spacerun: yes"> <o:p></o:p> <br/> <br/><br /><br />

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/9/2004 10:59 PM
#4495
User avatar

Chris20 Member

Date Joined Nov 2016
Total Posts: 9
Hi, thanx for the advice. From what I've seen so far most of the problems are fixed. The one that is still on my PC is SideFind. The Bazooka Scanner is detecting it: <br/> <br/> <br/>**************************************** <br/>Bazooka Scanner v1.13.02 <br/>[url=support@kephyr.com]support@kephyr.com[/url] <br/>Log created 21:00:33. <br/>OS: Windows NT 5.1 <br/>Database version: 2.450000 <br/>Database format version: 1.020000 <br/>Database date: 20041103 <br/>Current date: 2004-11-09 21:00 <br/> <br/> <br/>**************************************** <br/>Result when scanning: <br/> <br/>SideFind 695.333.001 {8CBA1B49-8144-4721-A7B1-64C578C9EED7} <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} <br/>http://www.kephyr.com/spywarescanner/library/sidefind/index.phtml <br/> <br/>**************************************** <br/>Auto start entries: <br/> C:\Program Files\ntl\broadband medic\bin\matcli.exe -boot <br/> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini <br/> C:\Program Files\ntl\broadband medic\bin\matcli.exe -boot <br/> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini <br/> C:\Program Files\BBC Ticker\BBCTicker.exe <br/> C:\Documents and Settings\Chris\Start Menu\Programs\Startup\desktop.ini <br/> C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe <br/> C:\Program Files\Tweaks and Tools\ttmem.exe hide <br/> C:\Program Files\BBC Ticker\BBCTicker.exe <br/> C:\Documents and Settings\Chris\Start Menu\Programs\Startup\desktop.ini <br/> C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe <br/> C:\Program Files\Tweaks and Tools\ttmem.exe hide <br/> <br/> Go here to analyse the startup entries and the associated files: <br/> http://www.kephyr.com/filedb/index.php <br/> <br/>**************************************** <br/>Run entries: <br/> AVG_CC C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVG_CC <br/> <br/> Lexmark X5100 Series "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Lexmark X5100 Series <br/> <br/> Qwik-Fix "C:\Program Files\PivX Qwik-Fix\QwikFix.exe" splash <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Qwik-Fix <br/> <br/> Motive SmartBridge C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Motive SmartBridge <br/> <br/> MessengerPlus3 "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MessengerPlus3 <br/> <br/> TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe <br/> <br/> ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ViewMgr <br/> <br/> QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task <br/> <br/> Zone Labs Client "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Zone Labs Client <br/> <br/> avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\avast! <br/> <br/> ashMaiSv C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ashMaiSv <br/> <br/> BDMCon C:\Program Files\BullGuard\\bdmcon.exe <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BDMCon <br/> <br/> BGNewsAgent C:\Program Files\BullGuard\bgnewsag.exe <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BGNewsAgent <br/> <br/> mwavscan "C:\Kaspersky\mwavscan.com" /s <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\mwavscan <br/> <br/> Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe <br/> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Works Update Detection <br/> <br/> BBCNewsalertsCluster C:\Program Files\BBC News alerts\skinkers.exe <br/> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\BBCNewsalertsCluster <br/> <br/> <br/> Go here to analyse the run entries and the associated files: <br/> http://www.kephyr.com/filedb/index.php <br/> <br/>**************************************** <br/>Browser helper objects: <br/> <br/>{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <br/> <br/>{53707962-6F74-2D53-2644-206D7942484F} not set C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} <br/> <br/>{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} not set C:\Program Files\Microsoft Money\System\mnyviewer.dll <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} <br/> <br/> <br/>**************************************** <br/>Toolbars: <br/> <br/>{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} <br/> <br/>{AB360AA8-876C-4DC9-B9EB-D05D80059766} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{AB360AA8-876C-4DC9-B9EB-D05D80059766}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{AB360AA8-876C-4DC9-B9EB-D05D80059766} <br/> <br/>{7906F5A8-A008-4E96-BCD1-8697114E2437} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{7906F5A8-A008-4E96-BCD1-8697114E2437}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{7906F5A8-A008-4E96-BCD1-8697114E2437} <br/> <br/>{04A00863-4A5E-4661-9D51-F872B9CF7135} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{04A00863-4A5E-4661-9D51-F872B9CF7135}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{04A00863-4A5E-4661-9D51-F872B9CF7135} <br/> <br/>{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\System32\browseui.dll <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383} <br/> <br/>{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383} <br/> <br/>{EF99BD32-C1FB-11D2-892F-0090271D4F88} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88} <br/> <br/>{569FDAAF-56DA-4B22-A4C2-740FA04FCAE2} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{569FDAAF-56DA-4B22-A4C2-740FA04FCAE2}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{569FDAAF-56DA-4B22-A4C2-740FA04FCAE2} <br/> <br/>{8C754585-424A-4CFB-8800-33889FCC3A5D} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{8C754585-424A-4CFB-8800-33889FCC3A5D}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8C754585-424A-4CFB-8800-33889FCC3A5D} <br/> <br/>{D75CE894-2A3C-4DD5-98DE-428019BFAAF5} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{D75CE894-2A3C-4DD5-98DE-428019BFAAF5}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D75CE894-2A3C-4DD5-98DE-428019BFAAF5} <br/> <br/>{11DFED30-37BB-4CFB-8F99-53D64FCF30C5} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{11DFED30-37BB-4CFB-8F99-53D64FCF30C5}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{11DFED30-37BB-4CFB-8F99-53D64FCF30C5} <br/> <br/>{AB5D534F-38B0-4640-B1B8-03235BDD719C} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{AB5D534F-38B0-4640-B1B8-03235BDD719C}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{AB5D534F-38B0-4640-B1B8-03235BDD719C} <br/> <br/>{472F3CB2-A2C9-456F-B2E5-F609A4E90FAB} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{472F3CB2-A2C9-456F-B2E5-F609A4E90FAB}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{472F3CB2-A2C9-456F-B2E5-F609A4E90FAB} <br/> <br/>{D95EA8BC-6E23-4D3E-A987-E4C35FFAC4B9} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{D95EA8BC-6E23-4D3E-A987-E4C35FFAC4B9}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D95EA8BC-6E23-4D3E-A987-E4C35FFAC4B9} <br/> <br/>{3D0A2F59-0829-4A37-95DE-D32F2532B670} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{3D0A2F59-0829-4A37-95DE-D32F2532B670}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3D0A2F59-0829-4A37-95DE-D32F2532B670} <br/> <br/>{13382D16-110B-41A5-8AD3-126379F647D4} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{13382D16-110B-41A5-8AD3-126379F647D4}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{13382D16-110B-41A5-8AD3-126379F647D4} <br/> <br/>{EA688DD4-321C-497B-9999-F5EBFC0F1D01} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{EA688DD4-321C-497B-9999-F5EBFC0F1D01}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EA688DD4-321C-497B-9999-F5EBFC0F1D01} <br/> <br/>{AB360AA8-876C-4DC9-B9EB-D05D80059766} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{AB360AA8-876C-4DC9-B9EB-D05D80059766}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{AB360AA8-876C-4DC9-B9EB-D05D80059766} <br/> <br/>{757269E5-1002-4BFC-B683-6603930495C2} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{757269E5-1002-4BFC-B683-6603930495C2}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{757269E5-1002-4BFC-B683-6603930495C2} <br/> <br/>{C1EBA5D8-EB01-4197-B040-23D40B4A6608} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{C1EBA5D8-EB01-4197-B040-23D40B4A6608}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C1EBA5D8-EB01-4197-B040-23D40B4A6608} <br/> <br/>{1F43EC9E-8732-412A-B5D4-79C38BA09D89} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{1F43EC9E-8732-412A-B5D4-79C38BA09D89}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{1F43EC9E-8732-412A-B5D4-79C38BA09D89} <br/> <br/>{10BBFDAC-F34A-4E63-9E18-316D981C151D} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{10BBFDAC-F34A-4E63-9E18-316D981C151D}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{10BBFDAC-F34A-4E63-9E18-316D981C151D} <br/> <br/>{45D3476C-1A10-476F-91AD-50B3ECE421A7} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{45D3476C-1A10-476F-91AD-50B3ECE421A7}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{45D3476C-1A10-476F-91AD-50B3ECE421A7} <br/> <br/>{9CD657B4-D46D-44E5-B662-6197DAD8888C} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{9CD657B4-D46D-44E5-B662-6197DAD8888C}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9CD657B4-D46D-44E5-B662-6197DAD8888C} <br/> <br/>{7906F5A8-A008-4E96-BCD1-8697114E2437} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{7906F5A8-A008-4E96-BCD1-8697114E2437}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7906F5A8-A008-4E96-BCD1-8697114E2437} <br/> <br/>{C6627BA5-59DA-422E-9CD0-C8FE65B6F543} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{C6627BA5-59DA-422E-9CD0-C8FE65B6F543}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C6627BA5-59DA-422E-9CD0-C8FE65B6F543} <br/> <br/>{B35A865B-C9F2-439F-A31F-F1F59DB986F9} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{B35A865B-C9F2-439F-A31F-F1F59DB986F9}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B35A865B-C9F2-439F-A31F-F1F59DB986F9} <br/> <br/>{3A790B34-AF1A-44B3-B358-0271B78B6DA2} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{3A790B34-AF1A-44B3-B358-0271B78B6DA2}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3A790B34-AF1A-44B3-B358-0271B78B6DA2} <br/> <br/>{26064AAA-C98C-4913-B891-AB68C3FA7EED} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{26064AAA-C98C-4913-B891-AB68C3FA7EED}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{26064AAA-C98C-4913-B891-AB68C3FA7EED} <br/> <br/>{E4B6515C-E929-4E46-AAC5-283FC262D9B3} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{E4B6515C-E929-4E46-AAC5-283FC262D9B3}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E4B6515C-E929-4E46-AAC5-283FC262D9B3} <br/> <br/>{487FDD34-77F2-4D78-B6FC-DFC5B150E70C} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{487FDD34-77F2-4D78-B6FC-DFC5B150E70C}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{487FDD34-77F2-4D78-B6FC-DFC5B150E70C} <br/> <br/>{DA482FBA-1437-45D7-830D-F4640C549D24} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{DA482FBA-1437-45D7-830D-F4640C549D24}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{DA482FBA-1437-45D7-830D-F4640C549D24} <br/> <br/>{04A00863-4A5E-4661-9D51-F872B9CF7135} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{04A00863-4A5E-4661-9D51-F872B9CF7135}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{04A00863-4A5E-4661-9D51-F872B9CF7135} <br/> <br/>{F82A3351-C5F7-49A3-9D99-0FFF3884E2F4} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{F82A3351-C5F7-49A3-9D99-0FFF3884E2F4}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{F82A3351-C5F7-49A3-9D99-0FFF3884E2F4} <br/> <br/>{BAEAB739-29C3-94A6-4C8F-B1F9C662B3C4} C:\PROGRA~1\PILEBIKE\CASTWMA.dll <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BAEAB739-29C3-94A6-4C8F-B1F9C662B3C4} <br/> <br/>{4528BBE0-4E08-11D5-AD55-00010333D0AD} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} <br/> <br/>{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\System32\shdocvw.dll <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} <br/> <br/>{32683183-48a0-441b-a342-7c2a440a9478} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} <br/> <br/>{4528BBE0-4E08-11D5-AD55-00010333D0AD} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} <br/> <br/>{8CBA1B49-8144-4721-A7B1-64C578C9EED7} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 <br/> <br/>System error message: The system cannot find the file specified. <br/> <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} <br/> <br/>{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} C:\Program Files\Microsoft Money\System\mnyviewer.dll <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} <br/> <br/>{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} C:\WINDOWS\system32\SHELL32.dll <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} <br/> <br/>{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} <br/> <br/>{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\System32\shdocvw.dll <br/>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} <br/> <br/> <br/>**************************************** <br/>All processes: <br/> <br/> [System Process] <br/> System <br/> smss.exe <br/> csrss.exe <br/> winlogon.exe <br/> services.exe <br/> lsass.exe <br/> svchost.exe <br/> svchost.exe <br/> svchost.exe <br/> svchost.exe <br/> svchost.exe <br/> LEXBCES.EXE <br/> spoolsv.exe <br/> LEXPPS.EXE <br/> aswUpdSv.exe <br/> ashServ.exe <br/> avgserv.exe <br/> svchost.exe <br/> wdfmgr.exe <br/> vsmon.exe <br/> xcommsvr.exe <br/> bdss.exe <br/> vsserv.exe <br/> alg.exe <br/> explorer.exe <br/> avgcc32.exe <br/> MotiveSB.exe <br/> MsgPlus.exe <br/> realsched.exe <br/> ViewMgr.exe <br/> zlclient.exe <br/> ashDisp.exe <br/> ashMaiSv.exe <br/> bdmcon.exe <br/> bgnewsag.exe <br/> skinkers.exe <br/> EyetideController.exe <br/> ttmem.exe <br/> mpbtn.exe <br/> msnmsgr.exe <br/> mirc.exe <br/> spywarescanner.exe <br/> <br/> Go here to analyse the running processes: <br/> http://www.kephyr.com/filedb/index.php <br/> <br/>**************************************** <br/>Internet Explorer Settings: <br/> <br/> Default_Page_URL http://www.freeserve.com/ <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL <br/> <br/> Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL <br/> <br/> Local Page C:\WINDOWS\system32\blank.htm <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page <br/> <br/> Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page <br/> <br/> Start Page [url=http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com[/url] <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page <br/> <br/> SearchAssistant [url=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm[/url] <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant <br/> <br/> CustomizeSearch [url=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm[/url] <br/> HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch <br/> <br/> http:// <br/> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ <br/> <br/> www http:// <br/> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www <br/> <br/> [url=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com]http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com[/url] <br/> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\ <br/> <br/> provider <br/> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider <br/> <br/> Local Page C:\WINDOWS\system32\blank.htm <br/> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page <br/> <br/> Search Bar http://www.rxxavnkymcxag.com/kiRyq9MDAzJ_kpeAsGDsr/bRb1sxRp3MtzXZtIM5d5SaQeu6iQtL12k/ZpyyxOYZ.html <br/> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar <br/> <br/> Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch <br/> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page <br/> <br/> Start Page http://www.ntlworld.com/ <br/> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page <br/> <br/> Use Search Asst no <br/> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst <br/> <br/> User Stylesheet <br/> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Styles\User Stylesheet <br/> <br/> <br/>**************************************** <br/> <br/> <br/> <br/> <br/> <br/> <br/>Here's the Scan results I got from the BullGuard Scanner: <br/> <br/> <br/> <br/> <br/>//----------------------------------------------------------------- <br/>// <br/>// BullGuard report file <br/>// <br/>// Created on: 09/11/2004 21:41:48 <br/>// <br/>//----------------------------------------------------------------- <br/> <br/> <br/>Summary: <br/> <br/>C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.reg Password protected <br/>C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.ini Password protected <br/>C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.reg Password protected <br/>C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.ini Password protected <br/>C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.reg Password protected <br/>C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.ini Password protected <br/>C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.reg Password protected <br/>C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.ini Password protected <br/>C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.reg Password protected <br/>C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.ini Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>arrow1.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>arrow2.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bck1.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bck2.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt11.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt12.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt13.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt21.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt22.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt23.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt31.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt32.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt33.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt41.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt42.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt43.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt51.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt52.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt53.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt61.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>bt62.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>checkbox1.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>checkbox2.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>checkbox3.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>checkbox4.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>default.skn Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>defbtn1.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>defbtn2.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>defbtn3.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>glyph1.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>glyph2.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>glyph3.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>glyph4.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>glyph5.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>glyph6.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>glyph7.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>main.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>preview.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>sprite1.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>tab1.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\Lavasoft ad-aware.exe=>wise0023=>tab2.bmp Password protected <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\MISC\beachfree.exe=>wise0035=>(CAB Sfx r)=>Save.exe Infected Trojan.Adware.Whenu.A <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\MISC\beachfree.exe=>wise0035=>(CAB Sfx r)=>Save.exe Disinfection failed - Trying second action <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\MISC\beachfree.exe=>wise0035=>(CAB Sfx r)=>Save.exe Move failed <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\MISC\beachfree.exe=>wise0037=>(ZIP Sfx s)=>WhAgent.exe Infected Trojan.Adware.Webhancer.A <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\MISC\beachfree.exe=>wise0037=>(ZIP Sfx s)=>WhAgent.exe Disinfection failed - Trying second action <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\MISC\beachfree.exe=>wise0037=>(ZIP Sfx s)=>whiehlpr.dll Infected Trojan.Adware.Webhancer.A <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\MISC\beachfree.exe=>wise0037=>(ZIP Sfx s)=>whiehlpr.dll Disinfection failed - Trying second action <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\MISC\beachfree.exe=>wise0037=>(ZIP Sfx s)=>WhSurvey.exe Infected Trojan.Adware.Webhancer.A <br/>C:\Documents and Settings\Chris\Desktop\inactive icons\MISC\beachfree.exe=>wise0037=>(ZIP Sfx s)=>WhSurvey.exe Disinfection failed - Trying second action <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow1.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow2.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck1.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck2.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt11.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt12.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt13.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt21.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt22.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt23.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt31.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt32.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt33.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt41.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt42.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt43.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt51.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt52.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt53.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt61.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt62.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox1.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox2.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox3.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox4.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>default.skn Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn1.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn2.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn3.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph1.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph2.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph3.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph4.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph5.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph6.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph7.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>main.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>preview.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>sprite1.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab1.bmp Password protected <br/>C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab2.bmp Password protected <br/> <br/>Statistics <br/> <br/>Scan path : C:\ <br/>Folders : 4206 <br/>Files : 188604 <br/>Archives : 6842 <br/>Packed files : 11460 <br/>Identified viruses : 2 <br/>Infected files : 4 <br/>Warnings : 0 <br/>Suspect files : 0 <br/>Disinfected files : 0 <br/>Deleted files : 0 <br/>Copied files : 0 <br/>Moved files : 0 <br/>Renamed files : 0 <br/>I/O errors : 31 <br/>Scan time : 01:00:09 <br/>Scan speed (files/sec) : 52 <br/> <br/>Virus definitions : 94145 <br/>Scan plugins : 12 <br/>Archive plugins : 37 <br/>Unpack plugins : 4 <br/>Mail plugins : 6 <br/>System plugins : 1 <br/> <br/>Scan options <br/> <br/>Detection <br/>[X] Scan boot sectors <br/>[X] Scan archives <br/>[X] Scan packed files <br/>[X] Scan email <br/> <br/>File mask <br/>[ ] Programs <br/>[X] All files <br/>[ ] User defined extensions: <br/>[ ] Exclude extensions: ; <br/> <br/>Action <br/> <br/>Infected objects <br/>[ ] Ignore <br/>[X] Disinfect <br/>[ ] Delete <br/>[ ] Copy to quarantine <br/>[ ] Move to quarantine <br/>[ ] Rename <br/>[ ] Prompt user <br/> <br/>Second action <br/>[ ] Ignore <br/>[ ] Delete <br/>[ ] Copy to quarantine <br/>[X] Move to quarantine <br/>[ ] Rename <br/>[ ] Prompt user <br/> <br/>Scan options <br/>[X] Enable warnings <br/>[X] Enable heuristics <br/>[ ] Show all files in log <br/>[X] Report file: vscan.log <br/>[ ] Append to existing report <br/> <br/> <br/>Chris
Posted 11/10/2004 7:06 AM
#4511
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hey <br/> <br/> <br/>Please send a Hijackthis log file <br/> <br/> <br/> <br/>It will take years to analyze the logs you have posted ;-)

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/12/2004 2:23 AM
#4619
User avatar

Chris20 Member

Date Joined Nov 2016
Total Posts: 9
Hey, sorry about posting the wrong log. Here's the HijackThis log: <br/> <br/> <br/>Logfile of HijackThis v1.98.2 <br/>Scan saved at 02:15:29, on 12/11/2004 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/> <br/> <br/> <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\LEXBCES.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\system32\LEXPPS.EXE <br/>C:\WINDOWS\Explorer.EXE <br/>C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe <br/>C:\Program Files\Messenger Plus! 3\MsgPlus.exe <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\PROGRA~1\BULLGU~1\bgnewsag.exe <br/>C:\Program Files\BBC News alerts\skinkers.exe <br/>C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>C:\Program Files\ntl\broadband medic\bin\mpbtn.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Real\RealPlayer\RealPlay.exe <br/>C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Documents and Settings\Chris\Desktop\HijackThis.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/ <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com]http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080 <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local> <br/>F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/>O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll <br/>O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" <br/>O4 - HKLM\..\Run: [Qwik-Fix] "C:\Program Files\PivX Qwik-Fix\QwikFix.exe" splash <br/>O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe <br/>O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <br/>O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\BULLGU~1\bdmcon.exe <br/>O4 - HKLM\..\Run: [BGNewsAgent] C:\PROGRA~1\BULLGU~1\bgnewsag.exe <br/>O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe <br/>O4 - HKCU\..\Run: [BBCNewsalertsCluster] C:\Program Files\BBC News alerts\skinkers.exe <br/>O4 - Startup: BBCTicker.lnk = C:\Program Files\BBC Ticker\BBCTicker.exe <br/>O4 - Startup: Eyetide Launcher.lnk.disabled <br/>O4 - Startup: Tweaks & Tools - Memory manager.lnk = C:\Program Files\Tweaks and Tools\ttmem.exe <br/>O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 <br/>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe <br/>O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) <br/>O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll <br/>O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe <br/>O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll <br/>O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ <br/>O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://chat-j3.freeserve.com/Java/cfs31235.cab <br/>O16 - DPF: ChatSpace Full Java Client 3.1.0.245 - http://chat-a3.freeserve.com/Java/cfs31245.cab <br/>O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab <br/>O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab <br/>O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab <br/>O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB <br/>O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab <br/>O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab <br/>O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab <br/>O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab <br/>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21170c6df5c0e507d705/netzip/RdxIE601.cab <br/>O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab <br/>O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab <br/>O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab <br/>O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab <br/>O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4404/mcfscan.cab <br/>O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab <br/>O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx <br/>O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab <br/>O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab <br/> <br/> <br/> <br/>Chris
Posted 11/12/2004 10:27 AM
#4630
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Remove messenger plus3 and at least Lop com will disappear. When done, post new log

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/14/2004 2:52 AM
#4728
User avatar

Chris20 Member

Date Joined Nov 2016
Total Posts: 9
Hi, I removed MSN Plus 3. <br/> <br/> <br/>Latest HijackThis log: <br/> <br/> <br/> <br/>Logfile of HijackThis v1.98.2 <br/>Scan saved at 02:44:26, on 14/11/2004 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\LEXBCES.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Common Files\BullGuard\BullGuard Communicator\xcommsvr.exe <br/>C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exe <br/>C:\Program Files\BullGuard\vsserv.exe <br/>C:\WINDOWS\explorer.exe <br/>C:\WINDOWS\System32\msiexec.exe <br/>C:\Documents and Settings\Chris\Desktop\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rxxavnkymcxag.com/kiRyq9MDAzJ_kpeAsGDsr/bRb1sxRp3MtzXZtIM5d5SaQeu6iQtL12k/ZpyyxOYZ.html <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/ <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com]http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080 <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local> <br/>F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/>O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll <br/>O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" <br/>O4 - HKLM\..\Run: [Qwik-Fix] "C:\Program Files\PivX Qwik-Fix\QwikFix.exe" splash <br/>O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <br/>O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\BULLGU~1\bdmcon.exe <br/>O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [BGNewsAgent] C:\PROGRA~1\BULLGU~1\bgnewsag.exe <br/>O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe <br/>O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe <br/>O4 - HKCU\..\Run: [BBCNewsalertsCluster] C:\Program Files\BBC News alerts\skinkers.exe <br/>O4 - Startup: BBCTicker.lnk = C:\Program Files\BBC Ticker\BBCTicker.exe <br/>O4 - Startup: Eyetide Launcher.lnk.disabled <br/>O4 - Startup: Tweaks & Tools - Memory manager.lnk = C:\Program Files\Tweaks and Tools\ttmem.exe <br/>O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 <br/>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe <br/>O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) <br/>O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll <br/>O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe <br/>O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll <br/>O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ <br/>O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://chat-j3.freeserve.com/Java/cfs31235.cab <br/>O16 - DPF: ChatSpace Full Java Client 3.1.0.245 - http://chat-a3.freeserve.com/Java/cfs31245.cab <br/>O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab <br/>O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab <br/>O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab <br/>O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB <br/>O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab <br/>O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab <br/>O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab <br/>O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab <br/>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21170c6df5c0e507d705/netzip/RdxIE601.cab <br/>O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab <br/>O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipbrowser.com.sg/fvlite/fvliteY.cab <br/>O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab <br/>O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab <br/>O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab <br/>O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab <br/>O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4404/mcfscan.cab <br/>O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab <br/>O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx <br/>O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab <br/>O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab <br/> <br/> <br/> <br/>Chris
Posted 11/14/2004 10:20 AM
#4748
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">Scan with Hijacktis, close all other windows, put a checkmark to these, and fix: <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <SPAN style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana"><SPAN lang=EN-GB style="mso-ansi-language: EN-GB">http://www.rxxavnkymcxag.com/kiRyq9MDAzJ_kpeAsGDsr/bRb1sxRp3MtzXZtIM5d5SaQeu6iQtL12k/ZpyyxOYZ.html<SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB"> <br/><<<You shall probably fix it several times <br/>O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 8pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Reboot, new log. Improvemts?<o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/15/2004 1:38 AM
#4782
User avatar

Chris20 Member

Date Joined Nov 2016
Total Posts: 9
Hi, thanx for the advice. I did all of the things you mentioned in your last message and my PC seems to be back to normal. I had to remove the Bullguard scanner and some other programs because I was experiencing problems with the PC being really slow. I've managed to sort that problem now so hopefully this log will give my PC's health the all clear. <br/> <br/> <br/>Here's the latest HijackThis log: <br/> <br/> <br/> <br/>Logfile of HijackThis v1.98.2 <br/>Scan saved at 01:25:40, on 15/11/2004 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/> <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\LEXBCES.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\system32\LEXPPS.EXE <br/>C:\WINDOWS\Explorer.EXE <br/>C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe <br/>C:\Program Files\Common Files\Real\Update_OB\realsched.exe <br/>C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <br/>C:\Program Files\BBC News alerts\skinkers.exe <br/>C:\Program Files\Tweaks and Tools\ttmem.exe <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\Program Files\ntl\broadband medic\bin\mpbtn.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\MSN Messenger\msnmsgr.exe <br/>C:\Kickchat$cript[2.0]\mirc.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe <br/>C:\Documents and Settings\Chris\Desktop\HijackThis.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/ <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com]http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com[/url] <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080 <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local> <br/>F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe <br/>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll <br/>O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" <br/>O4 - HKLM\..\Run: [Qwik-Fix] "C:\Program Files\PivX Qwik-Fix\QwikFix.exe" splash <br/>O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe <br/>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <br/>O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe <br/>O4 - HKCU\..\Run: [BBCNewsalertsCluster] C:\Program Files\BBC News alerts\skinkers.exe <br/>O4 - Startup: Eyetide Launcher.lnk.disabled <br/>O4 - Startup: Tweaks & Tools - Memory manager.lnk = C:\Program Files\Tweaks and Tools\ttmem.exe <br/>O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 <br/>O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) <br/>O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll <br/>O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe <br/>O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll <br/>O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ <br/>O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://chat-j3.freeserve.com/Java/cfs31235.cab <br/>O16 - DPF: ChatSpace Full Java Client 3.1.0.245 - http://chat-a3.freeserve.com/Java/cfs31245.cab <br/>O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab <br/>O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab <br/>O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab <br/>O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB <br/>O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab <br/>O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab <br/>O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab <br/>O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab <br/>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21170c6df5c0e507d705/netzip/RdxIE601.cab <br/>O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab <br/>O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipbrowser.com.sg/fvlite/fvliteY.cab <br/>O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab <br/>O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab <br/>O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab <br/>O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab <br/>O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab <br/>O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4404/mcfscan.cab <br/>O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab <br/>O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx <br/>O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab <br/>O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab <br/> <br/> <br/> <br/>Chris
Posted 11/15/2004 8:01 AM
#4788
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Log looks clean :smilewinkgrin: <br/> <br/> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">Install these for safer surfing: <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">[color=#0000ff>http://www.javacoolsoftware.com/spywareblaster.html</FONT>[/url] Update when downloaded, and once in a week<SPAN lang=EN-GB style="mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Verdana; mso-ansi-language: EN-GB">[3]http://windowsupdate.microsoft.com/[/3]<SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: EN-GB"><o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, December 5, 2016, 1:35 AM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 3 new threads and 4 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.