Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This And Analyze


  • This topic is locked This topic is locked
7 replies to this topic

#1 nirvblakr

nirvblakr

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 31 October 2005 - 04:58 AM

Hi! I'm having problems with my computer lately. It has been slower than its usual speed. There might be spyware or viruses lurking in it. Hope you guys can help me.

Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 6:00:09 PM, on 10/31/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LifeView TVR\RecSche.exe
C:\Program Files\ISPx Web Accelerator\ispxaccel.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\My Documents\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pinoydvd.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\ISPx Web Accelerator\PBHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\W
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: ISPx Web Accelerator.lnk = C:\Program Files\ISPx Web Accelerator\ispxaccel.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\ISPx Web Accelerator\ispxaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\ISPx Web Accelerator\ispxaccel.exe/227
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Hope you guys can help! Thanks in advance!

Mel

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:18 PM

Posted 02 November 2005 - 05:40 PM

I'm very interested in a couple of those entries!:

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

David

C:\W



#3 nirvblakr

nirvblakr
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 04 November 2005 - 08:06 AM

I'm very interested in a couple of those entries!:

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

David

C:\W



#4 nirvblakr

nirvblakr
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 04 November 2005 - 08:11 AM

Sir,

I downloaded and used already WindPFind and here is the log:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 1/24/2004 10:31:00 PM R 659454 C:\Program Files\zuma.deluxe.1.0.crack.exe

Checking %WinDir% folder...
UPX! 10/2/2005 8:22:50 PM 35328 C:\WINDOWS\cygz.dll
UPX! 11/3/2005 11:48:10 AM 402116608 C:\WINDOWS\MEMORY.DMP
FSG! 11/3/2005 11:48:10 AM 402116608 C:\WINDOWS\MEMORY.DMP
PEC2 11/3/2005 11:48:10 AM 402116608 C:\WINDOWS\MEMORY.DMP
Umonitor 11/3/2005 11:48:10 AM 402116608 C:\WINDOWS\MEMORY.DMP
qoologic 11/3/2005 11:48:10 AM 402116608 C:\WINDOWS\MEMORY.DMP
aspack 11/3/2005 11:48:10 AM 402116608 C:\WINDOWS\MEMORY.DMP

Checking %System% folder...
UPX! 9/1/2004 10:49:56 PM 284672 C:\WINDOWS\SYSTEM32\avisynth.dll
UPX! 10/2/2005 8:22:50 PM 35328 C:\WINDOWS\SYSTEM32\cygz.dll
PECompact2 10/5/2005 10:09:08 AM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 10/5/2005 10:09:08 AM 2293088 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 1/12/2005 12:39:46 PM 531216 C:\WINDOWS\SYSTEM32\RASDLG.DLL
PEC2 7/26/2004 8:48:44 PM R 41984 C:\WINDOWS\SYSTEM32\TFTP1204
PECompact2 7/26/2004 8:48:44 PM R 41984 C:\WINDOWS\SYSTEM32\TFTP1204
winsync 12/7/1999 8:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 9/18/2005 6:04:02 AM 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 9/18/2005 6:04:02 AM 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 9/18/2005 6:04:02 AM 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 9/18/2005 6:04:02 AM 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/31/2005 12:30:58 PM H 54156 C:\WINDOWS\QTFont.qfn
11/4/2005 5:52:06 AM H 1286786 C:\WINDOWS\ShellIconCache
11/4/2005 5:52:18 AM S 64 C:\WINDOWS\CSC\00000001
10/16/2005 4:17:38 PM S 64 C:\WINDOWS\CSC\00000002
9/22/2005 6:50:06 AM S 64 C:\WINDOWS\CSC\csc1.tmp
11/3/2005 12:08:00 PM H 238 C:\WINDOWS\SYSTEM32\vsconfig.xml
11/3/2005 11:48:46 AM H 1024 C:\WINDOWS\SYSTEM32\config\DEFAULT.LOG
11/4/2005 5:56:02 AM H 1024 C:\WINDOWS\SYSTEM32\config\SAM.LOG
11/4/2005 5:54:08 AM H 1024 C:\WINDOWS\SYSTEM32\config\SECURITY.LOG
11/4/2005 8:52:10 AM H 1024 C:\WINDOWS\SYSTEM32\config\SOFTWARE.LOG
11/4/2005 5:52:20 AM H 6 C:\WINDOWS\TASKS\SA.DAT

Checking for CPL files...
Microsoft Corporation 12/7/1999 8:00:00 PM 67344 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 10/8/2003 4:05:36 PM 13426176 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 6/20/2003 3:05:04 AM 301328 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 6/20/2003 3:05:04 AM 237328 C:\WINDOWS\SYSTEM32\DESK.CPL
Microsoft Corporation 12/7/1999 8:00:00 PM 31504 C:\WINDOWS\SYSTEM32\fax.cpl
Microsoft Corporation 12/7/1999 8:00:00 PM 128272 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 12/7/1999 8:00:00 PM 118032 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 12/7/1999 8:00:00 PM 36112 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 10/30/2001 8:10:00 AM 326144 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 12/7/1999 8:00:00 PM 122128 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 12/7/1999 8:00:00 PM 303888 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 12/7/1999 8:00:00 PM 17168 C:\WINDOWS\SYSTEM32\ncpa.cpl
NVIDIA Corporation 10/6/2003 1:16:00 PM R 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 12/7/1999 8:00:00 PM 41232 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 6/20/2003 3:05:04 AM 41232 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 6/20/2003 3:05:04 AM 90896 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 6/20/2001 4:34:36 PM 287232 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 6/20/2003 3:05:04 AM 83216 C:\WINDOWS\SYSTEM32\sticpl.cpl
Microsoft Corporation 6/20/2003 3:05:04 AM 125712 C:\WINDOWS\SYSTEM32\SYSDM.CPL
Microsoft Corporation 12/7/1999 8:00:00 PM 5904 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 12/7/1999 8:00:00 PM 61200 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 1/12/2005 12:40:00 PM 64784 C:\WINDOWS\SYSTEM32\dllcache\msmq.cpl
IBM Corporation 9/23/1999 6:44:36 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\mwcpa32.cpl
Microsoft Corporation 12/7/1999 8:00:00 PM 41232 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/4/2000 5:20:14 PM 604 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Event Reminder.lnk
8/20/2005 9:55:24 AM 1495 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ISPx Web Accelerator.lnk
7/12/2004 7:04:48 AM 1572 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
8/28/2004 8:58:40 AM 628 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
10/21/2004 7:18:12 AM 608 C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ZoneAlarm.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/14/2004 6:56:56 PM 1 C:\Documents and Settings\All Users.WINDOWS\Application Data\jsanikaraoke.txt

Checking files in %USERPROFILE%\Startup folder...
9/19/2005 7:13:02 AM 1353 C:\Documents and Settings\mel ascalon\Start Menu\Programs\Startup\HotSync Manager.lnk

Checking files in %USERPROFILE%\Application Data folder...
10/24/2005 6:57:38 PM 331 C:\Documents and Settings\mel ascalon\Application Data\AutoGK.ini
11/3/2005 12:08:06 PM 115 C:\Documents and Settings\mel ascalon\Application Data\ieproxy.bak
11/4/2005 5:52:14 AM 4194441 C:\Documents and Settings\mel ascalon\Application Data\sdi.db

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG Shell Extension
{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Easy CD Ripper
{8331A1DE-43C5-4F79-A2AE-0E656856B193} = C:\PROGRA~1\Kongsoft\EASYCD~1\MENUHA~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\WINDOWS\Downloaded Program Files\ymmapi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG Shell Extension
{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINDOWS\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINDOWS\System32\docprop2.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4115122B-85FF-4DD3-9515-F075BEDE5EB5}
PBlockHelper Class = C:\Program Files\ISPx Web Accelerator\PBHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINDOWS\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RecSche "C:\Program Files\LifeView TVR\RecSche.exe"
WinDVRCtrl C:\WINDOWS\WDVRCtrl.exe
StillImageMonitor C:\W
ScanRegistry C:\W
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Synchronization Manager mobsync.exe /logon

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
NBJ "C:\Program Files\ahead\Nero BackItUp\NBJ.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149
CDRAutoRun 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINDOWS\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 11/4/2005 9:20:04 AM

Thanks in advance for your help.

nirvblakr (mel)

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:18 PM

Posted 04 November 2005 - 01:15 PM

Hi mel :thumbsup:

The log is clean, please compete this scan and alert to much it deletes......

Download CleanUp!
  • A window will open and choose SAVE, then DESKTOP as the destination.
  • On your Desktop, click on Cleanup40.exe icon.
  • Then, click RUN and place a checkmark beside "I Agree"
  • Then click NEXT followed by START and OK.
  • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
  • Click OK
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.
David

#6 nirvblakr

nirvblakr
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 04 November 2005 - 04:17 PM

David,

I did the clean up already. I hope everything will be ok from now on. Thanks!

Mel

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:18 PM

Posted 04 November 2005 - 04:20 PM

How's everything running? :up: or :down: ?

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:01:18 PM

Posted 09 November 2005 - 01:05 PM

Due to the lack of feedback, I will close this thread. :thumbsup:

If you want to thread to be re-opened at any point, please PM me or any other staff with a link to it!

If anyone else is reading this with a similar problem that you would like help with, please post it in a new thread in the security section!

:flowers: David :trumpet:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users