random restarts...can't use Spyware doctor

  1. 14-08-2006  #1
    heyimbrendan
    heyimbrendan is offline Newbie

    random restarts...can't use Spyware doctor

    So i noticed a small lag in my computers performance and i realized it'd been a week or two since the last set of scans...so i did my search and destroy, the avg scan...took care of some minor things and then i moved onto spyware doctor...double click...and bam...system restart.
    I went to sleepa nd forgot about it and tried tackling it today. Everytime i try to use spyware doctor...i get a restart. So i thought...lets try REdownloading spyware doctor...my comp froze solid...and on restart (or attempted restart) i got a flashing power light and a repeated long beep. the only way i got it restarted was with morse code on the restart button. So...any takers to helping me attack this problem? please?

  3. 14-08-2006  #2
    Neal
    Neal is offline Dedicated Member
    Welcome,


    Go here http://www.d-a-l.com/help/showthread.php?t=32403

    Scroll down and find the link to download and install hijackthis and post it back here please.
  4. 15-08-2006  #3
    heyimbrendan
    heyimbrendan is offline Newbie
    Quote Originally Posted by Neal
    Welcome,


    Go here http://www.d-a-l.com/help/showthread.php?t=32403

    Scroll down and find the link to download and install hijackthis and post it back here please.
    Logfile of HijackThis v1.99.1
    Scan saved at 11:37:03 PM, on 8/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\TrojanHunter 4.5\THGuard.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Multimedia\main\ATISched.EXE
    C:\Program Files\AIM\aim.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.messengersite.net/forum/portal.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://hn-2.webcam.mnsu.edu/activex/AxisCamControl.cab
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe



    thanks in advance for the help...it's getting bad...it'll freeze up now...and then wont' restart...or it will restart but BEEP BEEP BEEP and the monitor goes to sleep like it's not plugged in
  5. 15-08-2006  #4
    Neal
    Neal is offline Dedicated Member
    The first thing that stands out to me is to many trojan scanners running at the same time.


    1. Windows Defender

    2. Spyware Doctor

    3. TrojanHunter 4.5

    4. ewido anti-spyware 4.0


    Disable everything but Ewido and see if that helps.


    Run hijackthis and click on scan button and put checks next to these:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


    Nothing open but hijackthis and click fix checked.


    How is it behaving after the above.
  6. 17-08-2006  #5
    heyimbrendan
    heyimbrendan is offline Newbie
    well i got rid of it, then my buddy asked me if i did the system restore turn off thing...why did he remind me? because my problem persisted...badly...Returned home to hear BEEEEEEp......BEEEEEEP....BEEEEEEP...so same old same old...but i checked and those things were STILL deleted...so...that wasn't it
  7. 17-08-2006  #6
    Neal
    Neal is offline Dedicated Member
    You need to leave systerm restore alone until the very last step.


    Let's see a new hijackthis log,


    Also...




    Try running this:

    Download http://www.bleepingcomputer.com/files/winpfind.php

    Extract WinPFind.zip to your c:\ folder.
    Please print these instructions as you will be going into safe mode.
    Reboot your computer into Safe Mode by following the following steps:

    Reboot.
    When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
    Select the option for Safe Mode using the arrow keys.
    Then press enter on your keyboard to boot into Safe Mode

    Then open c:\WinPFind and double-click on WinPFind.exe. When the program is open, click on the Start Scan button to scart scanning your computer. Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt
  8. 17-08-2006  #7
    heyimbrendan
    heyimbrendan is offline Newbie
    new log

    Logfile of HijackThis v1.99.1
    Scan saved at 11:57:41 PM, on 8/16/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\ATI Multimedia\main\ATISched.EXE
    C:\Program Files\AIM\aim.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.messengersite.net/forum/portal.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemp...ogin-devel.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://hn-2.webcam.mnsu.edu/activex/AxisCamControl.cab
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    downloading from bleepingcomputer as we speak...
  9. 17-08-2006  #8
    heyimbrendan
    heyimbrendan is offline Newbie
    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
    Internet Explorer Version: 6.0.2900.2180

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...
    qoologic 5/21/2006 8:36:50 PM 12287690 C:\AVG7QT.DAT
    urllogic 5/21/2006 8:36:50 PM 12287690 C:\AVG7QT.DAT

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...
    UPX! 3/20/2006 6:39:14 PM 719872 C:\WINDOWS\bubbloids.scr
    UPX! 3/20/2006 6:40:10 PM 3247444 C:\WINDOWS\kristanna_loken_screensaver001.scr

    Checking %System% folder...
    UPX! 9/1/2004 9:49:56 AM 284672 C:\WINDOWS\SYSTEM32\avisynth.dll
    UPX! 6/9/2004 3:17:42 PM 33792 C:\WINDOWS\SYSTEM32\cpwiuy.dll
    aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
    PEC2 8/4/2004 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
    UPX! 8/12/2004 2:54:46 PM 35840 C:\WINDOWS\SYSTEM32\ecesq.dll
    PTech 5/23/2006 5:26:00 PM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
    PECompact2 8/9/2006 2:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 8/9/2006 2:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 8/4/2004 7:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
    Umonitor 8/4/2004 7:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
    UPX! 4/30/2004 10:46:24 PM 28672 C:\WINDOWS\SYSTEM32\t3odm.dll
    UPX! 3/26/2004 5:32:36 PM 99328 C:\WINDOWS\SYSTEM32\t5rdv.dll
    winsync 8/4/2004 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
    PTech 5/23/2006 5:25:52 PM 285488 C:\WINDOWS\SYSTEM32\WgaTray.exe

    Checking %System%\Drivers folder and sub-folders...
    UPX! 8/10/2006 1:35:24 AM 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
    FSG! 8/10/2006 1:35:24 AM 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
    PEC2 8/10/2006 1:35:24 AM 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
    aspack 8/10/2006 1:35:24 AM 752608 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

    qoologic 5/26/2006 3:03:32 PM HS 3662 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060526-151821.backup
    urllogic 5/26/2006 3:03:32 PM HS 3662 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060526-151821.backup
    qoologic 5/26/2006 3:18:22 PM R 3194 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060526-151822.backup
    urllogic 5/26/2006 3:18:22 PM R 3194 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060526-151822.backup
    qoologic 6/16/2006 6:51:36 PM R 3750 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060616-185134.backup
    urllogic 6/16/2006 6:51:36 PM R 3750 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060616-185134.backup
    qoologic 6/17/2006 2:05:54 PM HS 3801 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060617-141929.backup
    urllogic 6/17/2006 2:05:54 PM HS 3801 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060617-141929.backup

    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    8/17/2006 12:04:12 AM S 2048 C:\WINDOWS\bootstat.dat
    8/15/2006 10:04:40 PM H 54156 C:\WINDOWS\QTFont.qfn
    8/16/2006 11:49:36 PM H 48882 C:\WINDOWS\system32\vsconfig.xml
    8/15/2006 8:22:56 PM H 4212 C:\WINDOWS\system32\zllictbl.dat
    6/18/2006 11:51:52 AM S 797189 C:\WINDOWS\system32\CatRoot\TMP44.tmp
    6/22/2006 6:18:30 AM S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
    7/5/2006 758 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917422.cat
    7/28/2006 7:16:08 AM S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat
    7/27/2006 9:00:28 AM S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat
    7/21/2006 4:03:14 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat
    6/26/2006 2:47:22 PM S 11929 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920683.cat
    7/13/2006 9:24:46 AM S 13050 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921398.cat
    7/14/2006 11:13:00 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat
    7/14/2006 10:53:20 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922616.cat
    8/17/2006 12:04:08 AM H 8192 C:\WINDOWS\system32\config\default.LOG
    8/17/2006 12:04:22 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
    8/17/2006 12:04:12 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
    8/17/2006 12:04:22 AM H 45056 C:\WINDOWS\system32\config\software.LOG
    8/17/2006 12:03:42 AM H 1024 C:\WINDOWS\system32\config\system.LOG
    8/16/2006 8:01:52 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.da t.LOG
    6/18/2006 12:28:06 PM HS 1341 C:\WINDOWS\system32\drivers\etc\hosts.20060709-224735.backup
    8/14/2006 4:03:12 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\fa819b26-9ee1-4a62-8abf-afec6c179b2c
    8/14/2006 4:03:12 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
    6/18/2006 11:57:34 AM HS 530 C:\WINDOWS\system32\ptjqfs\csrss.ini
    8/16/2006 11:52:34 PM H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    8/17/2006 12:03:40 AM H 6 C:\WINDOWS\Tasks\SA.DAT

    Checking for CPL files...
    Microsoft Corporation 8/4/2004 7:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
    Realtek Semiconductor Corp. 6/21/2005 10:09:06 AM R 18751488 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
    Microsoft Corporation 8/4/2004 7:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
    11/12/1999 5:11:00 AM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
    Sun Microsystems, Inc. 8/26/2005 7:14:42 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
    Creative Technology Ltd. 7/23/2003 9:45:02 AM 172032 C:\WINDOWS\SYSTEM32\USBAudio.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
    Microsoft Corporation 8/4/2004 7:00:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
    Realtek Semiconductor Corp. 6/21/2005 10:09:06 AM R 18751488 C:\WINDOWS\SYSTEM32\ReinstallBackups\0010\DriverFi les\ALSNDMGR.CPL

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    10/5/2005 12:06:14 PM 1851 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
    8/5/2005 1:55:10 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    8/8/2005 10:06:50 PM 1808 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    12/9/2005 7:36:52 PM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    8/16/2006 11:50:06 PM 2329 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Wireless Assistant.lnk

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    8/4/2005 8:47:00 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
    3/2/2006 6:54:40 PM 6524 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    8/2/2006 3:10:50 PM 1359 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

    Checking files in %USERPROFILE%\Startup folder...
    8/5/2005 1:55:10 AM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini

    Checking files in %USERPROFILE%\Application Data folder...
    8/4/2005 8:47:00 PM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini
    4/17/2006 10:00:36 AM 65936 C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
    =

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
    {D04D71C0-F561-4E12-B7A5-327AF7061AB4} = C:\WINDOWS\system32\mcoert2.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AV G7 Shell Extension
    {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ew ido anti-spyware
    {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Of fline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Op en With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Tr ojanHunter
    {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.5\contmenu.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Wi nRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Wi nZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a 2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\AVG7 Shell Extension
    {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\TrojanHunter
    {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.5\contmenu.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\ewido anti-spyware
    {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\TrojanHunter
    {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.5\contmenu.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shel lex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = %SystemRoot%\system32\shdocvw.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
    ButtonText = Spyware Doctor :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{44226DFF-747E-4edc-B30C-78752E50CD0C}
    ButtonText = ATI TV :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{669B269B-0D4E-41FB-A3D8-FD67CA94F646}
    ButtonText = ComcastHSI : http://www.comcast.net/
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8828075D-D097-4055-AA02-2DBFA9D85E8A}
    ButtonText = Support : http://www.comcastsupport.com/
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{97809617-3937-4F84-B335-9BB05EF1A8D4}
    ButtonText = Help : http://online.comcast.net/help/
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
    ButtonText = AIM : C:\Program Files\AIM\aim.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
    ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{44226DFF-747E-4EDC-B30C-78752E50CD0C}
    &ATI TV = C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    =
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
    File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
    Favorites Band = %SystemRoot%\system32\shdocvw.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
    History Band = %SystemRoot%\system32\shdocvw.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
    Explorer Band = %SystemRoot%\system32\shdocvw.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = :

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
    NVIDIA nTune "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    CTSysVol C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
    SbUsb AudCtrl RunDll32 sbusbdll.dll,RCMonitor
    dla C:\WINDOWS\system32\dla\tfswctrl.exe
    DVDBitSet "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
    ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    HP Component Manager "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    DXDllRegExe dxdllreg.exe
    tgcmd C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
    Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
    QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
    AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    !ewido "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    Zone Labs Client "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
    RemoteCenter C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    NBJ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    ATI Scheduler C:\Program Files\ATI Multimedia\main\ATISched.EXE
    AIM C:\Program Files\AIM\aim.exe -cnetwait.odl

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Attachments
    ScanWithAntiVirus 2


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer
    NoControlPanel 0
    NoComputersNearMe 0
    NoCDBurning 0


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DL L
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ratings

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption
    legalnoticetext
    shutdownwithoutlogon 1
    undockwithoutlogon 1


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies]

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer
    NoDriveTypeAutoRun 145
    NoControlPanel 0
    NoNetHood 0
    NoComputersNearMe 0

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer\Run

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\System
    DisableRegistryTools 1
    NoAdminPage 1


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
    0aMCPClient {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} =
    PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
    SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    Shell = Explorer.exe
    System =

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
    Scan completed on 8/17/2006 12:10:27 AM
  10. 17-08-2006  #9
    Neal
    Neal is offline Dedicated Member
    Hi,


    Scan this file for me please

    C:\WINDOWS\system32\ptjqfs\csrss.ini


    Here:



    Go to next site:
    http://www.virustotal.com/en/indexf.html
    On top you'll find 'Browse'
    Click the browse button and browse to next file:

    C:\WINDOWS\system32\ptjqfs\csrss.ini


    Click open.
    Then click the 'Send' button next to it.
    This will scan the file. Please be patient.
    Once scanned, copy and paste the results as well in your next reply.
  11. 18-08-2006  #10
    heyimbrendan
    heyimbrendan is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    same old same old...it's getting worse...sometimes the comp just wont start!

    Complete scanning result of "csrss.ini", received in VirusTotal at 08.18.2006, 07:49:35 (CET).

    Antivirus Version Update Result
    AntiVir 6.35.1.0 08.17.2006 no virus found
    Authentium 4.93.8 08.17.2006 no virus found
    Avast 4.7.844.0 08.17.2006 no virus found
    AVG 386 08.17.2006 no virus found
    BitDefender 7.2 08.18.2006 no virus found
    CAT-QuickHeal 8.00 08.17.2006 no virus found
    ClamAV devel-20060426 08.18.2006 no virus found
    DrWeb 4.33 08.17.2006 no virus found
    eTrust-InoculateIT 23.72.100 08.17.2006 no virus found
    eTrust-Vet 30.3.3024 08.17.2006 no virus found
    Ewido 4.0 08.17.2006 no virus found
    Fortinet 2.77.0.0 08.18.2006 no virus found
    F-Prot 3.16f 08.17.2006 no virus found
    F-Prot4 4.2.1.29 08.17.2006 no virus found
    Ikarus 0.2.65.0 08.17.2006 no virus found
    Kaspersky 4.0.2.24 08.18.2006 no virus found
    McAfee 4831 08.17.2006 no virus found
    Microsoft 1.1560 08.17.2006 no virus found
    NOD32v2 1.1713 08.17.2006 no virus found
    Norman 5.90.23 08.17.2006 no virus found
    Panda 9.0.0.4 08.17.2006 no virus found
    Sophos 4.08.0 08.18.2006 no virus found
    Symantec 8.0 08.18.2006 no virus found
    TheHacker 5.9.8.194 08.18.2006 no virus found
    UNA 1.83 08.17.2006 no virus found
    VBA32 3.11.0 08.18.2006 no virus found
    VirusBuster 4.3.7:9 08.17.2006 no virus found

    Aditional Information
    File size: 530 bytes
    MD5: 858a584a7c9dfb155029e0698b681652
    SHA1: bba5c3259baa8c0af8c39f8c7011d7b5654ec187
+ Reply to Thread
Page 1 of 2 1 2 LastLast
« help me plzzzzzz | Runtime error explorer.exe »