New HijackThis log following my increasing problems!

**Kazna3** · 02-11-2006

Hi!

[I'm getting Winlogon errors and stoppages followed by Windows Explorer along with everything else that requires it basically. Funnily Spyware Blaster and Spyware Guard are the first two to fail and stop when this problem occurs]

Just now Spybot S&D found three components in RED that I have installed i.e. a toolbar. But it also closed with violations etc like the explorer at 50% stage.

Hey you left out Ewido anti-spyware in that instructions section. Ewido usually picks up what others can't so I'm surprised. Every scan of all sorts returned perfectly on my computer BTW.

I have MRU Blaster and BFU on my PC aswell so if I need them, lemme know

Anyway, here it is:

Logfile of HijackThis v1.99.1
Scan saved at 13:11:07, on 02/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Advanced Spyware Remover\Asr.exe
D:\Program Files\ShutdownTray\ShutdownTray.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\YPOPs\ypops.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Home\Desktop\Software\hijackthis.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\explorer.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Advanced Spyware Remover Pro] D:\Program Files\Advanced Spyware Remover\Asr.exe
O4 - HKCU\..\Run: [ShutdownTray] D:\Program Files\ShutdownTray\ShutdownTray.exe /start
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [I&F Viewer toolbar] "D:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start
O4 - Startup: SpywareBlaster.lnk = D:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: YPOPs.lnk = D:\Program Files\YPOPs\ypops.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe

TIA

**Kazna3** · 03-11-2006

Somebody help!

Update:

First I updated everything.... then ran full scans on all...

I ran ewido - it found three medium cookies, and deleted.

I ran CCleaner (registry part)- it found 185 broken/missing and deleted

I ran Spybot S&D - it found zero

I ran avast! - found nothing

I ran Advanced Spyware Remover - it found nothing

I ran CounterSpy - it found nothing

I ran HijackThis and its exactly as in the above post

BUT I recall that that avast! kept saying (out of date) and so did Windows security even though I update ALL the time! And most of the times it hardly downloads more than 0.3Kb worth. Furthermore I recall that avast! had many errors and failures. Many times it hasn't started... sp with that in mind

I ran Bitdefender - it took 6 hours and this is what it came up with!!!

BitDefender Online Scanner

Scan report generated at: Thu, Nov 02, 2006 - 23:26:08

Scan path: A:\;D:\;E:\;F:\;

Statistics
Time
06:06:16
Files
894623
Folders
7128
Boot Sectors
0
Archives
6635
Packed Files
104745

Results
Identified Viruses
2
Infected Files
4
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
4

Engines Info
Virus Definitions
452791
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1

Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions

Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes

Scanned File
Status
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP561\A0954057.exe=>wise0053
Infected with: Dropped:Application.Adware.NewDotNet.A
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP561\A0954057.exe=>wise0053
Disinfection failed
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP561\A0954057.exe=>wise0053
Deleted
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP561\A0954057.exe
Update failed
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP561\A0954057.exe=>wise0054=>(RAR Sfx o)=>WhAgent.exe
Detected with: Application.Spyware.WebHancer.A
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP561\A0954057.exe=>wise0054=>(RAR Sfx o)=>WhAgent.exe
Disinfection failed
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP561\A0954057.exe=>wise0054=>(RAR Sfx o)=>WhAgent.exe
Deleted
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP561\A0954057.exe=>wise0054=>(RAR Sfx o)
Update failed
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP562\A0955957.exe=>wise0053
Infected with: Dropped:Application.Adware.NewDotNet.A
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP562\A0955957.exe=>wise0053
Disinfection failed
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP562\A0955957.exe=>wise0053
Deleted
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP562\A0955957.exe
Update failed
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP562\A0955957.exe=>wise0054=>(RAR Sfx o)=>WhAgent.exe
Detected with: Application.Spyware.WebHancer.A
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP562\A0955957.exe=>wise0054=>(RAR Sfx o)=>WhAgent.exe
Disinfection failed
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP562\A0955957.exe=>wise0054=>(RAR Sfx o)=>WhAgent.exe
Deleted
D:\System Volume Information\_restore{02E815AF-FBD2-4F33-9D64-1E3E2E5EFDFC}\RP562\A0955957.exe=>wise0054=>(RAR Sfx o)
Update failed

Infections!!! but couldn't delete all as the last box said "your system is still not disinfected"!

Next I also ran WinPFind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 02/11/2006 17

04
WinPFind v1.5.0 Folder = D:\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 02/11/2006 05

52 39424 D:\WINDOWS\zipinst.exe (NirSoft)

Checking %System% folder...
UPX! 25/09/2006 16:45:08 666240 D:\WINDOWS\SYSTEM32\aswBoot.exe ()
PEC2 07/08/2004 00:15:42 41397 D:\WINDOWS\SYSTEM32\dfrg.msc ()
WSUD 04/08/2004 04

56 1200128 D:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 04/08/2004 04

38 708096 D:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 04/08/2004 04

58 257024 D:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 04/08/2004 04

46 657920 D:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 07/08/2004 00:18:14 1309184 D:\WINDOWS\SYSTEM32\wbdbase.deu ()

Checking %System%\Drivers folder and sub-folders...

Items found in D:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
02/11/2006 15:43:12 S 2048 D:\WINDOWS\bootstat.dat ()
01/11/2006 10:41:46 H 54156 D:\WINDOWS\QTFont.qfn ()
25/10/2006 04:18:10 RH 749 D:\WINDOWS\WindowsShell.Manifest ()
31/10/2006 14:49:52 RHS 227 D:\WINDOWS\assembly\Desktop.ini ()
31/10/2006 14:49:54 RH 0 D:\WINDOWS\assembly\PublisherPolicy.tme ()
31/10/2006 14:49:54 RH 0 D:\WINDOWS\assembly\pubpol1.dat ()
01/11/2006 05:50:00 RH 0 D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ind ex1b.dat ()
01/11/2006 05:50:18 RH 0 D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ind ex1c.dat ()
02/11/2006 15:43:16 S 64 D:\WINDOWS\CSC\00000001 ()
30/10/2006 07:40:20 S 64 D:\WINDOWS\CSC\00000002 ()
25/10/2006 04:18:26 H 65 D:\WINDOWS\Downloaded Program Files\desktop.ini ()
25/10/2006 04:20:22 HS 67 D:\WINDOWS\Fonts\desktop.ini ()
02/11/2006 17:19:06 H 0 D:\WINDOWS\LastGood\INF\oem8.inf ()
02/11/2006 17:19:06 H 0 D:\WINDOWS\LastGood\INF\oem8.PNF ()
25/10/2006 04:18:26 H 65 D:\WINDOWS\Offline Web Pages\desktop.ini ()
25/10/2006 04:19:22 RHS 727 D:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_1 .cab ()
25/10/2006 04:19:22 RHS 19854 D:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_2 .cab ()
25/10/2006 04:19:22 RHS 244933 D:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_3 .cab ()
25/10/2006 04

48 H 229376 D:\WINDOWS\repair\ntuser.dat ()
26/10/2006 04:34:26 HS 5 D:\WINDOWS\system32\abccedc1_d.dll ()
25/10/2006 04:18:10 RH 749 D:\WINDOWS\system32\cdplayer.exe.manifest ()
25/10/2006 04:18:26 RH 488 D:\WINDOWS\system32\logonui.exe.manifest ()
25/10/2006 04:18:10 RH 749 D:\WINDOWS\system32\ncpa.cpl.manifest ()
25/10/2006 04:18:10 RH 749 D:\WINDOWS\system32\nwc.cpl.manifest ()
25/10/2006 04:18:10 RH 749 D:\WINDOWS\system32\sapi.cpl.manifest ()
25/10/2006 04:18:26 RH 488 D:\WINDOWS\system32\WindowsLogon.manifest ()
25/10/2006 04:18:10 RH 749 D:\WINDOWS\system32\wuaucpl.cpl.manifest ()
02/11/2006 15:43:02 H 8192 D:\WINDOWS\system32\config\default.LOG ()
02/11/2006 15:43:26 H 1024 D:\WINDOWS\system32\config\SAM.LOG ()
02/11/2006 15:43:14 H 12288 D:\WINDOWS\system32\config\SECURITY.LOG ()
02/11/2006 17:19:12 H 1355776 D:\WINDOWS\system32\config\software.LOG ()
02/11/2006 17:19:06 H 876544 D:\WINDOWS\system32\config\system.LOG ()
25/10/2006 04

46 H 1024 D:\WINDOWS\system32\config\TempKey.LOG ()
25/10/2006 04

54 H 1024 D:\WINDOWS\system32\config\userdiff.LOG ()
31/10/2006 12:26:08 H 1024 D:\WINDOWS\system32\config\systemprofile\NtUser.da t.LOG ()
25/10/2006 04:58:40 HS 62 D:\WINDOWS\system32\config\systemprofile\Applicati on Data\desktop.ini ()
31/10/2006 15:31:54 S 341 D:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\303572DF53 8EDD8B1D606185F1D559B8 ()
31/10/2006 15:31:54 S 413 D:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\79841F8EF0 0FBA86D33CC5A47696F165 ()
31/10/2006 15:31:54 S 574 D:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\9045902384 00AD963F77FAAAADC9BAB5 ()
30/10/2006 08:06:42 S 558 D:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88 E6B6165D49FE3C95ADD735 ()
31/10/2006 15:31:54 S 126 D:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\303572DF5 38EDD8B1D606185F1D559B8 ()
31/10/2006 15:31:54 S 98 D:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF 00FBA86D33CC5A47696F165 ()
31/10/2006 15:31:54 S 136 D:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\904590238 400AD963F77FAAAADC9BAB5 ()
30/10/2006 08:06:42 S 144 D:\WINDOWS\system32\config\systemprofile\Applicati on Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC8 8E6B6165D49FE3C95ADD735 ()
25/10/2006 04:58:40 HS 62 D:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini ()
25/10/2006 04:28:52 HS 113 D:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini ()
25/10/2006 04:28:52 HS 113 D:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini ()
25/10/2006 04:28:52 HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini ()
25/10/2006 04:28:52 HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini ()
25/10/2006 04:28:52 HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4ZGB05O1\desktop.ini ()
25/10/2006 04:28:52 HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A7SFONE5\desktop.ini ()
25/10/2006 04:28:52 HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S385K9ID\desktop.ini ()
25/10/2006 04:28:52 HS 67 D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WTUBGLYJ\desktop.ini ()
25/10/2006 04:18:32 HS 181 D:\WINDOWS\system32\config\systemprofile\SendTo\de sktop.ini ()
25/10/2006 04:58:40 HS 62 D:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini ()
25/10/2006 04

46 HS 148 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini ()
25/10/2006 04

46 HS 482 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini ()
25/10/2006 04

46 HS 348 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.in i ()
25/10/2006 04

46 HS 84 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.in i ()
25/10/2006 04

46 HS 84 D:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini ()
25/10/2006 04:29:06 HS 388 D:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\0418d89c-eafd-4f89-999a-83a423b6a1f0 ()
25/10/2006 04:29:06 HS 24 D:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
02/11/2006 15:41:50 H 6 D:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
04/08/2004 04

58 68608 D:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
04/08/2004 04

58 549888 D:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
04/08/2004 04

58 110592 D:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
04/08/2004 04

58 135168 D:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
04/08/2004 04

58 80384 D:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
04/08/2004 04

58 155136 D:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
04/08/2004 04

58 358400 D:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
04/08/2004 04

58 129536 D:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
04/08/2004 04

58 380416 D:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
04/08/2004 04

58 68608 D:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
12/10/2006 03:10:54 49265 D:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
07/08/2004 00:17:02 187904 D:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
04/08/2004 04

58 618496 D:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
07/08/2004 00:17:26 35840 D:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
04/08/2004 04

58 25600 D:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
04/08/2004 04

58 257024 D:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
07/08/2004 00:17:32 36864 D:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
04/08/2004 04

58 32768 D:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
04/08/2004 04

58 114688 D:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
03/08/2006 14:23:46 38432 D:\WINDOWS\SYSTEM32\SanCpl.cpl (SiSoftware)
04/08/2004 04

58 298496 D:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
07/08/2004 00:18:04 28160 D:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
04/08/2004 04

58 94208 D:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
04/08/2004 04

58 148480 D:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
04/08/2004 04

58 162304 D:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
04/08/2004 04

58 68608 D:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
04/08/2004 04

58 549888 D:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
04/08/2004 04

58 110592 D:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl (Microsoft Corporation)
04/08/2004 04

58 135168 D:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
04/08/2004 04

58 80384 D:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
04/08/2004 04

58 155136 D:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
04/08/2004 04

58 358400 D:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
04/08/2004 04

58 129536 D:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
04/08/2004 04

58 380416 D:\WINDOWS\SYSTEM32\dllcache\irprops.cpl (Microsoft Corporation)
04/08/2004 04

58 68608 D:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
07/08/2004 00:17:02 187904 D:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
04/08/2004 04

58 618496 D:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
07/08/2004 00:17:26 35840 D:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
04/08/2004 04

58 25600 D:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
04/08/2004 04

58 257024 D:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
07/08/2004 00:17:32 36864 D:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
04/08/2004 04

58 32768 D:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
04/08/2004 04

58 114688 D:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
03/08/2004 23

58 155648 D:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
04/08/2004 04

58 298496 D:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
07/08/2004 00:18:04 28160 D:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
04/08/2004 04

58 94208 D:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
04/08/2004 04

58 148480 D:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
04/08/2004 04

58 162304 D:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
07/12/2001 14:59:00 R 425984 D:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFi les\cmicnfg.cpl ()

Checking for Downloaded Program Files...
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = D:\Program Files\Yahoo!\Common\yinsthelper.dll
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/reso...an8/oscan8.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
25/10/2006 04

46 HS 84 D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
25/10/2006 04:58:40 HS 62 D:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini ()

Checking files in %USERPROFILE%\Startup folder...
25/10/2006 04

46 HS 84 D:\Documents and Settings\Home\Start Menu\Programs\Startup\desktop.ini ()
25/10/2006 09:11:10 708 D:\Documents and Settings\Home\Start Menu\Programs\Startup\SpywareBlaster.lnk ()
25/10/2006 09:04:08 656 D:\Documents and Settings\Home\Start Menu\Programs\Startup\SpywareGuard.lnk ()
25/10/2006 09:13:26 1576 D:\Documents and Settings\Home\Start Menu\Programs\Startup\YPOPs.lnk ()

Checking files in %USERPROFILE%\Application Data folder...
25/10/2006 04:58:40 HS 62 D:\Documents and Settings\Home\Application Data\desktop.ini ()
30/10/2006 13:28:26 62 D:\Documents and Settings\Home\Application Data\nero_photoshow_express_4_eu_row.txt ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.google.com/
\\Search Page - http://www.microsoft.com/isapi/redir...ie&ar=iesearch
\\Local Page - D:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = ()

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
\{4A368E80-174F-4872-96B5-0B27DDD11DB2} - SpywareGuardDLBLOCK.CBrowserHelper = D:\Program Files\SpywareGuard\dlprotect.dll ()
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - = ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
\\NEXTID - 8195
\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8193 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 = Windows Messenger

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
\\{81559C35-8464-49F7-BB0E-07A383BEF910} - SpywareGuard = D:\Program Files\SpywareGuard\spywareguard.dll ()
\\{5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} - IVB Shl Ext = ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\Cont extMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = D:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemO bjects\shellex\ContextMenuHandlers]
\IVBShlExt - {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} = ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shel lex\ContextMenuHandlers]
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\Back Ground\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex \ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = D:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = D:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex \ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
SunJavaUpdateSched - D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe (Sun Microsystems, Inc.)
avast! - D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
Advanced Spyware Remover Pro - D:\Program Files\Advanced Spyware Remover\Asr.exe (Evonsoft)
ShutdownTray - D:\Program Files\ShutdownTray\ShutdownTray.exe (VicTech Software)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Shell Folders\\Common Startup]
D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Shell Folders\\Startup]
D:\Documents and Settings\Home\Start Menu\Programs\Startup\desktop.ini ()
D:\Documents and Settings\Home\Start Menu\Programs\Startup\SpywareBlaster.lnk - D:\Program Files\SpywareBlaster\spywareblaster.exe ()
D:\Documents and Settings\Home\Start Menu\Programs\Startup\SpywareGuard.lnk - D:\Program Files\SpywareGuard\sgmain.exe ()
D:\Documents and Settings\Home\Start Menu\Programs\Startup\YPOPs.lnk - D:\Program Files\YPOPs\ypops.exe (http://yahoopops.sourceforge.net)

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
services 0
startup 0

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = D:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - = ()
\\{81559C35-8464-49F7-BB0E-07A383BEF910} - SpywareGuard.Handler = D:\Program Files\SpywareGuard\spywareguard.dll ()

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = D:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{867F1771-CD1F-4D70-A07C-724876AACFA3} - (SiS 900 PCI Fast Ethernet Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WinSock2\Parameters\NameSpace_Catalog5\Catalog_ Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WinSock2\Parameters\Protocol_Catalog9\Catalog_E ntries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler]
\belarc - D:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filt er]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Somebody help because Im in SafeMode with Networking... I've started my anti-virus, Spyware Guard, Spyware Blaster and ASR and my Windows problems are totally gone here. But they appear in the normal mode....

Awaiting patiently.....

Thanks in advance

**Kazna3** · 03-11-2006

For more information about my current status and the virus I found:
Windows Explorer, Winlogon, Office XP, MS Photo Editor and Windows Installer errors

Thanks

EDIT

Wow my CPU fan is quiet now, and is at 1-2% usage with 5 programs open! Compared to manical problems before.

avast! found 3 virus - Win32:Parite-B and A - all three were successfully deleted.

Since they have been deleted, so far my computer is running perfectly, no errors that I usually get, and everything has been able to get executed as should be.

As I said, all my explorer problems, Win Installer problems software probllems, CPU usage, and system problems seem to be related to that.

Still there maybe more you guys know that is wrong and I do need my registry problems sorted but don't know how yet. Will have to actually purchase a software just for that? I can't find a free one that does the repairs and deletions.

I await patiently.

**Kazna3** · 03-11-2006

I keep getting the Virus: Worm Win32:Parite B and A into my computer.

This is the 5th time I've found it on here and it keeps coming up and installing.

Is there any way to safe guard my computer so that it doesn't enter like it is doing?

I have Spyware Guard, Spyware Blaster, Advanced Spyware Remover and avast! running. I had Sunbelt Kerio firewall but its driver:fwdrv.sys kept giving me BSoD's so I uninstalled it and only have the SP2 firewall running at the mo.

Do I necessarily need one? If so whats recommended?

I've previously had firewaals and anti-virus from Norton 2003, 2005, StopZilla, Panda, Kaspersky, McAfee, AVG, AntiVir, Zonealarm and ermmmm a few others I can't remember right now.

Norton produced the worst problems. Once I recovered from that Panda literally destroyed my system. McAfee produced problems with Thunderbird for me and AVG, well it just ran but I never picked up anything on it. It was deleted as part of a harddrive format and never installed again. Kaspersky was good for how I experienced but I didn't think it was much use at actually protecting my system from the latest threats n pests (and I receive a hell ova lot for some reason). Stopzilla gave me immense problems and AntiVir was always letting in intruders.

**Kazna3** · 04-11-2006

Well I'm having problems, one after another strange one and I'd like some help please

IGNORE THE FIRST HIJACKTHIS LOG

Here's the latest:

Logfile of HijackThis v1.99.1
Scan saved at 03:28:52, on 05/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Advanced Spyware Remover\Asr.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\YPOPs\ypops.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Home\Desktop\Software\bunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Advanced Spyware Remover Pro] D:\Program Files\Advanced Spyware Remover\Asr.exe
O4 - Startup: SpywareBlaster.lnk = D:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: YPOPs.lnk = D:\Program Files\YPOPs\ypops.exe
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe

I know there's a delay so I'm ok for a week or so, just to let you know.

New HijackThis log following my increasing problems!

New HijackThis log following my increasing problems!

Similar Threads

Increasing Virt. Mem two days now?

HijackThis Log - Various Problems

advice on increasing memory on Compaq S3150UK

Increasing Notebook Screen Resolution

Several problems: Hijackthis log