We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Hijack this help

1246710

Comments

  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    Before we delve into the registry lets air on the side of caution.

    Malware Bytes - if you already have a copy please ensure you update it prior to running it. As before please disable Spybot Teatimer and or any programme that protects the registry - Winpatrol, Windows Defender etc...

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
  • tranmererovers
    tranmererovers Posts: 2,313 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    I have just run a quick scan on malwarebytes (Version 1.28) and nothing was detected. I also ran a full malwarebytes scan earlier today which came back clear.
    It's easier to get forgiveness than to ask permission ;)
  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    You already have combofix so lets try a script.

    As an added caution I would back up any data prior to starting this.

    Running scripts can be dangerous and I leave it up to you whether you proceed.

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"="avgrsstx.dll"
    Save this as CFScript.txt, in the same location as ComboFix.exe


    CFScriptB-4.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • tranmererovers
    tranmererovers Posts: 2,313 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Reluctant_spender wrote: »
    You already have combofix so lets try a script.

    As an added caution I would back up any data prior to starting this.

    Running scripts can be dangerous and I leave it up to you whether you proceed.

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript.txt, in the same location as ComboFix.exe


    CFScriptB-4.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


    *is scared now!*

    What is the risk. It is a friends computer and I am trying to do them a favour in sorting out the malware and installing some better protection. They have loads of photos and other data on the computer but I dont have the means to secure all this anywhere?

    Also, just checking but

    avgrsstx.dll only appeared after I installed AVG. Before that it was just the karna.dat on the hijack this? So is that script right?? (Sorry just being over cautious now :o )
    It's easier to get forgiveness than to ask permission ;)
  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    The script is not removing avgrsstx.dll. It is reinforcing it's right to be there.

    In short it is rewriting the bad value.

    Combofix does have built in recovery software and registry recovery.

    The chances are nothing will go wrong but I am not doing it you are and you are taking the risk not me.

    Don't apologise, caution is good
  • tranmererovers
    tranmererovers Posts: 2,313 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Thanks - I'm going to do it now!

    Wish me luck!
    It's easier to get forgiveness than to ask permission ;)
  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    Fingers are crossed :)
  • tranmererovers
    tranmererovers Posts: 2,313 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    You can uncross them now :D :j :j

    Here is the combofix log...

    ComboFix 08-10-10.09 - another 2008-10-15 22:49:24.2 - NTFSx86
    Running from: C:\Documents and Settings\another\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\another\Desktop\CFScript.txt
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
    .

    2008-10-14 22:47 . 2008-10-14 22:47 <DIR> d
    C:\WINDOWS\ERUNT
    2008-10-14 22:42 . 2008-10-15 20:04 <DIR> d
    C:\SDFix
    2008-10-13 22:36 . 2008-10-13 23:11 <DIR> d--h
    C:\$AVG8.VAULT$
    2008-10-11 12:19 . 2008-10-11 12:19 <DIR> d
    C:\Documents and Settings\NetworkService\Application Data\yahoo!
    2008-10-11 12:06 . 2008-10-11 12:09 <DIR> d
    C:\WINDOWS\SYSTEM32\DRIVERS\Avg
    2008-10-11 12:06 . 2008-10-11 12:06 <DIR> d
    C:\Program Files\AVG
    2008-10-11 12:06 . 2008-10-11 12:06 <DIR> d
    C:\Documents and Settings\All Users\Application Data\avg8
    2008-10-11 12:06 . 2008-10-11 12:06 97,928 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
    2008-10-11 12:06 . 2008-10-11 12:06 76,040 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
    2008-10-11 12:06 . 2008-10-11 12:06 10,520 --a
    C:\WINDOWS\SYSTEM32\avgrsstx.dll
    2008-10-11 12:00 . 2004-10-15 18:32 83,096 --a
    C:\WINDOWS\SYSTEM32\SSSensor.dll
    2008-10-11 12:00 . 2004-10-15 18:17 60,496 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\Teefer.sys
    2008-10-11 12:00 . 2004-10-15 18:18 21,075 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\wpsdrvnt.sys
    2008-10-11 12:00 . 2004-10-15 18:32 14,568 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\wg6n.sys
    2008-10-11 12:00 . 2004-10-15 18:32 14,568 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\wg5n.sys
    2008-10-11 12:00 . 2004-10-15 18:32 14,568 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\wg4n.sys
    2008-10-11 12:00 . 2004-10-15 18:32 14,568 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\wg3n.sys
    2008-10-11 11:59 . 2008-10-11 11:59 <DIR> d
    C:\Program Files\Sygate
    2008-10-11 11:50 . 2008-10-11 11:50 <DIR> d
    C:\Program Files\Lavasoft
    2008-10-11 11:50 . 2008-10-11 11:53 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-10-11 11:48 . 2008-10-11 11:59 <DIR> d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-11 11:33 . 2008-10-11 11:39 <DIR> d-a
    C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-11 11:32 . 2008-10-11 11:32 <DIR> d
    C:\Program Files\SpywareBlaster
    2008-10-11 11:23 . 2008-10-11 11:25 <DIR> d
    C:\Program Files\Spybot - Search & Destroy
    2008-10-11 11:23 . 2008-10-15 19:05 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-11 10:41 . 2008-10-11 10:41 <DIR> d
    C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-10-11 10:39 . 2004-09-24 17:05 <DIR> d
    C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
    2008-10-11 10:39 . 2004-09-24 17:07 <DIR> d
    C:\Documents and Settings\Administrator\Application Data\Sonic
    2008-10-11 10:39 . 2004-09-24 17:02 <DIR> d
    C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
    2008-10-11 10:39 . 2004-09-24 17:07 <DIR> d
    C:\Documents and Settings\Administrator\Application Data\AOL
    2008-10-11 10:39 . 2008-10-11 10:39 <DIR> d
    C:\Documents and Settings\Administrator
    2008-10-11 10:35 . 2008-10-15 21:53 <DIR> d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-11 10:35 . 2008-10-11 10:35 <DIR> d
    C:\Documents and Settings\another\Application Data\Malwarebytes
    2008-10-11 10:35 . 2008-10-11 10:35 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-11 10:35 . 2008-09-10 00:07 38,528 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-10-11 10:35 . 2008-09-10 00:07 17,200 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
    2008-10-11 10:33 . 2008-10-11 10:33 <DIR> d
    C:\Program Files\CCleaner
    2008-10-11 10:32 . 2008-10-11 10:32 <DIR> d
    C:\Program Files\Trend Micro
    2008-10-10 17:08 . 2008-10-11 10:59 <DIR> d
    C:\Documents and Settings\All Users\Application Data\iniloxsb
    2008-10-10 17:02 . 2008-10-11 10:59 <DIR> d
    C:\Program Files\xjdzuqd
    2008-10-10 17:02 . 2008-10-10 17:02 <DIR> d
    C:\Documents and Settings\All Users\Application Data\udixcxof
    2008-10-10 17:02 . 2008-10-10 17:02 86,016 --a
    C:\WINDOWS\SYSTEM32\dwzyzabo.exe
    2008-09-30 21:51 . 2008-09-30 21:51 <DIR> d
    C:\Program Files\Samsung
    2008-09-30 21:03 . 2006-10-04 15:06 1,197,294
    C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
    2008-09-30 21:03 . 2006-10-04 15:06 764,868
    C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
    2008-09-30 21:03 . 2006-10-04 15:06 217,118
    C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
    2008-09-30 21:02 . 2008-09-30 21:02 <DIR> d
    C:\Program Files\Windows Media Connect 2
    2008-09-30 21:00 . 2008-09-30 21:00 <DIR> d
    C:\WINDOWS\SYSTEM32\LogFiles
    2008-09-30 21:00 . 2008-09-30 21:01 <DIR> d
    C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
    2008-09-30 20:15 . 2006-05-03 22:53 174,592 --a
    C:\WINDOWS\SYSTEM32\framedyn.dll
    2008-09-30 20:14 . 2008-09-30 20:15 <DIR> d
    C:\WINDOWS\SYSTEM32\Samsung_USB_Drivers
    2008-09-30 20:14 . 2006-07-24 16:05 5,632 --a
    C:\WINDOWS\SYSTEM32\DRIVERS\StarOpen.sys
    2008-09-30 20:14 . 2005-08-28 20:51 766 --a
    C:\WINDOWS\SYSTEM32\Uninstall.ico

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-02 19:01
    d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-01 19:13
    d
    w C:\Documents and Settings\another\Application Data\AdobeUM
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-13_20.18.14.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-07 15:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-10-15 18:48:50 8,835,072 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
    + 2008-10-15 18:48:50 36,864 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-08-07 15:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-10-14 21:47:32 712,704 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
    + 2008-10-14 21:47:32 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "STManager"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" [2003-10-16 118784]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 2478080]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 1871872]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
    "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
    "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 122933]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-02-25 496752]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-24 98304]
    "AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 147456]
    "EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 406016]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
    "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-16 180269]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 114688]
    "EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE" [2005-03-09 98304]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-11 1234712]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-15 113664]
    AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2004-09-24 156784]
    BT Yahoo! Help.lnk - C:\Program Files\BT Yahoo\BT Yahoo Help\bin\matcli.exe [2005-05-21 217088]
    Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 200704]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg21.dll
    "VIDC.PIM1"= pclepim1.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
    "C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-11 97928]
    R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-11 875288]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-11 231704]
    R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-11 76040]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!7bef049a-2c00-11dc-a1ea-000e505b3b81}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-15 22:58:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vsdatant]
    "ImagePath"=""
    .
    Completion time: 2008-10-15 23:04:52
    ComboFix-quarantined-files.txt 2008-10-15 22:04:43
    ComboFix2.txt 2008-10-13 19:19:12

    Pre-Run: 12,853,993,472 bytes free
    Post-Run: 12,836,315,136 bytes free

    156 --- E O F --- 2008-10-01 20:59:32
    It's easier to get forgiveness than to ask permission ;)
  • tranmererovers
    tranmererovers Posts: 2,313 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    And here is a new Hijack This, and just to make sure, I rebooted and did another Hijack This to make sure it hadn't snuck back in!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:08:04, on 15/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AOL 9.0\aoltray.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - !!3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo\BT Yahoo Help\bin\matcli.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O9 - Extra button: (no name) - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - !!08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: BT Yahoo! Services - !!5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: BT - !!69CF4E2C-CA90-40BF-9834-D902C337474B} - http://www.bt.com (file missing) (HKCU)
    O9 - Extra button: Homepage - {AC795FE4-7900-434E-B6BF-D02DA157509E} - http://bt.yahoo.com (file missing) (HKCU)
    O16 - DPF: !!406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

    --
    End of file - 8410 bytes
    It's easier to get forgiveness than to ask permission ;)
  • tranmererovers
    tranmererovers Posts: 2,313 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    Dare I say it??? Has it gone??

    *crosses fingers and toes*
    It's easier to get forgiveness than to ask permission ;)
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.2K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.3K Spending & Discounts
  • 245.3K Work, Benefits & Business
  • 601K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 259.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture