My system is infected with adware/pornware

ilugd · 24-07-2007, 12:13 PM

Even though i don't use internet explorer, but firefox, internet explorer keeps opening around once every two hours with some ads of porn sites and casinos.
I tried adaware but it couldn't find any infection
Hijackthis gave me this log. Could someone point out to me what entries are to be removed?

Code:

Logfile of HijackThis v1.99.1
Scan saved at 12:10:34 PM, on 24/07/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Quick IP Config\QuickIPConfig.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Ahead\Nero\nero.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Jeba Singh Emmanuel\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://in.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://in.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://in.search.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKLM\..\Run: [REF LIES SIXTH LITE] C:\Documents and Settings\All Users\Application Data\Log Htm Lite Each\five play drive.exe
O4 - HKLM\..\Run: [axis love poll lite] C:\Documents and Settings\All Users\Application Data\each new axis love\Stop does.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [QuickIPConfig] C:\Program Files\Quick IP Config\QuickIPConfig.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [CURBBALL] C:\DOCUME~1\JEBASI~1\APPLIC~1\LOGOME~1\CopyProcDownload.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.1.50.0\gears.dll
O9 - Extra button: CADE - {605E5D27-BFA0-471F-87ED-98A2623D633C} - C:\Program Files\CADE\Web\new.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184433152421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2E46D58-6D6B-49A2-9509-D083ADF55540}: NameServer = 203.94.243.70,4.2.2.2
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: Google Update Service (gupdate) - Unknown owner - C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe

aryayush · 24-07-2007, 01:22 PM

WOW! You sure have a lot of startup items.

abhijangda · 24-07-2007, 03:11 PM

scan with spybot or adaware.

infra_red_dude · 24-07-2007, 03:33 PM

never heard of these two:
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

what are they? better check them out.

ax3 · 24-07-2007, 04:11 PM

1stly clear all ur cache & cookies ..........

install adblock extension 4 FF ...... which will eventually block ads or popup ads from all sites with some exceptional site u allow ..........

update ur spybot & scan it .........

else

PM or contact VISHAL GUPTA regarding ur hijackthis log file ..........

Vishal Gupta · 24-07-2007, 04:24 PM

^^ thnx.

@ilugd
Boot into safe mdoe and fix these:

Code:

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REF LIES SIXTH LITE] C:\Documents and Settings\All Users\Application Data\Log Htm Lite Each\five play drive.exe
O4 - HKLM\..\Run: [axis love poll lite] C:\Documents and Settings\All Users\Application Data\each new axis love\Stop does.exe
O23 - Service: Google Update Service (gupdate) - Unknown owner - C:\Program Files\Google\Common\Update\1.0.69.0\GoogleUpdate.exe" /svc (file missing)

These entries will also speed up ur system.

sakumar79 · 24-07-2007, 04:27 PM

A few other strange entries:

O4 - HKLM\..\Run: [REF LIES SIXTH LITE] C:\Documents and Settings\All Users\Application Data\Log Htm Lite Each\five play drive.exe
O4 - HKLM\..\Run: [axis love poll lite] C:\Documents and Settings\All Users\Application Data\each new axis love\Stop does.exe
O4 - HKCU\..\Run: [CURBBALL] C:\DOCUME~1\JEBASI~1\APPLIC~1\LOGOME~1\CopyProcDow nload.exe

One more thing - you can turn off updaters for Quicktime, Real Player, Java etc if you dont use them often. You can also turn off igfxtray and hkcmd if you dont need them.

Arun

EDIT: Just noticed Vishal beat me to it by three minutes... But I do think the CopyProcDownload program may also be malicious - if you dont know what it is, chances are it is a malware.

Liggy · 24-07-2007, 10:08 PM

I would suggest a better av scaner then yahoo's or pest patrol or whatever it is called now ( CA\ eTrust ). was this free? I think everyone pointed out the nasties there, run another hijack this and compare with this one, are all those values removed now?
if it is only IE that pop open you can always remove IE form add remove prog, window components!

Vishal Gupta · 24-07-2007, 10:12 PM

^^ Spyware use default web browser to pop up those ads. there will be no benefit to remove IE from system and one more thing, u can't remove IE from "Add/Remove programs -> Windows Components". It'll only remove IE shortcut from Desktop.

ilugd · 25-07-2007, 03:36 PM

thanks everyone for your help. I will do these right away. (I was a bit in the blues the past few days. Didn't visit the forum too often.)

anandk · 25-07-2007, 06:31 PM

www.hijackthis.de also does a good job at auto-analysing logfiles instantly.

ilugd · 26-07-2007, 10:27 AM

thanks. I tried the other suggestions above, but still get the same popups. But I guess I didn't do those in safe mode. Does that make a significant difference?

shady_inc · 26-07-2007, 10:57 AM

u can try posting ur hijackthis log in this forums.read their rules carefully before posting though.

ds_rajat · 26-07-2007, 11:05 AM

Hey buddy, download AVG Anti-Spyware absolutely free from here:

http://free.grisoft.com/doc/20/lng/us/tpl/v5

Also try Ad-aware SE free:

http://www.download.com/3405-8022-5153545.html

sakumar79 · 26-07-2007, 11:25 AM

Usually, it is better to remove viruses in safe mode... Also, make sure you remove all System Restore points before you proceed, and create a new system restore point after it...

Arun

ilugd · 26-07-2007, 12:43 PM

did in safe mode. submitted to www.hijackthis.de and removed all entries it said even remotely suspicious. And I did this in safe mode. But the problem still persists. I am a bit confused about this line

Code:

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

i will try to download the other softwares and do a scan.
Thank you all for your continued help.

gxsaurav · 26-07-2007, 12:55 PM

This file is installed with iTunes/QuickTime. Leave it.

ilugd · 26-07-2007, 04:13 PM

oh, thanks

some blasted idiot told me that i was too much of a self righteous prick for using only purchased software. I figured once would not hurt and installed the cd of soldier of fortune he gave me. And guess what? Infected!!
Backdoor.theef.111

Fck him!!

some blasted idiot told me that i was too much of a self righteous prick for using only purchased software. I figured once would not hurt and installed the cd of soldier of fortune he gave me. And guess what? Infected!!
Backdoor.theef.111

Fck him!!

navjotjsingh · 26-07-2007, 06:05 PM

I don't think just fixing via Hijackthis would solve the problem. You should manually delete the files:
C:\Documents and Settings\All Users\Application Data\Log Htm Lite Each\five play drive.exe
C:\Documents and Settings\All Users\Application Data\each new axis love\Stop does.exe

If error appears that files in use, kill via Task manager and then delete them.

Also check Add/Remove Programs option from control panel. Sometimes spywares comes with their own uninstallers. Try them and then remove the leftovers.

Scan the PC with Kaspersky/Nod 32 and Adaware 2007, Spybot, SpySweeper and a-squared. Also check for rootkits to ensure 100% protection.

ilugd · 28-07-2007, 01:02 PM

hosts file was filled with entries made by cid to 127.0.0.1. Removed those.
Thanks. Online scan is going on. Will do that then reboot in safe mode and remove the ^^^ above files.

Thanks again for all your help.

vish786 · 28-07-2007, 01:21 PM

Quote:

Originally Posted by infra_red_dude

never heard of these two:
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

what are they? better check them out.

those files make ur audio work. (hardware dependent files).

He28 · 29-07-2007, 06:01 AM

Did you try SmitfraudFix?
It is a wonderful Spyware and Adware removal tool. Please type -- http://siri.urz.free.fr/Fix/SmitfraudFix.zip in the address bar of your browser and press enter. This will download .zip file to your system. Then extract it and boot in Safe Mode. In Safe Mode, run the file; SmitfraudFix. Then follow the steps on screen and reboot in Normal Mode. I tried this on atleast a dozen systems and it successfully removed all Malware.
If this doesn't help, let me know.

Enjoy.

abhijangda · 29-07-2007, 08:47 AM

use spybot/adawarese.

ilugd · 29-07-2007, 07:17 PM

never tried smitfraudfix yet. Will do now
Tried adaware, it said not infection.
Will try spybot now.
This thing is getting embarassing. The office secretary was using my system to check railway reservation since her system was undergoing maintenance by me and in the midst of all her clicking, a porn ad came up. Had to explain the whole concept of malware to her.

Liggy · 30-07-2007, 03:14 AM

try ComboFix,(used smitfruad but combo is more detailed and should produce log file that is more detailed, post here if u use combofix) noticed u had entry about a winsock error in your hijack file, did you try to reset the winsocks?
by the way Ilugd, like your signature... politics... LOL So true!!! Love that one!

ilugd · 30-07-2007, 11:23 AM

^^^ gx_saurav told me that it was installed with quicktime and to let it be, so I didn't change that.

OK, will try smitfraudfix and combofix both. Hold on

smitfraud fix did some deleting
but got this on searching for combofix
http://www.windowsforum.org/forums/i...ode=linearplus

gxsaurav · 30-07-2007, 11:33 AM

Quote:

Originally Posted by ilugd

This thing is getting embarassing. The office secretary was using my system to check railway reservation since her system was undergoing maintenance by me and in the midst of all her clicking, a porn ad came up. Had to explain the whole concept of malware to her.

Aww....thats embarassing, not to many girls like to watch porn with guys anyway

U do one thing, since nothing is coming out, do this

1) Give us a log here of startup programs

2) Give us a log or screenshot of "Add/Remove Programs"

3) The latest hijack this log

He28 · 31-07-2007, 05:09 AM

Hi ilugd
Were you able to resolve the issue on your system with Malware?
Let me know if SmitfraudFix helped or how you manage to remove the crap off your system.

ankushkool · 31-07-2007, 08:51 AM

can any one tell me if there is any unwanted application running on my comp

Logfile of HijackThis v1.99.1
Scan saved at 8:50:05 AM, on 7/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
E:\Program Files\pc suite\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\Program Files\pc suite\Nokia PC Suite 6\OneTouchAccess.exe
E:\Program Files\GetRight\getright.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\Explorer.EXE
E:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = +
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - e:\PROGRA~1\YETISP~1\IEBUTT~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZRfox000
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight Pro - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - E:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - e:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - e:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E550478-9B30-4FB7-96C7-CCB4CA49EE69}: NameServer = 202.56.230.5 202.56.240.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD958065-2DD7-4596-89FD-121423D33976}: NameServer = 192.255.255.0,192.255.255.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)

please help

ilugd · 31-07-2007, 02:37 PM

@ he28, yes it seems to be gone now, a whole day with no explorer crap opening up.
And @gxsaurav? You think that is funny. You won't think it funny when it happens to you. I work in a church for christ's sake.

Actually i am not sure how it got fixed but i remember that i downloaded a software that would delete locked files on the next boot and i set it to delete the two files that navjot singh had mentioned. Thanks navjot. I am keeping my fingers crossed for a week atleast.

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine