I have a dialer.agent.z, ACG-anti spyeare delete it, but dialer always returns, please hel me!!

Logfile of HijackThis v1.99.1
Scan saved at 13:05:58, on 27.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\usbtapnp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Common Files\{6CDB09FB-0AF9-1050-0530-060510060181}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EnhanceKeyboard\kb_2k.exe
C:\Program Files\OfficeCenter\Office-Web Center\panel.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [USBTA] C:\WINDOWS\system32\usbtapnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: enhanced keyboard driver.lnk = ?
O4 - Global Startup: Office-Web Mouse.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

* You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

* Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
3. Run AVG Anti-Spyware
4. From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
5. After the update finishes (the status bar at the bottom will display "Update successful")
6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
7. Under "Reports
8. Select "Automatically generate report after every scan"
9. Un-Select "Only if threats were found"

[/list]Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


* Next, please reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

* Next, run Ad-aware and perform a full scan. Remove everything found.

1. Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
3. AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
4. If you have any infections you will prompted, then select "Apply all actions"
5. Next select the "Reports" icon at the top.
6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

* Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.


* Restart your computer in normal mode.

* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* Run the Panda online virus scan at http://www.pandasoftware.com/products/activescan.htm

- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

* Finally, restart your computer once more, and please post a new HijackThis log as well as the log from the AVG Anti-Spyware 7.5 scan and the log from the smitRem tool, which will be located at C:\smitfiles.txt.
Let us know if any problems persist.

thanks,I think that problem is solved, I do 2 scan with panda 'cos there was firms time a virus

Logfile of HijackThis v1.99.1
Scan saved at 21:48:46, on 27.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\usbtapnp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\{6CDB09FB-0AF9-1050-0530-060510060181}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\EnhanceKeyboard\kb_2k.exe
C:\Program Files\OfficeCenter\Office-Web Center\panel.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\Programi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [USBTA] C:\WINDOWS\system32\usbtapnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: enhanced keyboard driver.lnk = ?
O4 - Global Startup: Office-Web Mouse.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:47:41 27.11.2006

+ Scan result:



C:\Documents and Settings\User\Cookies\user@com[1].txt -> TrackingCookie.Com : Cleaned.


::Report end

first one:Panda

Incident Status Location

Adware:Adware/Maxifiles Not disinfected C:\Program Files\ipwins\Uninst.exe[2ÜÇ\nsProcess.dll]
Virus:Trj/Nebule.A Disinfected C:\Program Files\Softwin\BitDefender8\Quarantine\winbjv32.dll

second:

Incident Status Location

Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\User\Local Settings\Temp\b122.exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\VE0WK30T\122[1].net
Adware:Adware/Maxifiles Not disinfected C:\Program Files\ipwins\Uninst.exe[2ÜÇ\nsProcess.dll]

And the report from smitrem?

I cannot find it? In which folder is it?

I faund :


smitRem © log file
version 3.2

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: pon 27.11.2006
The current time is: 18:36:22,59

Running from
C:\Documents and Settings\User\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Appinitdll check ........ Thank you Grinler!

dumphive.exe ©2000-2004 Markus Stephany
REGEDIT4

[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XP Firewall allowed access

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\Mathematica.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\Mathematica.exe:*:Enabled:Mathematica 5.2"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\MathKernel.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\MathKernel.exe:*:Enabled:Mathematica 5.2 Kernel"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\math.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.2\\math.exe:*:Enabled:math.exe"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!


checking for drsmartload2 key


drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

amcompat.tlb
nscompat.tlb


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 792 'explorer.exe'
Killing PID 792 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~



~~~ Wininet.dll ~~~

CLEAN!

My English is not so good, but really thank you for help. Do you think that my comp is cleen, now?

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-1_5_0_10-windowsi586-p.exe to install the newest version.

* Please open hijackthis and put a check next to the following:

O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - C:\WINDOWS\system32\ixt0.dll (file missing)
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

I cannont find Java Runtime Environment (JRE) 5.0 Update 10. Maybe they remove Update 10 from site, maybe it had some troubless. There is only Update 9. Is update 9 good? By the way I have Update 6 installed to my comp.

I have installed Update 9 of java.

User - 06-11-28 13:34:36,96 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\User\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Inetget2
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{3CDB09FB-0AF9-1050-0530-060510060181}
C:\Program Files\Common Files\{6CDB09FB-0AF9-1050-0530-060510060181}


((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))


2006-11-28 13:32 <DIR> d-------- C:\Program Files\Java
2006-11-28 13:32 <DIR> d-------- C:\Program Files\Common Files\Java
2006-11-27 20:59 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-11-27 18:40 <DIR> d-------- C:\WINDOWS\temp
2006-11-27 11:37 <DIR> d-------- C:\Program Files\Softwin
2006-11-27 11:27 <DIR> d-------- C:\Program Files\Common Files\Softwin
2006-11-27 10:01 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-27 02:49 <DIR> d-------- C:\WINDOWS\pss
2006-11-27 02:47 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-27 02:47 <DIR> d-------- C:\Program Files\Grisoft
2006-11-27 02:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2006-11-27 02:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\Webroot
2006-11-27 02:17 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-27 02:17 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-27 02:17 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-27 02:17 2,578 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-27 02:17 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-26 22:22 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-11-26 22:22 <DIR> d-------- C:\Documents and Settings\User\Application Data\Mathematica
2006-11-26 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Mathematica
2006-11-26 22:19 <DIR> d-------- C:\Program Files\Wolfram Research
2006-11-24 12:51 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-11-24 12:51 <DIR> d-------- C:\Documents and Settings\User\Application Data\Mozilla
2006-11-23 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-22 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2006-11-22 22:03 <DIR> d-------- C:\Program Files\WinRAR
2006-11-20 12:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\Dev-Cpp
2006-11-20 12:42 <DIR> d-------- C:\Dev-Cpp
2006-11-19 12:25 169,984 --a------ C:\WINDOWS\system32\OposRf.DLL
2006-11-19 12:25 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2006-11-19 12:25 <DIR> d-------- C:\Program Files\Style Works 2000 Universal
2006-11-11 14:44 <DIR> d-------- C:\Program Files\PolderbitS
2006-11-11 14:44 <DIR> d-------- C:\Documents and Settings\User\Application Data\Help
2006-11-03 17:16 16,000 --a------ C:\WINDOWS\system32\drivers\XPC4DRVR.SYS
2006-11-03 17:13 333,620 --a------ C:\WINDOWS\system32\drivers\windrvr6.sys
2006-11-03 17:08 <DIR> d-------- C:\Xilinx
2006-11-02 17:58 <DIR> d-------- C:\Program Files\FLVPlayer
2006-11-02 15:18 <DIR> d-------- C:\Program Files\ArtisanDVDPlayer
2006-11-02 14:58 <DIR> d---s---- C:\Documents and Settings\User\UserData
2006-11-02 14:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2006-11-02 14:41 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-01 16:22 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-11-01 16:21 344,064 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2006-11-01 16:21 315,392 --a------ C:\WINDOWS\system32\AegisI5.exe
2006-11-01 16:21 295,018 --a------ C:\WINDOWS\system32\Install7x.dll
2006-11-01 16:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-28 13:36 -------- d-------- C:\Program Files\Common Files
2006-11-27 21:22 -------- d-------- C:\Program Files\Winamp
2006-11-27 21:21 -------- d-------- C:\Program Files\QuickTime
2006-11-27 21:21 -------- d-------- C:\Program Files\MultiKeyboard Driver
2006-11-27 21:16 -------- d-------- C:\Program Files\Internet Explorer
2006-11-27 21:16 -------- d-------- C:\Program Files\ESET
2006-11-27 21:16 -------- d-------- C:\Program Files\EnhanceKeyboard
2006-11-26 22:22 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-06 23:31 -------- d---s---- C:\Documents and Settings\User\Application Data\Microsoft
2006-11-01 19:03 -------- d-------- C:\Documents and Settings\User\Application Data\Identities
2006-11-01 16:21 -------- d-------- C:\Program Files\RALINK
2006-11-01 16:21 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-25 23:37 -------- d-------- C:\Documents and Settings\User\Application Data\Macromedia
2006-10-25 23:36 -------- d-------- C:\Program Files\Google
2006-10-25 22:32 -------- d-------- C:\Program Files\Windows Media Player
2006-10-25 22:09 -------- d-------- C:\Program Files\Samsung ML-2010 Series
2006-10-25 13:31 -------- d-------- C:\Program Files\vanBasco's Karaoke Player
2006-10-25 09:01 -------- d-------- C:\Documents and Settings\User\Application Data\Sun
2006-10-25 08:43 -------- d-------- C:\Program Files\LimeWire
2006-10-25 08:35 -------- d-------- C:\Program Files\Outlook Express
2006-10-25 08:35 -------- d-------- C:\Program Files\Common Files\System
2006-10-25 08:31 -------- d-------- C:\Documents and Settings\User\Application Data\AdobeUM
2006-10-24 21:46 -------- d-------- C:\Documents and Settings\User\Application Data\Adobe
2006-10-24 13:44 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-10-24 13:44 274432 --a------ C:\WINDOWS\system32\imon.dll
2006-10-13 13:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 11:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-07 21:18 -------- d-------- C:\Program Files\Messenger
2006-10-07 21:18 -------- d-------- C:\Program Files\DivX
2006-10-05 18:31 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-05 18:31 -------- d-------- C:\Program Files\Adobe
2006-10-05 18:25 -------- d-------- C:\Program Files\Exact Audio Copy
2006-10-05 18:24 262884 --a------ C:\WINDOWS\IPUI_DivXG400.exe
2006-10-05 18:11 -------- d-------- C:\Documents and Settings\User\Application Data\Media Player Classic
2006-10-05 18:10 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-05 18:10 -------- d-------- C:\Documents and Settings\User\Application Data\Real
2006-10-04 22:39 -------- d-------- C:\Program Files\Common Files\Merge Modules
2006-10-04 22:37 -------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2006-10-04 22:36 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-04 22:34 -------- d-------- C:\Program Files\HTML Help Workshop
2006-10-04 22:34 -------- d-------- C:\Program Files\Common Files\Crystal Decisions
2006-10-04 22:32 -------- d-------- C:\Program Files\Microsoft Office
2006-10-04 21:25 -------- d-------- C:\Program Files\OfficeCenter
2006-10-04 15:59 62 --ahs---- C:\Documents and Settings\User\Application Data\desktop.ini
2006-10-04 15:59 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-04 15:59 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-04 14:53 -------- d-------- C:\Program Files\D-Link ISDN Tools
2006-10-04 14:44 -------- d-------- C:\Documents and Settings\User\Application Data\ATI
2006-10-04 14:42 -------- d-------- C:\Program Files\Common Files\ATI Technologies
2006-10-04 14:41 -------- d-------- C:\Program Files\ATI Technologies
2006-10-04 14:29 -------- d-------- C:\Program Files\Intel
2006-10-04 14:23 -------- d-------- C:\Program Files\Microsoft.NET
2006-10-04 14:23 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-04 14:23 -------- d-------- C:\Program Files\Common Files\L&H
2006-10-04 14:22 -------- d-------- C:\Program Files\Microsoft Works
2006-10-04 14:22 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-10-04 14:22 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-10-04 14:14 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-04 14:09 0 -rahs---- C:\MSDOS.SYS
2006-10-04 14:09 0 -rahs---- C:\IO.SYS
2006-10-04 14:09 0 --a------ C:\CONFIG.SYS
2006-10-04 14:09 0 --a------ C:\AUTOEXEC.BAT
2006-10-04 14:07 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-04 14:06 -------- d-------- C:\Program Files\NetMeeting
2006-10-04 14:06 -------- d-------- C:\Program Files\Movie Maker
2006-10-04 14:06 -------- d-------- C:\Program Files\Common Files\Services
2006-10-04 14:06 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-04 14:05 -------- d-------- C:\Program Files\Online Services
2006-10-04 14:05 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-04 14:04 -------- d-------- C:\Program Files\Windows NT
2006-10-04 14:04 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-04 14:04 -------- d-------- C:\Program Files\MSN
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"USBTA"="C:\\WINDOWS\\system32\\usbtapnp.exe"
"InputSet"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"Samsung Common SM"="\"C:\\WINDOWS\\Samsung\\ComSMMgr\\ssmmgr.exe\" /autorun"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,70,6f,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,\
53,79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,70,6f,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,\
53,79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo "=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoSharedDocuments"=dword:00000001
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=dword:00000001
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo "=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoSharedDocuments"=dword:00000001

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo "=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoSharedDocuments"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-28 13:37:11.20
C:\ComboFix.txt ... 06-11-28 13:37



Logfile of HijackThis v1.99.1
Scan saved at 13:39:43, on 28.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\usbtapnp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EnhanceKeyboard\kb_2k.exe
C:\Program Files\OfficeCenter\Office-Web Center\panel.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\Programi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [USBTA] C:\WINDOWS\system32\usbtapnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: enhanced keyboard driver.lnk = ?
O4 - Global Startup: Office-Web Mouse.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

I think I do mistake. I remove Ipwins in add/remove programs but I think that installed some new viruses. My internet is now really slow and it freezes sometimes. and this is new repoort from panda:


Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\User\Cookies\user@2o7[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\User\Cookies\user@statcounter[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\User\Cookies\user@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User\Desktop\Programi\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User\Desktop\Programi\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User\Desktop\Programi\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

I must told you that after Pand scan my computer works normally, but I don't know 'cos I know that panda isn't desinfect my computer. And I don't know why Panda now told me that Smitrem and Smitfraufix( that one I used before you help me firs time, I it found on net) are hacking tools. I have they yesterday too, but then Panda isn't told me that this is hacking tools.

There's a newer version of Java, version 10:
http://javashoplm.sun.com/ECom/docs/Welcom...sactionId=noreg

Download next tool to a place where you'll find it easily:

http://djlizard.net/Dial-a-fix-2006-09-19.exe

Doubleclick Dial-a-fix-2006-09-19.exe to start the program.
Immediately a window will open with on top: "Dial-A-fix : Restrictive policies"
You'll see registry keys.
Check them all and click the remove button below.
Then click close. This should close the policies window.

Now check the following:
empty temp folders
fix SSL/HTTPS/cryptsvc
programming cores/runtimes
Explorer/IE/OE/shell/WMP

Now, clikc on 'go' and let the tool do his job.

After that, reboot and post me a new log from combofix and tell me how everything is working.

User - 06-11-28 18:37:50,01 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\User\Desktop\Programi"

((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))


2006-11-28 18:34 <DIR> d-------- C:\WINDOWS\temp
2006-11-28 18:34 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-11-28 13:32 <DIR> d-------- C:\Program Files\Java
2006-11-28 13:32 <DIR> d-------- C:\Program Files\Common Files\Java
2006-11-27 20:59 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-11-27 11:37 <DIR> d-------- C:\Program Files\Softwin
2006-11-27 11:27 <DIR> d-------- C:\Program Files\Common Files\Softwin
2006-11-27 10:01 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-27 02:49 <DIR> d-------- C:\WINDOWS\pss
2006-11-27 02:47 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-27 02:47 <DIR> d-------- C:\Program Files\Grisoft
2006-11-27 02:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2006-11-27 02:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\Webroot
2006-11-27 02:17 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-27 02:17 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-27 02:17 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-27 02:17 2,578 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-27 02:17 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-26 22:22 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-11-26 22:22 <DIR> d-------- C:\Documents and Settings\User\Application Data\Mathematica
2006-11-26 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Mathematica
2006-11-26 22:19 <DIR> d-------- C:\Program Files\Wolfram Research
2006-11-24 12:51 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-11-24 12:51 <DIR> d-------- C:\Documents and Settings\User\Application Data\Mozilla
2006-11-23 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-22 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2006-11-22 22:03 <DIR> d-------- C:\Program Files\WinRAR
2006-11-20 12:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\Dev-Cpp
2006-11-20 12:42 <DIR> d-------- C:\Dev-Cpp
2006-11-19 12:25 169,984 --a------ C:\WINDOWS\system32\OposRf.DLL
2006-11-19 12:25 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2006-11-19 12:25 <DIR> d-------- C:\Program Files\Style Works 2000 Universal
2006-11-11 14:44 <DIR> d-------- C:\Program Files\PolderbitS
2006-11-11 14:44 <DIR> d-------- C:\Documents and Settings\User\Application Data\Help
2006-11-03 17:16 16,000 --a------ C:\WINDOWS\system32\drivers\XPC4DRVR.SYS
2006-11-03 17:13 333,620 --a------ C:\WINDOWS\system32\drivers\windrvr6.sys
2006-11-03 17:08 <DIR> d-------- C:\Xilinx
2006-11-02 17:58 <DIR> d-------- C:\Program Files\FLVPlayer
2006-11-02 15:18 <DIR> d-------- C:\Program Files\ArtisanDVDPlayer
2006-11-02 14:58 <DIR> d---s---- C:\Documents and Settings\User\UserData
2006-11-02 14:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2006-11-02 14:41 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-01 16:22 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-11-01 16:21 344,064 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2006-11-01 16:21 315,392 --a------ C:\WINDOWS\system32\AegisI5.exe
2006-11-01 16:21 295,018 --a------ C:\WINDOWS\system32\Install7x.dll
2006-11-01 16:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-28 14:31 -------- d-------- C:\Program Files\Winamp
2006-11-28 14:31 -------- d-------- C:\Program Files\QuickTime
2006-11-28 14:31 -------- d-------- C:\Program Files\MultiKeyboard Driver
2006-11-28 14:25 -------- d-------- C:\Program Files\Internet Explorer
2006-11-28 14:24 -------- d-------- C:\Program Files\ESET
2006-11-28 14:24 -------- d-------- C:\Program Files\EnhanceKeyboard
2006-11-28 13:36 -------- d-------- C:\Program Files\Common Files
2006-11-26 22:22 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-06 23:31 -------- d---s---- C:\Documents and Settings\User\Application Data\Microsoft
2006-11-01 19:03 -------- d-------- C:\Documents and Settings\User\Application Data\Identities
2006-11-01 16:21 -------- d-------- C:\Program Files\RALINK
2006-11-01 16:21 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-25 23:37 -------- d-------- C:\Documents and Settings\User\Application Data\Macromedia
2006-10-25 23:36 -------- d-------- C:\Program Files\Google
2006-10-25 22:32 -------- d-------- C:\Program Files\Windows Media Player
2006-10-25 22:09 -------- d-------- C:\Program Files\Samsung ML-2010 Series
2006-10-25 13:31 -------- d-------- C:\Program Files\vanBasco's Karaoke Player
2006-10-25 09:01 -------- d-------- C:\Documents and Settings\User\Application Data\Sun
2006-10-25 08:43 -------- d-------- C:\Program Files\LimeWire
2006-10-25 08:35 -------- d-------- C:\Program Files\Outlook Express
2006-10-25 08:35 -------- d-------- C:\Program Files\Common Files\System
2006-10-25 08:31 -------- d-------- C:\Documents and Settings\User\Application Data\AdobeUM
2006-10-24 21:46 -------- d-------- C:\Documents and Settings\User\Application Data\Adobe
2006-10-24 13:44 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-10-24 13:44 274432 --a------ C:\WINDOWS\system32\imon.dll
2006-10-13 13:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 11:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-07 21:18 -------- d-------- C:\Program Files\Messenger
2006-10-07 21:18 -------- d-------- C:\Program Files\DivX
2006-10-05 18:31 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-05 18:31 -------- d-------- C:\Program Files\Adobe
2006-10-05 18:25 -------- d-------- C:\Program Files\Exact Audio Copy
2006-10-05 18:24 262884 --a------ C:\WINDOWS\IPUI_DivXG400.exe
2006-10-05 18:11 -------- d-------- C:\Documents and Settings\User\Application Data\Media Player Classic
2006-10-05 18:10 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-05 18:10 -------- d-------- C:\Documents and Settings\User\Application Data\Real
2006-10-04 22:39 -------- d-------- C:\Program Files\Common Files\Merge Modules
2006-10-04 22:37 -------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2006-10-04 22:36 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-04 22:34 -------- d-------- C:\Program Files\HTML Help Workshop
2006-10-04 22:34 -------- d-------- C:\Program Files\Common Files\Crystal Decisions
2006-10-04 22:32 -------- d-------- C:\Program Files\Microsoft Office
2006-10-04 21:25 -------- d-------- C:\Program Files\OfficeCenter
2006-10-04 15:59 62 --ahs---- C:\Documents and Settings\User\Application Data\desktop.ini
2006-10-04 15:59 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-04 15:59 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-04 14:53 -------- d-------- C:\Program Files\D-Link ISDN Tools
2006-10-04 14:44 -------- d-------- C:\Documents and Settings\User\Application Data\ATI
2006-10-04 14:42 -------- d-------- C:\Program Files\Common Files\ATI Technologies
2006-10-04 14:41 -------- d-------- C:\Program Files\ATI Technologies
2006-10-04 14:29 -------- d-------- C:\Program Files\Intel
2006-10-04 14:23 -------- d-------- C:\Program Files\Microsoft.NET
2006-10-04 14:23 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-04 14:23 -------- d-------- C:\Program Files\Common Files\L&H
2006-10-04 14:22 -------- d-------- C:\Program Files\Microsoft Works
2006-10-04 14:22 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-10-04 14:22 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-10-04 14:14 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-04 14:09 0 -rahs---- C:\MSDOS.SYS
2006-10-04 14:09 0 -rahs---- C:\IO.SYS
2006-10-04 14:09 0 --a------ C:\CONFIG.SYS
2006-10-04 14:09 0 --a------ C:\AUTOEXEC.BAT
2006-10-04 14:07 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-04 14:06 -------- d-------- C:\Program Files\NetMeeting
2006-10-04 14:06 -------- d-------- C:\Program Files\Movie Maker
2006-10-04 14:06 -------- d-------- C:\Program Files\Common Files\Services
2006-10-04 14:06 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-04 14:05 -------- d-------- C:\Program Files\Online Services
2006-10-04 14:05 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-04 14:04 -------- d-------- C:\Program Files\Windows NT
2006-10-04 14:04 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-04 14:04 -------- d-------- C:\Program Files\MSN
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"USBTA"="C:\\WINDOWS\\system32\\usbtapnp.exe"
"InputSet"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"Samsung Common SM"="\"C:\\WINDOWS\\Samsung\\ComSMMgr\\ssmmgr.exe\" /autorun"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,70,6f,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,\
53,79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,70,6f,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,\
53,79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoRecentDocsHistory"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo "=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoSharedDocuments"=dword:00000001
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=dword:00000001
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"NoRecentDocsHistory"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo "=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoSharedDocuments"=dword:00000001

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"NoRecentDocsHistory"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo "=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoSharedDocuments"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-28 18:40:19.96
C:\ComboFix.txt ... 06-11-28 18:40


I think that it is better now, but I have stll problems. Some pages it cannot open, and I close explorer and again open, than it works. After I only started to scan with Panda everything works fine.

Can you redo the step with ATF cleaner in safe mode?

Also, run IEfix:
http://windowsxp.mvps.org/utils/IEFix.zip

Now, I had only this problem:

This was copy from IEfix:
""2. When you click a hyperlink in an e-mail message or on a Web page,
or right-click a hyperlink on a Web page and then click "Open in New
Window", you may experience one or more of the following symptoms:

a. Nothing happens
b. The new window may be blank
c. You may receive a scripting error message
""

But I cannot repair 'cos for this need windows xp cd2 service pack, but I don't have it home.

When do you have it?

I have licence for microsoft products from my University in Zagreb (Croatia). It is not so easy to get cd with service pack 2. I think that will be for 2 weeks. But is there another way to repair this?

There's a newer version of Internet Explorer:
http://www.microsoft.com/windows/ie/default.mspx

Do you have the same problem with IE7?

It says that my copy of windows did not pass genuine validation, and I cannot install explorer 7: I tried to reinstall internet explorer 6 but I cannot 'cos it says that I have newer version of internet explorer. I really don't know what to do, I think that I would have to reinstall comlpetly windows xp.

IEXPLORE.EXE is only need to repair with IEfix, can I get it on some way?

Please go HERE (Microsoft website) using Internet Explorer (not Firefox or any other browser as they won't work)

• Click on Windows Validation Assistant
• Click on the Validate Now button.
• Be patient while the ActiveX loads, do not click on any links.
• Read the instructions on this page while it's loading. You will be prompted to install - click YES.
• Enter your product key then click continue
• When it says "Validation Complete" please click Continue to return to your previous activity
• Copy what it says and paste it here.

I will reinstall my windows xp, 'cos I crashed may windows xp. this message I write from my university, 'cos my comp. doesn't work now.

really thank you for help.

Ok, you're welcome anyway.