PDA

View Full Version : Strange internet problems...


badboy70
24-09-08, 14:10
Hey

We have 2 PC's at our house, and min is acting up concerning internet. I cannot use google for some strange reason. I can access the main page but when I search for something it stays on the main page and loading for inifite.
This is both with Firefox and Internet Explorer.
Also, I cannot access any site that aren't in my cookies.
E.g : sonyericsson.com
It also keeps loading for infinite.

I've tried cleaning my browser cookies and stuff but still the same problem.
Commands like renew ip and flush dns in cmd don't seem to working.
ip config works tho.

Edit :
forgot to mention; Each time I boot there's a screen of Spybot asking my if I have to give BM57eb3863.dll permission to change the registry, of course I tell it not to do so. So the " Change in registry denied" message keeps popping up. I've searched for it and it's in my system32 folder, it's a dll and cannot be deleted.
If I use Powerpack to delete the startup item and save, it reappears again when I reopen the list.
Furthermore, there ar more files which appear to stay unticked, but I have a hunch they're all linked to each other.
Look :

http://i34.************/2ed3yv6.jpg

spikejones
24-09-08, 14:47
i suggest you to boot into safe mode (press f8 to get to the boot screen before windows logo comes up). use spybot search and destroy to do a full scan for spyware

do also a full AV scan with AVG (http://free.avg.com/), Avira or other software you may have

before doing that... run ipconfig /all and post a screen shot of it so we can see if you have proper net connection.... being that you are on a network it should not contain any public IP address and is safe to do so.


also run a report of ardiag.exe (http://www.tombraiderhub.com/download/ardiag.exe)

and download AutoRuns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) while you are at it.. not familiar with this powerpack thing

I am a bit unsure of this entry of just letters and numbers..

badboy70
24-09-08, 15:06
http://i35.************/29x7m1g.jpg
nee = no
ja = yes.

Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
N/A
Publisher:
"(Verified) Lavasoft AB"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
Entry name:
lsdelete
Program path & name:
"c:\windows\system32\lsdelete.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
geBstrpQ
Program path & name:
c:\windows\system32\gebstrpq.dll"
Enabled: [V]


Program:
"PermissionResearch"
Publisher:
"(Not verified) TMRG Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
PermissionResearch
Program path & name:
"c:\program files\permissionresearch\prls.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
RelevantKnowledge
Program path & name:
File not found: C:\WINDOWS\system32\rlls.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Control Panel\Desktop\Scrnsave.exe
Entry name:
C:\WINDOWS\system32\DPSM-W~1.SCR
Program path & name:
c:\windows\system32\dpsm - waterfalls.scr"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authenti cation Packages
Entry name:
C:\WINDOWS\system32\efcYPfGv
Program path & name:
c:\windows\system32\efcypfgv.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
NL MSAFD Tcpip [TCP/IP]
Program path & name:
c:\program files\netlimiter\nl_lsp.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
NL MSAFD Tcpip [UDP/IP]
Program path & name:
c:\program files\netlimiter\nl_lsp.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
NL MSAFD Tcpip [RAW/IP]
Program path & name:
c:\program files\netlimiter\nl_lsp.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
NL RSVP UDP Service Provider
Program path & name:
c:\program files\netlimiter\nl_lsp.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
NL RSVP TCP Service Provider
Program path & name:
c:\program files\netlimiter\nl_lsp.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9
Entry name:
NL LSP
Program path & name:
c:\program files\netlimiter\nl_lsp.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
C:\program
Program path & name:
File not found: C:\program"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
files\permissionresearch\prai.dll
Program path & name:
File not found: files\permissionresearch\prai.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
ezhpwv.dll
Program path & name:
c:\windows\system32\ezhpwv.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
mdpjpf.dll
Program path & name:
c:\windows\system32\mdpjpf.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
bxugwi.dll
Program path & name:
File not found: bxugwi.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
nmofye.dll
Program path & name:
c:\windows\system32\nmofye.dll"
Enabled: [V]


Program:
"HPHmon05"
Publisher:
"(Not verified) Hewlett-Packard"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HPHmon05
Program path & name:
"c:\windows\system32\hphmon05.exe"
Enabled: [V]


Program:
"NeroCheck"
Publisher:
"(Not verified) Ahead Software Gmbh"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NeroFilterCheck
Program path & name:
"c:\windows\system32\nerocheck.exe"
Enabled: [V]


Program:
"LiveUpdate Notice Service"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Symantec PIF AlertEng
Program path & name:
"c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
JMB36X IDE Setup
Program path & name:
c:\windows\jm\jminside.exe"
Enabled: [V]


Program:
"JMicron JMB36X RAID Configurer"
Publisher:
"(Not verified) JMicron Technology Corp."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
JMB36X Configure
Program path & name:
"c:\windows\system32\jmraidsetup.exe"
Enabled: [V]


Program:
"AVG Tray Monitor"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AVG8_TRAY
Program path & name:
"c:\program files\avg\avg8\avgtray.exe"
Enabled: [V]


Program:
"NVIDIA Display Properties Extension"
Publisher:
"(Not verified) NVIDIA Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NvCplDaemon
Program path & name:
"c:\windows\system32\nvcpl.dll"
Enabled: [V]


Program:
"NVIDIA nView Wizard
Publisher:
Version 120.60 "
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
nwiz
Program path & name:
"(Verified) NVIDIA Corporation""c:\windows\system32\nwiz.exe"
Enabled: [V]


Program:
"Google Desktop"
Publisher:
"(Verified) Google Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Google Desktop Search
Program path & name:
"c:\program files\google\google desktop search\googledesktop.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Computer Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
"Corel File Shell Monitor"
Publisher:
"(Verified) Corel Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Corel File Shell Monitor
Program path & name:
"f:\program files\corel\corel paint shop pro photo x2\coreliomonitor.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Silent Fear Internet Radio
Program path & name:
File not found: rem"
Enabled: [V]


Program:
"RealNetworks Scheduler"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
TkBellExe
Program path & name:
"c:\program files\common files\real\update_ob\realsched.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Corel Photo Downloader
Program path & name:
File not found: C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
UnlockerAssistant
Program path & name:
f:\program files\unlocker\unlockerassistant.exe"
Enabled: [V]


Program:
"NVIDIA Media Center Library"
Publisher:
"(Not verified) NVIDIA Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NvMediaCenter
Program path & name:
"c:\windows\system32\nvmctray.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
BM57eb3863
Program path & name:
c:\windows\system32\sabvrpuc.dll"
Enabled: [V]


Program:
"HPCETIUI Protocol Handler Module"
Publisher:
"(Not verified) Hewlett-Packard Company"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
cetihpz
Program path & name:
"c:\program files\hp\hpcoretech\comp\hpuiprot.dll"
Enabled: [V]


Program:
"Safe Search pluggable protocol"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
linkscanner
Program path & name:
"c:\program files\avg\avg8\avgpp.dll"
Enabled: [V]


Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ms-itss
Program path & name:
"c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: file:///C:/DOCUME~1/HANSRU~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
1
Program path & name:
File not found: About:Home"
Enabled: [V]


Program:
"Adobe Acrobat SpeedLauncher"
Publisher:
"(Not verified) Adobe Systems Incorporated"
Entry path:
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten
Entry name:
Adobe Reader Speed Launch.lnk
Program path & name:
"c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Silent Fear Internet Radio
Program path & name:
File not found: rem"
Enabled: [V]


Program:
"EA Download Manager"
Publisher:
"(Not verified) Electronic Arts"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
EA Core
Program path & name:
"c:\program files\electronic arts\eadm\core.exe"
Enabled: [V]


Program:
"System settings protector"
Publisher:
"(Verified) Safer Networking Ltd."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
SpybotSD TeaTimer
Program path & name:
"c:\program files\spybot - search & destroy\teatimer.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Reader Link Helper
Program path & name:
File not found: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
Enabled: [V]


Program:
"RealPlayer Download and Record Plugin for Internet Explorer"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
RealPlayer Download and Record Plugin for Internet Explorer
Program path & name:
"c:\program files\real\realplayer\rpbrowserrecordplugin.dll"
Enabled: [V]


Program:
"BitCometBHO"
Publisher:
"(Verified) Comet Network Technology Co Ltd."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
BitComet Helper
Program path & name:
"c:\program files\bitcomet\tools\bitcometbho_1.1.6.14.dll"
Enabled: [V]


Program:
"Safe Search for Internet Explorer"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AVG Safe Search
Program path & name:
"c:\program files\avg\avg8\avgssie.dll"
Enabled: [V]


Program:
"Morpheus Toolbar"
Publisher:
"(Not verified) Morpheus"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
MorpheusToolbar BHO
Program path & name:
"c:\program files\morpheusbar\bar\1.bin\morphbar.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{41C29F21-1DF0-4F9C-974C-3FAA52A29487}
Program path & name:
c:\windows\system32\efcypfgv.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{487C9905-26A8-42C8-8033-C58AD3D2AEC3}
Program path & name:
c:\windows\system32\gebstrpq.dll"
Enabled: [V]


Program:
"MegaUpload Toolbar"
Publisher:
"(Verified) Megaupload Limited"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
MEGAUPLOADTOOLBAR
Program path & name:
"c:\program files\megauploadtoolbar\megauploadtoolbar.dll"
Enabled: [V]


Program:
"SBSD IE Protection"
Publisher:
"(Verified) Safer Networking Ltd."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Spybot-S&D IE Protection
Program path & name:
"c:\program files\spybot - search & destroy\sdhelper.dll"
Enabled: [V]


Program:
"GetTubeVideo IE Plugin"
Publisher:
"(Not verified) BitCrowd"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
GetTubeVideoObj Class
Program path & name:
"f:\program files\gettubevideo\gettubevideo.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.6.0_01\bin\ssv.dll"
Enabled: [V]


Program:
"Mega Manager IE Click Catcher"
Publisher:
"(Not verified) Megaupload Limited"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
IeMonitorBho Class
Program path & name:
"c:\program files\megaupload\mega manager\megaiemn.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{c4738732-b4ea-42fc-b36a-9c2b9bda7cef}
Program path & name:
c:\windows\system32\nmofye.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
gebstrpq.dll
Program path & name:
c:\windows\system32\gebstrpq.dll"
Enabled: [V]


Program:
"iTunes Mini Player DLL"
Publisher:
"(Not verified) Apple Computer Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iTunes
Program path & name:
"c:\program files\itunes\itunesminiplayer.dll"
Enabled: [V]


Program:
"WinZip Shell Extension DLL"
Publisher:
"(Not verified) WinZip Computing LP"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinZip
Program path & name:
"c:\program files\winzip\wzshlstb.dll"
Enabled: [V]


Program:
"WinZip Shell Extension DLL"
Publisher:
"(Not verified) WinZip Computing LP"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinZip
Program path & name:
"c:\program files\winzip\wzshlstb.dll"
Enabled: [V]


Program:
"WinZip Shell Extension DLL"
Publisher:
"(Not verified) WinZip Computing LP"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinZip
Program path & name:
"c:\program files\winzip\wzshlstb.dll"
Enabled: [V]


Program:
"WinZip Shell Extension DLL"
Publisher:
"(Not verified) WinZip Computing LP"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinZip
Program path & name:
"c:\program files\winzip\wzshlstb.dll"
Enabled: [V]


Program:
"RealPlayer Shell Extensions"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Extensions for RealOne Player
Program path & name:
"c:\program files\real\realplayer\rpshell.dll"
Enabled: [V]


Program:
"ddsView Module"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ddsExtractor Class
Program path & name:
c:\program files\nvidia corporation\dds thumbnail viewer\ddsview.dll"
Enabled: [V]


Program:
"AVG Shell Extension"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
AVG8 Shell Extension
Program path & name:
"c:\program files\avg\avg8\avgse.dll"
Enabled: [V]


Program:
"ShellExt Module"
Publisher:
"(Not verified) DataNumen Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ARAR Context Menu Shell Extension
Program path & name:
"c:\program files\arar\ararshl.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
TotalConverter Context Menu Shell Extension
Program path & name:
c:\program files\totalaudioconverter\axtotalconverter.dll"
Enabled: [V]


Program:
"NVIDIA Display Properties Extension"
Publisher:
"(Not verified) NVIDIA Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
NvCpl DesktopContext Class
Program path & name:
"c:\windows\system32\nvcpl.dll"
Enabled: [V]


Program:
"NVIDIA Desktop Explorer
Publisher:
Version 120.60 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Desktop Explorer
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nvshell.dll"
Enabled: [V]


Program:
"NVIDIA Desktop Explorer
Publisher:
Version 120.60 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Desktop Explorer Menu
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nvshell.dll"
Enabled: [V]


Program:
"NVIDIA Desktop Explorer
Publisher:
Version 120.60 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
nView Desktop Context Menu
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nvshell.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
"7-Zip Shell Extension"
Publisher:
"(Not verified) Igor Pavlov"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
7-Zip Shell Extension
Program path & name:
"c:\program files\7-zip\7-zip.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
UnlockerShellExtension
Program path & name:
f:\program files\unlocker\unlockercom.dll"
Enabled: [V]


Program:
"NVIDIA Display Properties Extension"
Publisher:
"(Not verified) NVIDIA Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Play on my TV helper
Program path & name:
"c:\windows\system32\nvcpl.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll"
Enabled: [V]


Program:
"MegaUpload Toolbar"
Publisher:
"(Verified) Megaupload Limited"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:

Program path & name:
"c:\program files\megauploadtoolbar\megauploadtoolbar.dll"
Enabled: [V]


Program:
"Morpheus Toolbar"
Publisher:
"(Not verified) Morpheus"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
morphbar.dll
Program path & name:
"c:\program files\morpheusbar\bar\1.bin\morphbar.dll"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
yt.dll
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn\yt.dll"
Enabled: [V]



Tweaknow Powerpack is a AIO tool :)

Yep, that's why I put a red box around them :)

EscondeR
24-09-08, 19:12
Boot in Safe Mode.
Run Autoruns (http://technet.microsoft.com/ru-ru/sysinternals/bb963902(en-us).aspx) and kill those entries:


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
geBstrpQ
Program path & name:
c:\windows\system32\gebstrpq.dll"
Enabled: [V]


Program:
"PermissionResearch"
Publisher:
"(Not verified) TMRG Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
PermissionResearch
Program path & name:
"c:\program files\permissionresearch\prls.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
RelevantKnowledge
Program path & name:
File not found: C:\WINDOWS\system32\rlls.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Control Panel\Desktop\Scrnsave.exe
Entry name:
C:\WINDOWS\system32\DPSM-W~1.SCR
Program path & name:
c:\windows\system32\dpsm - waterfalls.scr"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authenti cation Packages
Entry name:
C:\WINDOWS\system32\efcYPfGv
Program path & name:
c:\windows\system32\efcypfgv.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
C:\program
Program path & name:
File not found: C:\program"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
files\permissionresearch\prai.dll
Program path & name:
File not found: files\permissionresearch\prai.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
ezhpwv.dll
Program path & name:
c:\windows\system32\ezhpwv.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
mdpjpf.dll
Program path & name:
c:\windows\system32\mdpjpf.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
bxugwi.dll
Program path & name:
File not found: bxugwi.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
nmofye.dll
Program path & name:
c:\windows\system32\nmofye.dll"
Enabled: [V]


Program:
"NeroCheck"
Publisher:
"(Not verified) Ahead Software Gmbh"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NeroFilterCheck
Program path & name:
"c:\windows\system32\nerocheck.exe"
Enabled: [V]


Program:
"Google Desktop"
Publisher:
"(Verified) Google Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Google Desktop Search
Program path & name:
"c:\program files\google\google desktop search\googledesktop.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Computer Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Silent Fear Internet Radio
Program path & name:
File not found: rem"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Corel Photo Downloader
Program path & name:
File not found: C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
BM57eb3863
Program path & name:
c:\windows\system32\sabvrpuc.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: file:///C:/DOCUME~1/HANSRU~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Silent Fear Internet Radio
Program path & name:
File not found: rem"
Enabled: [V]


Program:
"BitCometBHO"
Publisher:
"(Verified) Comet Network Technology Co Ltd."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
BitComet Helper
Program path & name:
"c:\program files\bitcomet\tools\bitcometbho_1.1.6.14.dll"
Enabled: [V]


Program:
"Morpheus Toolbar"
Publisher:
"(Not verified) Morpheus"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
MorpheusToolbar BHO
Program path & name:
"c:\program files\morpheusbar\bar\1.bin\morphbar.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{41C29F21-1DF0-4F9C-974C-3FAA52A29487}
Program path & name:
c:\windows\system32\efcypfgv.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{487C9905-26A8-42C8-8033-C58AD3D2AEC3}
Program path & name:
c:\windows\system32\gebstrpq.dll"
Enabled: [V]


Program:
"MegaUpload Toolbar"
Publisher:
"(Verified) Megaupload Limited"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
MEGAUPLOADTOOLBAR
Program path & name:
"c:\program files\megauploadtoolbar\megauploadtoolbar.dll"
Enabled: [V]


Program:
"GetTubeVideo IE Plugin"
Publisher:
"(Not verified) BitCrowd"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
GetTubeVideoObj Class
Program path & name:
"f:\program files\gettubevideo\gettubevideo.dll"
Enabled: [V]


Program:
"Mega Manager IE Click Catcher"
Publisher:
"(Not verified) Megaupload Limited"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
IeMonitorBho Class
Program path & name:
"c:\program files\megaupload\mega manager\megaiemn.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{c4738732-b4ea-42fc-b36a-9c2b9bda7cef}
Program path & name:
c:\windows\system32\nmofye.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
gebstrpq.dll
Program path & name:
c:\windows\system32\gebstrpq.dll"
Enabled: [V]


Program:
"ShellExt Module"
Publisher:
"(Not verified) DataNumen Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ARAR Context Menu Shell Extension
Program path & name:
"c:\program files\arar\ararshl.dll"
Enabled: [V]


Program:
"MegaUpload Toolbar"
Publisher:
"(Verified) Megaupload Limited"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:

Program path & name:
"c:\program files\megauploadtoolbar\megauploadtoolbar.dll"
Enabled: [V]


Program:
"Morpheus Toolbar"
Publisher:
"(Not verified) Morpheus"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
morphbar.dll
Program path & name:
"c:\program files\morpheusbar\bar\1.bin\morphbar.dll"
Enabled: [V]


Program:
"Yahoo! Toolbar"
Publisher:
"(Verified) Yahoo! Inc."
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
yt.dll
Program path & name:
"c:\program files\yahoo!\companion\installs\cpn\yt.dll"
Enabled: [V]

badboy70
24-09-08, 19:20
Will do tomorrow :)

badboy70
27-09-08, 14:30
Posting from Safe Mode. I deleted all the entries you gave me :)
I will let AVG do a full system scan now.

all works now ( I did the scan in safe mode ) :D