# Logfile of HijackThis v1.99.1
# Scan saved at 20:37:47, on 2007-04-05
# Platform: Windows XP (WinNT 5.01.2600)
# MSIE: Internet Explorer v6.00 (6.00.2600.0000)
#
# Running processes:
# C:\WINDOWS\System32\smss.exe
# C:\WINDOWS\system32\winlogon.exe
# C:\WINDOWS\system32\services.exe
# C:\WINDOWS\system32\lsass.exe
# C:\WINDOWS\system32\svchost.exe
# C:\WINDOWS\System32\svchost.exe
# C:\WINDOWS\system32\spoolsv.exe
# C:\WINDOWS\Explorer.EXE
# C:\WINDOWS\soundman.exe
# C:\WINDOWS\System32\RUNDLL32.EXE
# C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
# C:\PROGRA~1\NEOSTR~1\CnxMon.exe
# C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
# C:\WINDOWS\System32\ctfmon.exe
# C:\PROGRA~1\WapSter\AQQ\AQQ.exe
# C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
# C:\FRAPS\FRAPS.EXE
# C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
# C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
# C:\WINDOWS\ATKKBService.exe
# C:\Program Files\Alwil Software\Avast4\ashServ.exe
# C:\PROGRA~1\CACHEM~1\CachemanXP.exe
# C:\WINDOWS\System32\nvsvc32.exe
# C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
# C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
# C:\PROGRA~1\NEOSTR~1\ComComp.exe
# C:\PROGRA~1\NEOSTR~1\Watch.exe
# C:\Documents and Settings\Admin.KACZMARE-VUAW0L\Pulpit\HijackThis.exe
#
# R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
# R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
# R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
# R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
# O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
# O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
# O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
# O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
# O4 - HKLM\..\Run: [SoundMan] soundman.exe
# O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
# O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
# O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
# O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
# O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
# O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
# O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
# O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
# O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
# O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
# O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
# O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe
# O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
# O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
# O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
# O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
# O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
# O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
# O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
# O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
# O17 - HKLM\System\CCS\Services\Tcpip\..\{ED1847A0-A773-4D42-9026-ED489558CFF7}: NameServer = 194.204.159.1 217.98.63.164
# O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
# O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
# O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
# O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
# O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
# O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
# O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
# O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
#
# "Silent Runners.vbs", revision R50, http://www.silentrunners.org/
# Operating System: Windows XP
# Output limited to non-default values, except where indicated by "{++}"
#
#
# Startup items buried in registry:
# ---------------------------------
#
# HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
# "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
# "AQQ" = "C:\PROGRA~1\WapSter\AQQ\AQQ.exe" ["AQQ Sp. z o.o."]
# "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
# "Fraps" = "C:\FRAPS\FRAPS.EXE" ["Beepa P/L"]
#
# HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
# "SoundMan" = "soundman.exe" ["Avance Logic, Inc."]
# "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
# "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
# "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
# "DownloadAccelerator" = ""C:\Program Files\DAP\DAP.EXE" /STARTUP" ["Speedbit Ltd."]
# "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
# "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
# "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
# "WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
# "WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
# "WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]
#
# HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
# {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
# -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
# {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
# -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
# \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
#
# HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
# "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
# -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
# \InProcServer32\(Default) = "deskpan.dll" [file not found]
# "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
# -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
# \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
# "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
# -> {HKLM...CLSID} = "DesktopContext Class"
# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
# "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
# -> {HKLM...CLSID} = "NVIDIA CPL Extension"
# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
# "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
# -> {HKLM...CLSID} = "Desktop Explorer"
# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
# "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
# -> {HKLM...CLSID} = (no title provided)
# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
# "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
# -> {HKLM...CLSID} = "nView Desktop Context Menu"
# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
# "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
# -> {HKLM...CLSID} = "WinRAR"
# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
# "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
# -> {HKLM...CLSID} = "avast"
# \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
# "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
# -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
# \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
# "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
# -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
# \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
# "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
# -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
# \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
#
# HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
# {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
# -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
# \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
# {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
# -> {HKLM...CLSID} = "PDF Shell Extension"
# \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
#
# HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
# avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
# -> {HKLM...CLSID} = "avast"
# \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
# Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
# -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
# \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
# DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
# -> {HKLM...CLSID} = "DAPMenuShellExt Class"
# \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
# WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
# -> {HKLM...CLSID} = "WinRAR"
# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
#
# HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
# DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
# -> {HKLM...CLSID} = "DAPMenuShellExt Class"
# \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
# WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
# -> {HKLM...CLSID} = "WinRAR"
# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
#
# HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
# avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
# -> {HKLM...CLSID} = "avast"
# \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
# WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
# -> {HKLM...CLSID} = "WinRAR"
# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
#
#
# Group Policies {GPedit.msc branch and setting}:
# -----------------------------------------------
#
# Note: detected settings may not have any effect.
#
# HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
#
# "NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
# {unrecognized setting}
#
# HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
#
# "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
# {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
# Shutdown: Allow system to be shut down without having to log on}
#
# "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
# {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
# Devices: Allow undock without having to log on}
#
#
# Active Desktop and Wallpaper:
# -----------------------------
#
# Active Desktop may be disabled at this entry:
# HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
#
# Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
# HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
# "Wallpaper" = "C:\Documents and Settings\Admin.KACZMARE-VUAW0L\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
#
# Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
# HKCU\Control Panel\Desktop\
# "Wallpaper" = "C:\Documents and Settings\Admin.KACZMARE-VUAW0L\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
#
#
# Enabled Screen Saver:
# ---------------------
#
# HKCU\Control Panel\Desktop\
# "SCRNSAVE.EXE" = "C:\WINDOWS\SQUAD1~1.SCR" (Squad 1024x768.scr) [empty string]
#
#
# Startup items in "Admin" & "All Users" startup folders:
# -------------------------------------------------------
#
# C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
# "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
# "Adobe Reader Synchronizer" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe" [null data]
# "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]
#
#
# Winsock2 Service Provider DLLs:
# -------------------------------
#
# Namespace Service Providers
#
# HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
# 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
# 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
# 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
#
# Transport Service Providers
#
# HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
# 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
# %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
# %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
#
#
# Toolbars, Explorer Bars, Extensions:
# ------------------------------------
#
# Toolbars
#
# HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
# "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
# -> {HKLM...CLSID} = "Yahoo! Toolbar"
# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
#
# HKLM\Software\Microsoft\Internet Explorer\Toolbar\
# "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
# -> {HKLM...CLSID} = "Yahoo! Toolbar"
# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
#
# Explorer Bars
#
# HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
#
# HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
# Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
# InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
#
# HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
# Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
# InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
#
# HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
# Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
# InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
#
#
# Miscellaneous IE Hijack Points
# ------------------------------
#
# HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
# <> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*d" (unwritable string)
# -> {HKLM...CLSID} = "Yahoo! Toolbar"
# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
# <> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
# -> {HKLM...CLSID} = "Search Class"
# \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]
#
#
# Running Services (Display Name, Service Name, Path {Service DLL}):
# ------------------------------------------------------------------
#
# ATK Keyboard Service, ATKKeyboardService, "C:\WINDOWS\ATKKBService.exe" ["ASUSTeK COMPUTER INC."]
# avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
# avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
# avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
# CachemanXP, CachemanXPService, "C:\PROGRA~1\CACHEM~1\CachemanXP.exe" ["OuterTechnologies"]
# NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
# Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
#
#
# ----------
# <>: Suspicious data at a browser hijack point.
#
# + This report excludes default entries except where indicated.
# + To see *everywhere* the script checks and *everything* it finds,
# launch it from a command prompt or a shortcut with the -all parameter.
# + To search all directories of local fixed drives for DESKTOP.INI
# DLL launch points, use the -supp parameter or answer "No" at the
# first message box and "Yes" at the second message box.
# ---------- (total run time: 109 seconds, including 17 seconds for message boxes)
Złączono Posta : 05.04.2007 (Czw) 22:05
# Logfile of HijackThis v1.99.1
# Scan saved at 20:37:47, on 2007-04-05
# Platform: Windows XP (WinNT 5.01.2600)
# MSIE: Internet Explorer v6.00 (6.00.2600.0000)
#
# Running processes:
# C:\WINDOWS\System32\smss.exe
# C:\WINDOWS\system32\winlogon.exe
# C:\WINDOWS\system32\services.exe
# C:\WINDOWS\system32\lsass.exe
# C:\WINDOWS\system32\svchost.exe
# C:\WINDOWS\System32\svchost.exe
# C:\WINDOWS\system32\spoolsv.exe
# C:\WINDOWS\Explorer.EXE
# C:\WINDOWS\soundman.exe
# C:\WINDOWS\System32\RUNDLL32.EXE
# C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
# C:\PROGRA~1\NEOSTR~1\CnxMon.exe
# C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
# C:\WINDOWS\System32\ctfmon.exe
# C:\PROGRA~1\WapSter\AQQ\AQQ.exe
# C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
# C:\FRAPS\FRAPS.EXE
# C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
# C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
# C:\WINDOWS\ATKKBService.exe
# C:\Program Files\Alwil Software\Avast4\ashServ.exe
# C:\PROGRA~1\CACHEM~1\CachemanXP.exe
# C:\WINDOWS\System32\nvsvc32.exe
# C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
# C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
# C:\PROGRA~1\NEOSTR~1\ComComp.exe
# C:\PROGRA~1\NEOSTR~1\Watch.exe
# C:\Documents and Settings\Admin.KACZMARE-VUAW0L\Pulpit\HijackThis.exe
#
# R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
# R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
# R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
# R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
# O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
# O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
# O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
# O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
# O4 - HKLM\..\Run: [SoundMan] soundman.exe
# O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
# O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
# O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
# O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
# O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
# O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
# O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
# O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
# O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
# O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
# O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
# O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe
# O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
# O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
# O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
# O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
# O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
# O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
# O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
# O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
# O17 - HKLM\System\CCS\Services\Tcpip\..\{ED1847A0-A773-4D42-9026-ED489558CFF7}: NameServer = 194.204.159.1 217.98.63.164
# O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
# O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
# O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
# O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
# O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
# O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
# O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
# O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
#
# "Silent Runners.vbs", revision R50, http://www.silentrunners.org/
# Operating System: Windows XP
# Output limited to non-default values, except where indicated by "{++}"
#
#
# Startup items buried in registry:
# ---------------------------------
#
# HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
# "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
# "AQQ" = "C:\PROGRA~1\WapSter\AQQ\AQQ.exe" ["AQQ Sp. z o.o."]
# "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
# "Fraps" = "C:\FRAPS\FRAPS.EXE" ["Beepa P/L"]
#
# HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
# "SoundMan" = "soundman.exe" ["Avance Logic, Inc."]
# "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
# "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
# "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
# "DownloadAccelerator" = ""C:\Program Files\DAP\DAP.EXE" /STARTUP" ["Speedbit Ltd."]
# "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
# "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
# "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
# "WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
# "WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
# "WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]
#
# HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
# {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
# -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
# {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
# -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
# \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
#
# HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
# "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
# -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
# \InProcServer32\(Default) = "deskpan.dll" [file not found]
# "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
# -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
# \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
# "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
# -> {HKLM...CLSID} = "DesktopContext Class"
# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
# "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
# -> {HKLM...CLSID} = "NVIDIA CPL Extension"
# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
# "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
# -> {HKLM...CLSID} = "Desktop Explorer"
# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
# "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
# -> {HKLM...CLSID} = (no title provided)
# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
# "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
# -> {HKLM...CLSID} = "nView Desktop Context Menu"
# \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
# "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
# -> {HKLM...CLSID} = "WinRAR"
# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
# "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
# -> {HKLM...CLSID} = "avast"
# \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
# "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
# -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
# \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
# "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
# -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
# \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
# "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
# -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
# \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
#
# HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
# {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
# -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
# \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
# {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
# -> {HKLM...CLSID} = "PDF Shell Extension"
# \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
#
# HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
# avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
# -> {HKLM...CLSID} = "avast"
# \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
# Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
# -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
# \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
# DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
# -> {HKLM...CLSID} = "DAPMenuShellExt Class"
# \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
# WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
# -> {HKLM...CLSID} = "WinRAR"
# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
#
# HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
# DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
# -> {HKLM...CLSID} = "DAPMenuShellExt Class"
# \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
# WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
# -> {HKLM...CLSID} = "WinRAR"
# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
#
# HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
# avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
# -> {HKLM...CLSID} = "avast"
# \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
# WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
# -> {HKLM...CLSID} = "WinRAR"
# \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
#
#
# Group Policies {GPedit.msc branch and setting}:
# -----------------------------------------------
#
# Note: detected settings may not have any effect.
#
# HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
#
# "NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
# {unrecognized setting}
#
# HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
#
# "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
# {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
# Shutdown: Allow system to be shut down without having to log on}
#
# "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
# {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
# Devices: Allow undock without having to log on}
#
#
# Active Desktop and Wallpaper:
# -----------------------------
#
# Active Desktop may be disabled at this entry:
# HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
#
# Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
# HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
# "Wallpaper" = "C:\Documents and Settings\Admin.KACZMARE-VUAW0L\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
#
# Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
# HKCU\Control Panel\Desktop\
# "Wallpaper" = "C:\Documents and Settings\Admin.KACZMARE-VUAW0L\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
#
#
# Enabled Screen Saver:
# ---------------------
#
# HKCU\Control Panel\Desktop\
# "SCRNSAVE.EXE" = "C:\WINDOWS\SQUAD1~1.SCR" (Squad 1024x768.scr) [empty string]
#
#
# Startup items in "Admin" & "All Users" startup folders:
# -------------------------------------------------------
#
# C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
# "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
# "Adobe Reader Synchronizer" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe" [null data]
# "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]
#
#
# Winsock2 Service Provider DLLs:
# -------------------------------
#
# Namespace Service Providers
#
# HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
# 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
# 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
# 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
#
# Transport Service Providers
#
# HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
# 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
# %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
# %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
#
#
# Toolbars, Explorer Bars, Extensions:
# ------------------------------------
#
# Toolbars
#
# HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
# "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
# -> {HKLM...CLSID} = "Yahoo! Toolbar"
# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
#
# HKLM\Software\Microsoft\Internet Explorer\Toolbar\
# "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
# -> {HKLM...CLSID} = "Yahoo! Toolbar"
# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
#
# Explorer Bars
#
# HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
#
# HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
# Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
# InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
#
# HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
# Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
# InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
#
# HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
# Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
# InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]
#
#
# Miscellaneous IE Hijack Points
# ------------------------------
#
# HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
# <> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*d" (unwritable string)
# -> {HKLM...CLSID} = "Yahoo! Toolbar"
# \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
# <> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
# -> {HKLM...CLSID} = "Search Class"
# \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]
#
#
# Running Services (Display Name, Service Name, Path {Service DLL}):
# ------------------------------------------------------------------
#
# ATK Keyboard Service, ATKKeyboardService, "C:\WINDOWS\ATKKBService.exe" ["ASUSTeK COMPUTER INC."]
# avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
# avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
# avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
# CachemanXP, CachemanXPService, "C:\PROGRA~1\CACHEM~1\CachemanXP.exe" ["OuterTechnologies"]
# NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
# Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
#
#
# ----------
# <>: Suspicious data at a browser hijack point.
#
# + This report excludes default entries except where indicated.
# + To see *everywhere* the script checks and *everything* it finds,
# launch it from a command prompt or a shortcut with the -all parameter.
# + To search all directories of local fixed drives for DESKTOP.INI
# DLL launch points, use the -supp parameter or answer "No" at the
# first message box and "Yes" at the second message box.
# ---------- (total run time: 109 seconds, including 17 seconds for message boxes)