|
|
|
Please help! Cannot drag and drop anything(w/ hijack log)
|
|
|
bdizzle
Junior Member
|
2. January 2007 @ 07:03 |
Link to this message
|
For some reason, I have lost the ability to drag and drop icons on my desktop, files that are within folders, anything from anywhere to anywhere does not work. I've made sure that drag and drop is enabled. I've tried adding a draganddropfix.reg to the registry editor but to no avail. I appreciate any and all help, thank you
here is the HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 9:06:33 AM, on 1/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\BDogTheHog\Application Data\?ssembly\d?xplore.exe
C:\DOCUME~1\BDOGTH~1\APPLIC~1\WNSXS~1\wowexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trillian\Trillian\trillian.exe
C:\Documents and Settings\BDogTheHog\Desktop\C drive\Installed\HijackThis.exe
R3 - URLSearchHook: (no name) - {29FB11D3-DE4E-DDCA-6F8C-84AD7C0BB5C0} - C:\WINDOWS\system32\iujgesei.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29FB11D3-DE4E-DDCA-6F8C-84AD7C0BB5C0} - C:\WINDOWS\system32\iujgesei.dll (file missing)
O2 - BHO: DittoSideBar - {2E4136F6-A927-4337-8178-B7EBC309EFC4} - C:\Program Files\DittoSideBar\Dsb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {998AC6D4-0C4E-0593-63E4-52800F4B52C0} - C:\WINDOWS\system32\svyimn.dll (file missing)
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [WPA] regedit.exe /s WXMCE_WPA_CRACK.reg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\Sys\Explorer.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tpns] "C:\PROGRA~1\YSTEM3~1\spoolsv.exe" -vt mt
O4 - HKCU\..\Run: [Ctes] "C:\WINDOWS\system32\PPATCH~1\alg.exe" -vt yax
O4 - HKCU\..\Run: [Bmw] C:\Documents and Settings\BDogTheHog\Application Data\?ssembly\d?xplore.exe
O4 - HKCU\..\Run: [Ewob] "C:\DOCUME~1\BDOGTH~1\APPLIC~1\WNSXS~1\wowexec.exe" -vt ndrv
O4 - HKCU\..\Run: [Xfsl] C:\Program Files\?racle\??anregw.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1140551113552
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O20 - AppInit_DLLs: explorer.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: winauc32 - winauc32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
This message has been edited since posting. Last time this message was edited on 2. January 2007 @ 07:10
|
|
Advertisement
|
 |
|
|
Senior Member
|
3. January 2007 @ 20:11 |
Link to this message
|
Hello bdizzle and welcome to aD!
Please download ComboFix.exe to the desktop from here
Open ComboFix.exe and follow the prompts.
Note: Do not mouseclick ComboFix's window while it's running, it may cause it to stall.
When finished, it will produce a log for you. Post that log in your next reply along with a new HijackThis log.
This message has been edited since posting. Last time this message was edited on 3. January 2007 @ 20:12
|
|
bdizzle
Junior Member
|
4. January 2007 @ 11:25 |
Link to this message
|
Hey Niobis, thnx for the reply, here are the goods..
Combo Fix Log:
BDogTheHog - 07-01-04 13:08:14.14 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\BDogTheHog\Desktop\kill the virus"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\CROSOF~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\DOBE~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\ECURIT~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\FNTS~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\ICROSO~1.NET
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\PPATCH~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\PPPATC~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\RACLE~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\SKS~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\SSEMBL~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\SSTEM~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\STEM~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\YSTEM3~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\Application Data\SSEMBL~1\d?xplore.exe
C:\QooBox\Purity\Documents and Settings\BDogTheHog\My Documents\ASEMBL~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\My Documents\CROSOF~1.NET
C:\QooBox\Purity\Documents and Settings\BDogTheHog\My Documents\CURITY~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\My Documents\FNTS~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\My Documents\ICROSO~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\My Documents\MCROSO~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\My Documents\MCROSO~1.NET
C:\QooBox\Purity\Documents and Settings\BDogTheHog\My Documents\RACLE~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\My Documents\SEMBLY~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\My Documents\SKS~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\My Documents\SMBOLS~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\My Documents\SSTEM3~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\My Documents\WNSXS~1
C:\QooBox\Purity\Documents and Settings\BDogTheHog\My Documents\YMBOLS~1
C:\QooBox\Purity\Program Files\ICROSO~1
C:\QooBox\Purity\Program Files\ICROSO~1.NET
C:\QooBox\Purity\Program Files\ICROSO~2
C:\QooBox\Purity\Program Files\RACLE~1
C:\QooBox\Purity\Program Files\SCURIT~1
C:\QooBox\Purity\Program Files\SEMBLY~1
C:\QooBox\Purity\Program Files\SKS~1
C:\QooBox\Purity\Program Files\SMANTE~1
C:\QooBox\Purity\Program Files\SSEMBL~1
C:\QooBox\Purity\Program Files\SSTEM~1
C:\QooBox\Purity\Program Files\YSTEM3~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\PPATCH~1
C:\QooBox\Purity\Program Files\Common Files\PPPATC~1
C:\QooBox\Purity\Program Files\Common Files\RACLE~1
C:\QooBox\Purity\Program Files\Common Files\SEMBLY~1
C:\QooBox\Purity\Program Files\Common Files\SMBOLS~1
C:\QooBox\Purity\Program Files\Common Files\STEM32~1
C:\QooBox\Purity\Program Files\Common Files\WNSXS~1
C:\QooBox\Purity\Program Files\Common Files\YMANTE~1
C:\QooBox\Purity\Program Files\Common Files\YMBOLS~1
C:\QooBox\Purity\Program Files\YSTEM3~1\?ystem32
C:\QooBox\Purity\WINDOWS\CROSOF~1.NET
C:\QooBox\Purity\WINDOWS\CROSOF~2.NET
C:\QooBox\Purity\WINDOWS\CURITY~1
C:\QooBox\Purity\WINDOWS\FNTS~1
C:\QooBox\Purity\WINDOWS\PPPATC~1
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\SEMBLY~1
C:\QooBox\Purity\WINDOWS\STEM~1
C:\QooBox\Purity\WINDOWS\YSTEM3~1
C:\QooBox\Purity\WINDOWS\FNTS~1\services.exe
C:\QooBox\Purity\WINDOWS\FNTS~1\TSKS~1
C:\QooBox\Purity\WINDOWS\system32\ASEMBL~1
C:\QooBox\Purity\WINDOWS\system32\ASKS~1
C:\QooBox\Purity\WINDOWS\system32\FNTS~1
C:\QooBox\Purity\WINDOWS\system32\ICROSO~1.NET
C:\QooBox\Purity\WINDOWS\system32\MCROSO~1
C:\QooBox\Purity\WINDOWS\system32\PPATCH~1
C:\QooBox\Purity\WINDOWS\system32\PPPATC~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~2
C:\QooBox\Purity\WINDOWS\system32\SEMBLY~1
C:\QooBox\Purity\WINDOWS\system32\SMBOLS~1
C:\QooBox\Purity\WINDOWS\system32\SSEMBL~1
C:\QooBox\Purity\WINDOWS\system32\SSTEM3~1
C:\QooBox\Purity\WINDOWS\system32\SSTEM~1
C:\QooBox\Purity\WINDOWS\system32\STEM32~1
C:\QooBox\Purity\WINDOWS\system32\WNSXS~1
C:\QooBox\Purity\WINDOWS\system32\YMANTE~1
C:\QooBox\Purity\WINDOWS\system32\PPATCH~1\??pPatch
C:\QooBox\Purity\WINDOWS\system32\SEMBLY~1\l?gonui.exe
((((((((((((((((((((((((((((((( Files Created from 2006-12-04 to 2007-01-04 ))))))))))))))))))))))))))))))))))
2007-01-04 04:19 2 --a------ C:\WINDOWS\system32\wapisvtr.exe
2007-01-04 04:19 <DIR> d-------- C:\Program Files\Outerinfo
2007-01-03 18:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2007-01-03 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-01-03 16:33 <DIR> d--hs---- C:\WINDOWS\CSC
2007-01-03 15:03 56 -r-hs---- C:\WINDOWS\system32\ED598C05FF.sys
2007-01-03 15:03 1,890 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-01-03 15:00 <DIR> d-------- C:\Program Files\DivX_311alpha
2007-01-03 09:00 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2007-01-02 23:46 <DIR> d-------- C:\Documents and Settings\BDogTheHog\Application Data\Uniblue
2007-01-02 07:58 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-01-02 07:37 593 --a------ C:\WINDOWS\draganddrop.reg
2006-12-31 00:19 <DIR> d-------- C:\Program Files\Kaspersky Lab
2006-12-31 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2006-12-30 01:55 <DIR> d--hs---- C:\WINDOWS\Sys
2006-12-30 01:55 <DIR> d-------- C:\kav
2006-12-29 13:09 <DIR> d-------- C:\Documents and Settings\BDogTheHog\Application Data\Ahead
2006-12-29 13:06 2,916,352 --------- C:\WINDOWS\UNNMP.exe
2006-12-29 13:05 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2006-12-29 13:02 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-12-29 13:01 <DIR> d-------- C:\Program Files\Common Files\Nero
2006-12-29 12:59 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2006-12-29 12:59 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe
2006-12-29 12:57 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-12-29 12:57 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-12-29 12:57 38,912 --------- C:\WINDOWS\system32\picn20.dll
2006-12-29 12:57 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-12-29 12:57 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-12-29 12:57 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-12-29 12:57 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-12-29 12:57 <DIR> d-------- C:\Program Files\Common Files\Ahead
2006-12-29 12:57 <DIR> d-------- C:\Program Files\Ahead
2006-12-29 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2006-12-29 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2006-12-22 03:36 <DIR> d-------- C:\Program Files\Tierra
2006-12-18 09:56 <DIR> d-------- C:\Program Files\iTunes
2006-12-18 09:48 <DIR> d-------- C:\Program Files\Apple Software Update
2006-12-12 08:30 520,192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-12-12 08:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-12-12 08:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-12-12 08:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-12-12 08:25 806,912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-12-12 08:25 806,912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-12-12 08:25 790,528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-12-12 08:25 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-12-12 08:25 635,486 --a------ C:\WINDOWS\system32\DivX.dll
2006-12-12 08:25 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-12-12 08:25 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-12-12 08:25 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-12-12 08:25 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-12-12 08:25 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-12-12 08:25 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-12-12 08:25 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-12-12 08:24 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-12-12 08:24 118,784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-04 13:10 -------- d-------- C:\Program Files\Common Files
2007-01-04 12:30 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-03 15:31 -------- d--h----- C:\Program Files\InstallShield Installation Information
2007-01-03 15:31 -------- d---s---- C:\Documents and Settings\BDogTheHog\Application Data\Microsoft
2007-01-03 15:07 -------- d-------- C:\Program Files\DivX
2007-01-03 10:33 -------- d-------- C:\Documents and Settings\BDogTheHog\Application Data\uTorrent
2007-01-02 23:05 -------- d-------- C:\Documents and Settings\BDogTheHog\Application Data\SolidDocuments
2006-12-30 09:57 -------- d-------- C:\Program Files\ewido anti-malware
2006-12-30 08:48 -------- d-------- C:\Program Files\Creative
2006-12-18 09:56 -------- d-------- C:\Program Files\iPod
2006-12-18 09:53 -------- d-------- C:\Program Files\QuickTime
2006-11-19 21:41 -------- d-------- C:\Documents and Settings\BDogTheHog\Application Data\AdobeUM
2006-11-16 08:29 -------- d-------- C:\Program Files\Java
2006-10-04 08:09 248000 --a------ C:\Documents and Settings\BDogTheHog\Application Data\com.kennettnet.PodUtil.plist
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Tpns"="\"C:\\PROGRA~1\\YSTEM3~1\\spoolsv.exe\" -vt mt"
"Ctes"="\"C:\\WINDOWS\\system32\\PPATCH~1\\alg.exe\" -vt yax"
"Bmw"="C:\\Documents and Settings\\BDogTheHog\\Application Data\\?ssembly\\d?xplore.exe"
"Ewob"="\"C:\\WINDOWS\\FNTS~1\\services.exe\" -vt ndrv"
"Roh"="C:\\WINDOWS\\system32\\??sembly\\l?gonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"WPA"="regedit.exe /s WXMCE_WPA_CRACK.reg"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"wltray.exe"="C:\\WINDOWS\\system32\\wltray.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{e04408db-4812-4478-8d4d-e46edcffd3b6}"="AutoDisc Ware"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"Btn_Search"=dword:00000000
"SpecifyDefaultButtons"=dword:00000000
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"Btn_Search"=dword:00000000
"SpecifyDefaultButtons"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"Btn_Search"=dword:00000000
"SpecifyDefaultButtons"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1140479582\\ee\\AOLSoftware.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb07"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphmon04"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hphmon04.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphupd04"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hrniipzb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OOL32~1"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\RACLE~1\\OOL32~1.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pccguide"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpySweeper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winauc32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 07-01-04 13:12:09.24
C:\ComboFix.txt ... 07-01-04 13:12
AND HERE IS THE HIJACK THIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 1:21:23 PM, on 1/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\FNTS~1\services.exe
C:\WINDOWS\system32\??sembly\l?gonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\BDogTheHog\Desktop\C drive\Installed\HijackThis.exe
R3 - URLSearchHook: (no name) - {2AAD1ED1-D61B-DB9B-6F8C-84AD7C0BB095} - C:\WINDOWS\system32\uyr.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29FB11D3-DE4E-DDCA-6F8C-84AD7C0BB5C0} - C:\WINDOWS\system32\iujgesei.dll (file missing)
O2 - BHO: (no name) - {2AAD1ED1-D61B-DB9B-6F8C-84AD7C0BB095} - C:\WINDOWS\system32\uyr.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {998AC6D4-0C4E-0593-63E4-52800F4B52C0} - C:\WINDOWS\system32\svyimn.dll (file missing)
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [WPA] regedit.exe /s WXMCE_WPA_CRACK.reg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tpns] "C:\PROGRA~1\YSTEM3~1\spoolsv.exe" -vt mt
O4 - HKCU\..\Run: [Ctes] "C:\WINDOWS\system32\PPATCH~1\alg.exe" -vt yax
O4 - HKCU\..\Run: [Bmw] C:\Documents and Settings\BDogTheHog\Application Data\?ssembly\d?xplore.exe
O4 - HKCU\..\Run: [Ewob] "C:\WINDOWS\FNTS~1\services.exe" -vt ndrv
O4 - HKCU\..\Run: [Roh] C:\WINDOWS\system32\??sembly\l?gonui.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1140551113552
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O20 - AppInit_DLLs: explorer.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: winauc32 - winauc32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
thanks again
|
Senior Member
|
4. January 2007 @ 16:12 |
Link to this message
|
Run a scan only with HijackThis, check these:
R3 - URLSearchHook: (no name) - {2AAD1ED1-D61B-DB9B-6F8C-84AD7C0BB095} - C:\WINDOWS\system32\uyr.dll (file missing)
O2 - BHO: (no name) - {29FB11D3-DE4E-DDCA-6F8C-84AD7C0BB5C0} - C:\WINDOWS\system32\iujgesei.dll (file missing)
O2 - BHO: (no name) - {2AAD1ED1-D61B-DB9B-6F8C-84AD7C0BB095} - C:\WINDOWS\system32\uyr.dll (file missing)
O2 - BHO: (no name) - {998AC6D4-0C4E-0593-63E4-52800F4B52C0} - C:\WINDOWS\system32\svyimn.dll (file missing)
O4 - HKLM\..\Run: [WPA] regedit.exe /s WXMCE_WPA_CRACK.reg
O4 - HKCU\..\Run: [Tpns] "C:\PROGRA~1\YSTEM3~1\spoolsv.exe" -vt mt
O4 - HKCU\..\Run: [Ctes] "C:\WINDOWS\system32\PPATCH~1\alg.exe" -vt yax
O4 - HKCU\..\Run: [Bmw] C:\Documents and Settings\BDogTheHog\Application Data\?ssembly\d?xplore.exe
O4 - HKCU\..\Run: [Ewob] "C:\WINDOWS\FNTS~1\services.exe" -vt ndrv
O4 - HKCU\..\Run: [Roh] C:\WINDOWS\system32\??sembly\l?gonui.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O20 - AppInit_DLLs: explorer.dll
O20 - Winlogon Notify: winauc32 - winauc32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
Close all windows except HijackThis, then click Fix checked.
Copy the following bold text into Notepad.
REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hrniipzb]
Make sure there are no blank lines before REGEDIT4.
Name the file Fix.reg
Change the "Save as Type" to All Files and save it on the desktop.
Open the Fix.reg file and click Yes when prompted to merge.
Show hidden files and folders.
Start > Control Panel > Folder Options > View tab > check "Show hidden files and folders".
Click Apply, then OK.
Locate and delete the following:
C:\WINDOWS\system32\wapisvtr.exe <--file
C:\WINDOWS\draganddrop.reg <-file
C:\Program Files\Outerinfo <--folder
C:\QooBox <--folder
If access is denied, delete them in safe mode.
To boot in safe: press F8 before the Windows load scree, select "Safe Mode" from the menu and press Enter.
Go here and download CCleaner.
Note: If you do not want Yahoo! Toolbar uncheck the option when installing.
Open CCleaner.
Click Options > Advance > uncheck "Only delete files in Windows Temp folders older than 48 hours".
Close all windows.
Click Cleaner > Run Cleaner.
Restart the computer.
Go here to run Kaspersky Online Scanner.
After downloading, click "My Computer" to scan.
After scanning, click "Save report as".
Save as a text file on the desktop.
Please post the Kaspersky log along with a new HijackThis log.
|
|
bdizzle
Junior Member
|
5. January 2007 @ 16:16 |
Link to this message
|
Sorry for the delay, here ya go...
Kaspersky Log:
Friday, January 05, 2007 4:49:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/01/2007
Kaspersky Anti-Virus database records: 241794
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 63776
Number of viruses found 12
Number of infected objects 27 / 0
Number of suspicious objects 0
Duration of the scan process 02:12:07
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_BRANDON.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0767124A.zip/crack.exe Infected: Trojan-Downloader.Win32.IstBar.er skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0767124A.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0767124A.zip CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09F12DC6.exe Infected: Trojan.Win32.SecondThought.g skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09FE55B8.exe Infected: Trojan-Spy.Win32.Briss.j skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A0529B1.exe Infected: Trojan-Downloader.Win32.IstBar.is skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A0F27A6.exe Infected: Trojan-Dropper.Win32.Small.ht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24BD4A00.exe Infected: Trojan-Downloader.Win32.IstBar.er skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24C747F6.exe Infected: Trojan-Downloader.Win32.IstBar.er skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33E27757.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44C946BD.dll Infected: Trojan-Dropper.Win32.Small.abe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44F6128B.exe Infected: Trojan-Downloader.Win32.IstBar.er skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45343047.sys Infected: Backdoor.Win32.SdBot.zo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\455C281B.exe Infected: Net-Worm.Win32.Bobic.d skipped
C:\Documents and Settings\BDogTheHog\Application Data\Mozilla\Firefox\Profiles\acvnc5e0.default\cert8.db Object is locked skipped
C:\Documents and Settings\BDogTheHog\Application Data\Mozilla\Firefox\Profiles\acvnc5e0.default\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\BDogTheHog\Application Data\Mozilla\Firefox\Profiles\acvnc5e0.default\history.dat Object is locked skipped
C:\Documents and Settings\BDogTheHog\Application Data\Mozilla\Firefox\Profiles\acvnc5e0.default\key3.db Object is locked skipped
C:\Documents and Settings\BDogTheHog\Application Data\Mozilla\Firefox\Profiles\acvnc5e0.default\parent.lock Object is locked skipped
C:\Documents and Settings\BDogTheHog\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BDogTheHog\Desktop\C drive\New Folder\xeno\Kaspersky Keygen v1.2\Kaspersky Keygen v1.2\Kes_keygen.exe/data0000.cab/KES_KE~1.EXE Infected: Backdoor.Win32.Dragonbot.k skipped
C:\Documents and Settings\BDogTheHog\Desktop\C drive\New Folder\xeno\Kaspersky Keygen v1.2\Kaspersky Keygen v1.2\Kes_keygen.exe/data0000.cab Infected: Backdoor.Win32.Dragonbot.k skipped
C:\Documents and Settings\BDogTheHog\Desktop\C drive\New Folder\xeno\Kaspersky Keygen v1.2\Kaspersky Keygen v1.2\Kes_keygen.exe DotFix NiceProtect: infected - 2 skipped
C:\Documents and Settings\BDogTheHog\Desktop\C drive\New Folder\xeno\Kaspersky Keygen v1.2\Kaspersky Keygen v1.2.rar/Kaspersky Keygen v1.2/Kes_keygen.exe/data0000.cab/KES_KE~1.EXE Infected: Backdoor.Win32.Dragonbot.k skipped
C:\Documents and Settings\BDogTheHog\Desktop\C drive\New Folder\xeno\Kaspersky Keygen v1.2\Kaspersky Keygen v1.2.rar/Kaspersky Keygen v1.2/Kes_keygen.exe/data0000.cab Infected: Backdoor.Win32.Dragonbot.k skipped
C:\Documents and Settings\BDogTheHog\Desktop\C drive\New Folder\xeno\Kaspersky Keygen v1.2\Kaspersky Keygen v1.2.rar/Kaspersky Keygen v1.2/Kes_keygen.exe Infected: Backdoor.Win32.Dragonbot.k skipped
C:\Documents and Settings\BDogTheHog\Desktop\C drive\New Folder\xeno\Kaspersky Keygen v1.2\Kaspersky Keygen v1.2.rar RAR: infected - 3 skipped
C:\Documents and Settings\BDogTheHog\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BDogTheHog\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BDogTheHog\Local Settings\Application Data\Mozilla\Firefox\Profiles\acvnc5e0.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\BDogTheHog\Local Settings\Application Data\Mozilla\Firefox\Profiles\acvnc5e0.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\BDogTheHog\Local Settings\Application Data\Mozilla\Firefox\Profiles\acvnc5e0.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\BDogTheHog\Local Settings\Application Data\Mozilla\Firefox\Profiles\acvnc5e0.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\BDogTheHog\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BDogTheHog\Local Settings\History\History.IE5\MSHist012007010420070105\index.dat Object is locked skipped
C:\Documents and Settings\BDogTheHog\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BDogTheHog\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\BDogTheHog\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\BDogTheHog\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QUARANTINE\00023545.EXE Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B34F08A3-4D85-4301-9167-0D9949915A90}\RP299\A0042195.exe Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\System Volume Information\_restore{B34F08A3-4D85-4301-9167-0D9949915A90}\RP329\A0044362.exe/data0000.cab/KES_KE~1.EXE Infected: Backdoor.Win32.Dragonbot.k skipped
C:\System Volume Information\_restore{B34F08A3-4D85-4301-9167-0D9949915A90}\RP329\A0044362.exe/data0000.cab Infected: Backdoor.Win32.Dragonbot.k skipped
C:\System Volume Information\_restore{B34F08A3-4D85-4301-9167-0D9949915A90}\RP329\A0044362.exe DotFix NiceProtect: infected - 2 skipped
C:\System Volume Information\_restore{B34F08A3-4D85-4301-9167-0D9949915A90}\RP336\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{1670872D-B610-4746-9876-7C4ABFBC3855}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dcomcfg.exe Infected: Trojan-Downloader.Win32.Zlob.asz skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\simpole.tlb Infected: Trojan-Downloader.Win32.Zlob.asz skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\~DFEBF2.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 6:15:33 PM, on 1/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\BDogTheHog\Desktop\C drive\Installed\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\Sys\Explorer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1140551113552
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
thanks again for the help
|
Senior Member
|
5. January 2007 @ 17:43 |
Link to this message
|
Empty Norton's quarantine.
Fix this with HjT:
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\Sys\Explorer.exe
Delete the following:
C:\Documents and Settings\BDogTheHog\Desktop\C drive\New Folder\xeno\Kaspersky Keygen v1.2 <--folder
C:\WINDOWS\Sys <--folder
C:\WINDOWS\system32\dcomcfg.exe <--file
C:\WINDOWS\system32\simpole.tlb <--file
If access is denied, delete them in safe mode.
Empty the Recycle Bin.
Turn off System Restore.
Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".
Click Apply, then OK.
Restart and turn System Restore back on.
Java is out of date.
Go here and download Java Runtime Environment 6.0.
Uninstall all previous version and updates of JRE via Add/Remove Programs.
Restart and install Version 6.0.
How are things? Any more problems or symptoms?
|
|
bdizzle
Junior Member
|
5. January 2007 @ 19:29 |
Link to this message
|
|
Well, I can totally tell that a bunch of crud has been removed from my computer, it is running a lil faster/smoother. However, I still cannot click and drag any icons on my desktop for any file from any folder to any other destination. Sometimes the right click menu will not remain on the screen if I right click on anything nor will a drop down menu if clicked on with any and all programs. IM boxes automatically close and quickly dissapear if opened again. If trying to transfer music onto my Ipod in Itunes, I cannot drag from my Library to my Ipod just like not being able to drag and drop files to other folders. Thank you again for your help, I may need to just wipe my comp clean and start over but am still open to any suggestions!
This message has been edited since posting. Last time this message was edited on 6. January 2007 @ 11:52
|
Senior Member
|
6. January 2007 @ 14:18 |
Link to this message
|
|
I don't think a reformat is necessary just yet. I would at least try repairing Windows before erasing. First, let's see if anything returned. Run ComboFix again to get a new log and post it, please.
|
|
bdizzle
Junior Member
|
7. January 2007 @ 04:50 |
Link to this message
|
Here we go:
BDogTheHog - 07-01-07 6:47:26.85 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\BDogTheHog\Desktop\kill the virus"
((((((((((((((((((((((((((((((( Files Created from 2006-12-07 to 2007-01-07 ))))))))))))))))))))))))))))))))))
2007-01-05 20:44 <DIR> d-------- C:\Program Files\Java
2007-01-05 20:44 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-04 21:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-04 21:36 <DIR> dr-h----- C:\Documents and Settings\BDogTheHog\Recent
2007-01-04 20:59 <DIR> d-------- C:\Program Files\CCleaner
2007-01-03 18:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2007-01-03 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-01-03 16:33 <DIR> d--hs---- C:\WINDOWS\CSC
2007-01-03 15:03 56 -r-hs---- C:\WINDOWS\system32\ED598C05FF.sys
2007-01-03 15:03 1,890 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-01-03 15:00 <DIR> d-------- C:\Program Files\DivX_311alpha
2007-01-03 09:00 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2007-01-02 23:46 <DIR> d-------- C:\Documents and Settings\BDogTheHog\Application Data\Uniblue
2007-01-02 07:58 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2006-12-30 01:55 <DIR> d--hs---- C:\WINDOWS\Sys
2006-12-30 01:55 <DIR> d-------- C:\kav
2006-12-29 13:09 <DIR> d-------- C:\Documents and Settings\BDogTheHog\Application Data\Ahead
2006-12-29 13:06 2,916,352 --------- C:\WINDOWS\UNNMP.exe
2006-12-29 13:05 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2006-12-29 13:02 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-12-29 13:01 <DIR> d-------- C:\Program Files\Common Files\Nero
2006-12-29 12:59 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2006-12-29 12:59 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe
2006-12-29 12:57 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-12-29 12:57 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-12-29 12:57 38,912 --------- C:\WINDOWS\system32\picn20.dll
2006-12-29 12:57 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-12-29 12:57 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-12-29 12:57 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-12-29 12:57 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-12-29 12:57 <DIR> d-------- C:\Program Files\Common Files\Ahead
2006-12-29 12:57 <DIR> d-------- C:\Program Files\Ahead
2006-12-29 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2006-12-29 10:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2006-12-22 03:36 <DIR> d-------- C:\Program Files\Tierra
2006-12-18 09:56 <DIR> d-------- C:\Program Files\iTunes
2006-12-18 09:48 <DIR> d-------- C:\Program Files\Apple Software Update
2006-12-12 08:30 520,192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-12-12 08:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-12-12 08:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-12-12 08:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-12-12 08:25 806,912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-12-12 08:25 806,912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-12-12 08:25 790,528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-12-12 08:25 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-12-12 08:25 635,486 --a------ C:\WINDOWS\system32\DivX.dll
2006-12-12 08:25 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-12-12 08:25 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-12-12 08:25 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-12-12 08:25 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-12-12 08:25 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-12-12 08:25 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-12-12 08:25 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-12-12 08:24 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-12-12 08:24 118,784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-07 06:46 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-06 14:18 -------- d-------- C:\Documents and Settings\BDogTheHog\Application Data\uTorrent
2007-01-05 20:44 -------- d-------- C:\Program Files\Common Files
2007-01-04 21:37 -------- d-------- C:\Program Files\ewido anti-malware
2007-01-03 15:31 -------- d--h----- C:\Program Files\InstallShield Installation Information
2007-01-03 15:31 -------- d---s---- C:\Documents and Settings\BDogTheHog\Application Data\Microsoft
2007-01-03 15:07 -------- d-------- C:\Program Files\DivX
2007-01-02 23:05 -------- d-------- C:\Documents and Settings\BDogTheHog\Application Data\SolidDocuments
2006-12-30 08:48 -------- d-------- C:\Program Files\Creative
2006-12-18 09:56 -------- d-------- C:\Program Files\iPod
2006-12-18 09:53 -------- d-------- C:\Program Files\QuickTime
2006-11-19 21:41 -------- d-------- C:\Documents and Settings\BDogTheHog\Application Data\AdobeUM
2006-10-04 08:09 248000 --a------ C:\Documents and Settings\BDogTheHog\Application Data\com.kennettnet.PodUtil.plist
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"wltray.exe"="C:\\WINDOWS\\system32\\wltray.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{e04408db-4812-4478-8d4d-e46edcffd3b6}"="AutoDisc Ware"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"Btn_Search"=dword:00000000
"SpecifyDefaultButtons"=dword:00000000
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"Btn_Search"=dword:00000000
"SpecifyDefaultButtons"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"Btn_Search"=dword:00000000
"SpecifyDefaultButtons"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1140479582\\ee\\AOLSoftware.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb07"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphmon04"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hphmon04.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphupd04"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pccguide"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpySweeper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 07-01-07 6:49:00.20
C:\ComboFix.txt ... 07-01-07 06:49
C:\ComboFix2.txt ... 07-01-04 13:15
thanks again for stickin with me on this
|
|
Advertisement
|
|
|
Senior Member
|
8. January 2007 @ 05:29 |
Link to this message
|
|
Looks good...
If you have a Recovery Disc, try repairing Windows.
|
|
