There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
adware audio bios blue screen boot bsod computer connection crash dell desktop error excel firefox freeze freezing google hard drive hardware hijackthis install internet laptop linux malware network no sound outlook problem recovery redirect router screen slow sound speakers spyware startup trojan usb video virus vista vundo webcam windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Annoying Virus - Please help! (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
Page 2 of 3 1 2 3
 
Thread Tools
dvk01's Avatar
Moderator with 27,562 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
28-May-2006, 05:33 PM #16
we need to see this
  • Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Dont do anything with it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Now Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
    • Reboot back to Normal Mode!
    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Place those results in the next post!.
__________________
Derek Microsoft MVP/Windows - Security Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
Register for free to hide this ad!
hornet67's Avatar
Junior Member with 18 posts.
  
Join Date: May 2006
Experience: Beginner
28-May-2006, 05:40 PM #17
As cabs is a folder, i'm hoping you want all the files there, so i'm going to post them. Forgive me if i'm a bit green!
dvk01's Avatar
Moderator with 27,562 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
28-May-2006, 06:28 PM #18
All the files look like packard bell or NEC ( same company) files that are part of a restore process

Why it wants to run at every boot I don't know

I don't think it's connected but I will get it further checked just to be safe
hornet67's Avatar
Junior Member with 18 posts.
  
Join Date: May 2006
Experience: Beginner
28-May-2006, 06:42 PM #19
Hacve to do the results in two posts:
Ok here we go, i still don't have the run option missing on my start bar and of course i have my mystery ?????? next to my clock.
Much appreciate all the help.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 29/08/2002 14:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 15/02/2005 17:28:08 197120 C:\WINDOWS\SYSTEM32\fischerspooner.scr
PTech 10/04/2006 13:00:34 555824 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 03/05/2006 21:26:24 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 03/05/2006 21:26:24 5818784 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04/08/2004 08:56:36 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04/08/2004 08:56:44 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 29/08/2002 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 16/02/2003 18:33:46 1293192 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
28/05/2006 22:50:06 S 2048 C:\WINDOWS\bootstat.dat
24/05/2006 12:05:26 H 54156 C:\WINDOWS\QTFont.qfn
03/04/2006 18:43:32 H 10820 C:\WINDOWS\Help\update.GID
21/05/2006 20:34:34 HS 12017 C:\WINDOWS\system32\KGyGaAvL.sys
30/03/2006 11:03:56 S 22339 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
10/04/2006 13:01:22 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
28/05/2006 22:49:54 H 8192 C:\WINDOWS\system32\config\default.LOG
28/05/2006 22:50:22 H 1024 C:\WINDOWS\system32\config\SAM.LOG
28/05/2006 22:50:08 H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
28/05/2006 22:50:56 H 86016 C:\WINDOWS\system32\config\software.LOG
28/05/2006 22:50:26 H 1265664 C:\WINDOWS\system32\config\system.LOG
21/05/2006 10:14:38 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
12/05/2006 19:03:40 RHS 5922 C:\WINDOWS\system32\drivers\etc\hosts.20060521-113718.backup
06/05/2006 00:22:14 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\3df79f30-f11c-40b4-9c9e-e760c687b993
06/05/2006 00:22:14 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
07/04/2006 20:48:48 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\7c8c2dbc-8e7a-46ff-9ec0-4fee3fc1b686
07/04/2006 20:48:48 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
28/05/2006 22:48:36 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04/08/2004 08:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
WIDCOMM, Inc. 17/11/2003 10:26:38 249915 C:\WINDOWS\SYSTEM32\btcpl.cpl
Microsoft Corporation 04/08/2004 08:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04/08/2004 08:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04/08/2004 08:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04/08/2004 08:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 04/08/2004 08:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04/08/2004 08:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04/08/2004 08:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 26/08/2005 19:14:42 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 29/08/2002 14:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04/08/2004 08:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 29/08/2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04/08/2004 08:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04/08/2004 08:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 04/08/2004 08:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04/08/2004 08:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 06/01/2004 16:02:36 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
17/01/2003 02:55:36 397312 C:\WINDOWS\SYSTEM32\slcpappl.cpl
Microsoft Corporation 04/08/2004 08:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 29/08/2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04/08/2004 08:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04/08/2004 08:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
19/09/2002 21:49:28 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
19/09/2002 21:37:26 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
25/09/2005 13:33:06 6 C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
15/04/2004 14:11:46 188 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
19/09/2002 21:49:28 HS 84 C:\Documents and Settings\Gary E\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
19/09/2002 21:37:26 HS 62 C:\Documents and Settings\Gary E\Application Data\desktop.ini
11/12/2005 13:20:42 284 C:\Documents and Settings\Gary E\Application Data\ViewerApp.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.I EContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Home\wsftpsi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Syma ntec.Norton.Antivirus.IEContextMenu
{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinR AR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZ ip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_F TP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Home\wsftpsi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\E ncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\O ffline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\S haring
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\W inRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\W inZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}
WsftpBrowserHelper Class = C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}
CNavExtBho Class = C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Norton Internet Security 2006 : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}
ButtonText = @btrez.dll,-4015 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{C4069E3A-68F1-403E-B40E-20066696354B} = Norton AntiVirus : C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Internet Security 2006 : C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
VCSPlayer "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
SiS KHooker C:\WINDOWS\System32\khooker.exe
RoxioEngineUtility "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
RoxioDragToDisc "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
RoxioAudioCentral "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
REGSHAVE C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
PrinTray C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
PinnacleDriverCheck C:\WINDOWS\System32\PSDrvCheck.exe
PCSuiteTrayApplication C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
Logitech Utility Logi_MwX.Exe
HostManager C:\Program Files\Common Files\AOL\1142514794\ee\AOLHostManager.exe
DSLSTATEXE C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
DSLAGENTEXE C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
delcab C:\drivers\deltreew.exe C:\cabs
DataLayer C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
CleanEasyImg c:\apps\easydvd\cleanall.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
%FP%Friendly fts.exe "C:\Program Files\VoyagerTest\fts.exe"
hornet67's Avatar
Junior Member with 18 posts.
  
Join Date: May 2006
Experience: Beginner
28-May-2006, 06:43 PM #20
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalCo mponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnc e]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PcSync C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
kdx C:\WINDOWS\kdx\KHost.exe -all
Creative Detector C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AOL9~1.0\aoltray.exe -check
item AOL 9.0 Tray Icon
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AOL9~1.0\aoltray.exe -check
item AOL 9.0 Tray Icon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Broadband Check-Up.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Broadband Check-Up.lnk
backup C:\WINDOWS\pss\AOL Broadband Check-Up.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AOL\BROADB~1\bin\matcli.exe -boot
item AOL Broadband Check-Up
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Broadband Check-Up.lnk
backup C:\WINDOWS\pss\AOL Broadband Check-Up.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AOL\BROADB~1\bin\matcli.exe -boot
item AOL Broadband Check-Up

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup C:\WINDOWS\pss\AOL Companion.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE /s
item AOL Companion
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup C:\WINDOWS\pss\AOL Companion.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AOLCOM~1\COMPAN~1.EXE /s
item AOL Companion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup C:\WINDOWS\pss\BTTray.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\TDKSYS~1\BLUETO~1\BTTray.exe
item BTTray
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup C:\WINDOWS\pss\BTTray.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\TDKSYS~1\BLUETO~1\BTTray.exe
item BTTray

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\FINEPI~1\QuickDCF.exe
item Exif Launcher
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\FINEPI~1\QuickDCF.exe
item Exif Launcher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe
item hp psc 1000 series
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe
item hp psc 1000 series

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
item hpoddt01.exe
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
item hpoddt01.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start
item Logitech Desktop Messenger
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start
item Logitech Desktop Messenger

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~3\Office10\OSA.EXE -b -l
item Microsoft Office
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~3\Office10\OSA.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe
item Picture Package Menu
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe
item Picture Package Menu

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE -h
item Picture Package VCD Maker
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE -h
item Picture Package VCD Maker

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 4.0 SE Calendar Checker .lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk
backup C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup
location Common Startup
command C:\APPS\ULEADS~1\ULEADP~1.0SE\CalCheck.exe
item Ulead Photo Express 4.0 SE Calendar Checker
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk
backup C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup
location Common Startup
command C:\APPS\ULEADS~1\ULEADP~1.0SE\CalCheck.exe
item Ulead Photo Express 4.0 SE Calendar Checker

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\WinZip\WZQKPICK.EXE
item WinZip Quick Pick
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\WinZip\WZQKPICK.EXE
item WinZip Quick Pick

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Gary E^Start Menu^Programs^Startup^Adobe Gamma.lnk
path C:\Documents and Settings\Gary E\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup C:\WINDOWS\pss\Adobe Gamma.lnkStartup
location Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma
path C:\Documents and Settings\Gary E\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup C:\WINDOWS\pss\Adobe Gamma.lnkStartup
location Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Gary E^Start Menu^Programs^Startup^BitTorrent.lnk
path C:\Documents and Settings\Gary E\Start Menu\Programs\Startup\BitTorrent.lnk
backup C:\WINDOWS\pss\BitTorrent.lnkStartup
location Startup
command C:\PROGRA~1\BITTOR~1\BITTOR~1.EXE
item BitTorrent
path C:\Documents and Settings\Gary E\Start Menu\Programs\Startup\BitTorrent.lnk
backup C:\WINDOWS\pss\BitTorrent.lnkStartup
location Startup
command C:\PROGRA~1\BITTOR~1\BITTOR~1.EXE
item BitTorrent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Gary E^Start Menu^Programs^Startup^Orion Help.lnk
path C:\Documents and Settings\Gary E\Start Menu\Programs\Startup\Orion Help.lnk
backup C:\WINDOWS\pss\Orion Help.lnkStartup
location Startup
command C:\PROGRA~1\ORIONP~1\help\ORIONH~1.CHM
item Orion Help
path C:\Documents and Settings\Gary E\Start Menu\Programs\Startup\Orion Help.lnk
backup C:\WINDOWS\pss\Orion Help.lnkStartup
location Startup
command C:\PROGRA~1\ORIONP~1\help\ORIONH~1.CHM
item Orion Help

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Gary E^Start Menu^Programs^Startup^Orion Platinum.lnk
path C:\Documents and Settings\Gary E\Start Menu\Programs\Startup\Orion Platinum.lnk
backup C:\WINDOWS\pss\Orion Platinum.lnkStartup
location Startup
command C:\PROGRA~1\ORIONP~1\ORIONP~1.EXE
item Orion Platinum
path C:\Documents and Settings\Gary E\Start Menu\Programs\Startup\Orion Platinum.lnk
backup C:\WINDOWS\pss\Orion Platinum.lnkStartup
location Startup
command C:\PROGRA~1\ORIONP~1\ORIONP~1.EXE
item Orion Platinum

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Gary E^Start Menu^Programs^Startup^PalNetaware.lnk
path C:\Documents and Settings\Gary E\Start Menu\Programs\Startup\PalNetaware.lnk
backup C:\WINDOWS\pss\PalNetaware.lnkStartup
location Startup
command C:\PROGRA~1\Paltalk\PNETAW~1.EXE
item PalNetaware
path C:\Documents and Settings\Gary E\Start Menu\Programs\Startup\PalNetaware.lnk
backup C:\WINDOWS\pss\PalNetaware.lnkStartup
location Startup
command C:\PROGRA~1\Paltalk\PNETAW~1.EXE
item PalNetaware

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Gary E^Start Menu^Programs^Startup^What's New in 6.1.lnk
path C:\Documents and Settings\Gary E\Start Menu\Programs\Startup\What's New in 6.1.lnk
backup C:\WINDOWS\pss\What's New in 6.1.lnkStartup
location Startup
command C:\PROGRA~1\ORIONP~1\NEWIN6~2.TXT
item What's New in 6.1
path C:\Documents and Settings\Gary E\Start Menu\Programs\Startup\What's New in 6.1.lnk
backup C:\WINDOWS\pss\What's New in 6.1.lnkStartup
location Startup
command C:\PROGRA~1\ORIONP~1\NEWIN6~2.TXT
item What's New in 6.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ClickMe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ClickMe
hkey HKLM
command C:\apps\ClickMe\ClickMe.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ClickMe
hkey HKLM
command C:\apps\ClickMe\ClickMe.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sonic RecordNow!
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explo rer
NoDrives 57344
NoDriveAutoRun 57344


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\C LSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEn um
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratin gs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\syste m
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explor er
NoDriveTypeAutoRun 145
NoRun 
NoClose 0
NoLogOff 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskmgr 0
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 28/05/2006 22:58:00
dvk01's Avatar
Moderator with 27,562 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
28-May-2006, 07:04 PM #21
well lets get your run & log off options back anyway while we look through teh wpfind log for any other clues

download the attached zip

unzip it to desktop & double click the reg file

say yes to the prompts to merge to registry
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log.
dvk01's Avatar
Moderator with 27,562 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
28-May-2006, 07:08 PM #22
I know this isn't a classic smitfraud but please run smitfraud fix as I want to see if it shows some keys taht others aren't showing

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Just run option 1 I only want to see the log to see what it shows to give me a clue where to look next
__________________
Derek Microsoft MVP/Windows - Security Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
dvk01's Avatar
Moderator with 27,562 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-May-2006, 07:14 AM #23
and we need to get hold of copies of some of the files we have deleted taht we suspect are the cause so we can examine them & see if it shows teh alterations

C:\WINDOWS\system32\shehalx.dll
C:\WINDOWS\system32\Win1145695.exe
C:\WINDOWS\System32\svhda.exe

You have backups of those so please do this

download suspicious file packer from http://www.safer-networking.org/en/tools/index.html and unzip it to desktop, open it &
paste in the list of files below and when it has created the archive on your desktop please upload that to http://www.thespykiller.co.uk/forum/index.php?board=1.0 so we can examine the files
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file


C:\Program Files\ewido anti-malware\Quarantine\*.*


and also upload to the same thread

Anything inside the C:\!killbox folder which is where killbox should have made copies of all the files it deleted

the easy way is first go to c:\!killbox and select all the files inside it, rightclick and send to compressed folder, that will make a zipped copy of all the files and then upload the zipped copy
__________________
Derek Microsoft MVP/Windows - Security Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
dvk01's Avatar
Moderator with 27,562 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-May-2006, 07:46 AM #24
Try this fix to restore taskbar to default
http://www.kellys-korner-xp.com/regs...top_fixall.vbs

download it to desktop & double click the file

say yes to any prompts

Let us know if it works
dvk01's Avatar
Moderator with 27,562 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-May-2006, 10:31 AM #25
this seems to spolve the clock problem

http://forums.techguy.org/3649234-post27.html

Quote:

Ok i have sorted the problem, its was in the control panel for language & region settings.
My UK clock time had changed to the actual time followed by the six question marks, and i could not edit it, so i changed the time over to United states and changed it back again to UK time and everything is back to nromal as far as I can see.
hornet67's Avatar
Junior Member with 18 posts.
  
Join Date: May 2006
Experience: Beginner
29-May-2006, 12:56 PM #26
Thanks for the help!
The clock is ok now, the run stuff is back and here's the Smitfraud stuff (i'll do the other stuff and post that next!):
SmitFraudFix v2.50

Scan done at 17:54:43.31, 29/05/2006
Run from C:\unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Gary E\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GARYE~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
hornet67's Avatar
Junior Member with 18 posts.
  
Join Date: May 2006
Experience: Beginner
29-May-2006, 01:15 PM #27
Done everything, give me a shout if i've made a mistake anywhere.
Everything looks and feels pre trouble.
The toolbar stuff is ok, the clock fix worked too,
thank you.
dvk01's Avatar
Moderator with 27,562 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-May-2006, 01:22 PM #28
if it's all ok

Turn off system restore by following instructions here
http://www.online-tutorials.com/folder9/920.htm
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

go here http://forums.techguy.org/t208517/s.html for info on how to tighten your security settings and how to help prevent future attacks.

and pay an urgent visit to windows update & make sure you are fully updated & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place

go to www.java.com & download the latest version of java 1.5.0.6

install it & then go to add/remove programs and UNINSTALL ALL previous versions of sun java


I would still like you to do what I asked in post 23 if you can

I have had someone tell me that they had the same clock problem caused by Nokia PC suite so that might have been the cause
__________________
Derek Microsoft MVP/Windows - Security Thespykiller | Security & Privacy
I am helping you, please help me by donating to help keep the Hedgehog Rescue Centre running
dvk01's Avatar
Moderator with 27,562 posts.
  
Join Date: Dec 2002
Location: Loughton, Essex, UK
29-May-2006, 01:38 PM #29
It doesn't look like the upload was succsessful as the folders were empty
hornet67's Avatar
Junior Member with 18 posts.
  
Join Date: May 2006
Experience: Beginner
29-May-2006, 02:23 PM #30
I've done what you said in post 23, i have got Nokia PC suite, but i did download a file which when scanned by norton did not flag any viruses, but when i opened it started this stuff off. I'll do the system restore stuff and i'll donate some money to your chosen charity. and thank everyone for their help!

EDIT: did nothing upload?
Closed Thread Bookmark and Share
Page 2 of 3 1 2 3

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 04:33 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.