Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

"Invalid Picture" pop up virus

(New)
(!)

chimaykaren's Avatar
chimaykaren chimaykaren is offline
Junior Member with 23 posts.
THREAD STARTER
 
Join Date: Nov 2005
Experience: Intermediate
06-Nov-2005, 06:46 AM #1
"Invalid Picture" pop up virus
I am wondering if anybody has any advice about what I can do...this pop-up virus will not let me run HJT, or install or uninstall anything. I can't uninstall old virus protection software to reinstall newer versions, for example. The pop-ups escalate in number/frequency as time passes in whatever application I am trying to run. I have gone to Symantec to try to get the appropriate virus download removal, but since I don't know the name of this thing, it's been hit and miss, and nothing is working so far. How can I find out: #1. what it is called, and then obviously, #2. remove it. It has slowed my computer down to the point where I can barely do anything. Also, once the po-ups have ballooned all over the page, it then puts out a "can't quit" pop-up that prevents me from properly closing down Windows. All I can do at that point is shut off the computer.

Thanks, and apologies if this question has been asked before. I just joined here, as I am at wits end about how to fix my computer.
Surreal2's Avatar
Surreal2 Surreal2 is offline
Senior Member with 579 posts.
 
Join Date: May 2005
Location: UK
Experience: Intermediate
06-Nov-2005, 07:12 AM #2
You say you can't 'run' HJT so I presume you have been able to download it to your computer? It's possible you have a virus that specifically tries to stop anti-malware tools from running, so I suggest you try this:

First, rename the hijackthis.exe file - call it anything such as chimayhj.exe. Try running it again and seeing if it will start - if so, scan and post a log.

Second - if the above doesn't work, click HERE to download Itty Bitty Process Manager from Merijn (author of HJT). Unzip and run it (if it won't run then, as before, try renaming it). If you are able to run it, the program will provide a window like 'Task Manager'. Don't use it to stop any programs yet, just copy the list of running processes and paste that into a new post.

Good luck...
Jag11's Avatar
Senior Member with 1,244 posts.
 
Join Date: May 2005
Location: 127.0.0.1
Experience: Advanced
06-Nov-2005, 07:25 AM #3
Can I suggest another way if HJT doesn't start?

Try to use it in Safe Mode, how to boot in Safe Mode:

click Start then click Run.

type in:

msconfig

click the BOOT.INI tab, then select /SAFEMODE, click OK, then Restart.
Surreal2's Avatar
Surreal2 Surreal2 is offline
Senior Member with 579 posts.
 
Join Date: May 2005
Location: UK
Experience: Intermediate
06-Nov-2005, 07:57 AM #4
Hi Jag11 - yes, the user may be able to run HJT in Safe Mode but since the reason it might work is that the 'problem' malware doesn't 'start', then it obviously won't show up in the HJT log.

Also, as a general comment, when booting into safe mode the Msconfig method is not recommended by experts. The reason for this is that if there is a problem with Safe Mode, the computer will go into a 'loop' trying and failing to load Safe Mode and the user won't be able to get back into Normal mode. They'll then have to manually edit the boot.ini file, which is a slightly complex process.

Cheers...
Jag11's Avatar
Senior Member with 1,244 posts.
 
Join Date: May 2005
Location: 127.0.0.1
Experience: Advanced
06-Nov-2005, 08:00 AM #5
Quote:
Also, as a general comment, when booting into safe mode the Msconfig method is not recommended by experts. The reason for this is that if there is a problem with Safe Mode, the computer will go into a 'loop' trying and failing to load Safe Mode and the user won't be able to get back into Normal mode. They'll then have to manually edit the boot.ini file, which is a slightly complex process.
thanks for the info man. But, can't we just tap F8 repeatedly when starting so we can go back to Normal?
Surreal2's Avatar
Surreal2 Surreal2 is offline
Senior Member with 579 posts.
 
Join Date: May 2005
Location: UK
Experience: Intermediate
06-Nov-2005, 08:20 AM #6
Quote:
Originally Posted by Jag11
... can't we just tap F8 repeatedly when starting so we can go back to Normal?
Hi Jag11 - the F8 method (some computers use a different 'F' key) can be used to choose either Safe Mode or Normal Mode. However, if the Msconfig method is used, the computer will try to boot into Safe Mode first, even if the user selects Normal Mode, and if there's a problem with Safe Mode it'll never boot into Normal Mode until the boot.ini file is edited.

Cheers...
chimaykaren's Avatar
chimaykaren chimaykaren is offline
Junior Member with 23 posts.
THREAD STARTER
 
Join Date: Nov 2005
Experience: Intermediate
06-Nov-2005, 05:38 PM #7
So, how to proceed
Thanks both of you, for your suggestions. I can't tell you how much it means to have support, because I am obviously pulling my hair out here.

Yes, HJT did download, all 213 kb of it. And I did rename it, (clever suggestion) but it still won't open/run. It's there, just doesn't run.
I can't get IBProcMan to run either...And given that I can't even scroll/copy/paste very long emails because my computer is operating so slowly, am thinking there could be problems to paste in the results of HJT if I even could get it to run...I can't even run Word at this point...

I want to give trying to reboot in SafeMode a try, but now you've got me scared...Should I just try it anyway, as I can't do anything else?
chimaykaren's Avatar
chimaykaren chimaykaren is offline
Junior Member with 23 posts.
THREAD STARTER
 
Join Date: Nov 2005
Experience: Intermediate
07-Nov-2005, 04:58 AM #8
Definitely very nasty this thing
Well, after weighing the pros and cons, decided to give rebooting in Safe Mode a try. However, I couldn't do it via the method you described, as I got an error message ("Cannot find the file 'msconfig' or one of its components. Make sure the path and file name are correct and that all required libraries are available") message. So, I hit F8 when the computer was starting up, and entered Safe Mode that way.

And get this: so, I try to run Highjack This in SM, and the pop-up appeared RIGHT AWAY, and instead of it saying its usual "invalid picture" it now said, "Highjack This." I exited SM, and had no problem starting up again normally, so the computer didn't loop, as you feared. Also, in SM, I couldn't access Internet Explorer, which is about the only program the virus doesn't seem to impact, at least, so far.

So, okay. I am totally depressed here. Are we talking about wiping out the hard drive? The only thing that I really want to save, if that is going to be the case, are a year-and-a-half worth's of dphotos that I foolishly don't have backed-up anywhere else...It goes without saying that the virus could be in the photos as well, doesn't it?
!!! Grrr. I feel so stupid and defeated....
Surreal2's Avatar
Surreal2 Surreal2 is offline
Senior Member with 579 posts.
 
Join Date: May 2005
Location: UK
Experience: Intermediate
07-Nov-2005, 05:45 AM #9
Hi chimaykaren - sorry for the delay in responding. I know it's a pain when computers play up but don't get depressed. There are plenty of experts in this forum and many things we can try before we have to resort to reinstalling.

Quote:
Originally Posted by chimaykaren
Well, after weighing the pros and cons, decided to give rebooting in Safe Mode a try. However, I couldn't do it via the method you described, as I got an error message ("Cannot find the file 'msconfig' or one of its components. Make sure the path and file name are correct and that all required libraries are available") message. So, I hit F8 when the computer was starting up, and entered Safe Mode that way.

And get this: so, I try to run Highjack This in SM, and the pop-up appeared RIGHT AWAY, and instead of it saying its usual "invalid picture" it now said, "Highjack This." I exited SM, and had no problem starting up again normally, so the computer didn't loop, as you feared. Also, in SM, I couldn't access Internet Explorer, which is about the only program the virus doesn't seem to impact, at least, so far.
The 'loop' problem I described won't appear if you use the F8 method - it can happen if you use the Msconfig method, but you couldn't do that. You can safely use the F8 method.

You said that you received a pop-up saying 'HijackThis' when you started HJT in Safe Mode. Did the program start?

If it did, click 'Scan and save a log file'. DO NOT try to 'fix' anything with HJT at this stage - most of the entries it shows are valid and necessary for Windows to operate. When it's finished scanning, a new notepad window will open with the log. Please save this to your desktop (call it anything).

You won't be able to access the Internet in Safe Mode, so you'll then need to reboot into Normal mode. Then connect to the Internet, open the notepad log file on the desktop, copy the contents and paste them into your next post so that an expert can review it.

If HJT will not run even in Safe Mode, let us know.

Cheers...
chimaykaren's Avatar
chimaykaren chimaykaren is offline
Junior Member with 23 posts.
THREAD STARTER
 
Join Date: Nov 2005
Experience: Intermediate
07-Nov-2005, 11:17 PM #10
Thanks again Surreal2, that's good to hear.

Tried again to run it in SM, but no go. Sounds like the program is about to run, but then the "Invalid Picture" Pop-up comes up instead, and as I said, "Hijack This" is written in the blue bar at the top of the pop-up. I did rename HJ this too, which is weird that that name doesn't come up.

Also, I can't shut down properly. Instead, I get a "Program Not Responding" box with all sorts of weird exe names...such as: plulmd.exe., vgaxsy.exe, dmamah.exe and messeti.exe
I never saw those before this problem happened.
Surreal2's Avatar
Surreal2 Surreal2 is offline
Senior Member with 579 posts.
 
Join Date: May 2005
Location: UK
Experience: Intermediate
08-Nov-2005, 04:50 AM #11
Hi chimaykaren - I can't find info on the names of the 'Program not responding' files you mention which suggests they are not legitimate. I'll check out a few things and get back to you as soon as I can.

Cheers...
Surreal2's Avatar
Surreal2 Surreal2 is offline
Senior Member with 579 posts.
 
Join Date: May 2005
Location: UK
Experience: Intermediate
08-Nov-2005, 05:32 AM #12
Hi chimaykaren - let's start over and take things step by step.

Can you tell me:

What your Operating System is?

What is the specification of your computer - CPU, amount of RAM, how many and what size Hard drives, whether you have a floppy drive/cd drive?

Where did you download HijackThis from - do you know which format you downloaded (was it a Zip file or an Exe file)?

Cheers...
chimaykaren's Avatar
chimaykaren chimaykaren is offline
Junior Member with 23 posts.
THREAD STARTER
 
Join Date: Nov 2005
Experience: Intermediate
10-Nov-2005, 01:18 AM #13
Hi Surreal,
It's a Dell Optiplex GX150 which I 'inherited,' so I am without the original paperwork with all the specs.
It's Windows 2000, Pentium III, 1-2 CPU, 259,646 KB Ram, one hard drive, which I believe is 20GB, CD drive and I downloaded Hihack This from: www.download.com, and it was a zip file (the shortcut on the desktop says chimayjh.exe) What else....
Surreal2's Avatar
Surreal2 Surreal2 is offline
Senior Member with 579 posts.
 
Join Date: May 2005
Location: UK
Experience: Intermediate
10-Nov-2005, 10:08 AM #14
Hi chimaykaren...OK, try this:

Click HERE to download Startuplist.zip. Unzip it and try running the program in Normal mode or in Safe mode if that doesn't work. It'll scan your computer and open a log in Notepad - copy the entire contents of the Notepad file and post back with the results.

Cheers...
chimaykaren's Avatar
chimaykaren chimaykaren is offline
Junior Member with 23 posts.
THREAD STARTER
 
Join Date: Nov 2005
Experience: Intermediate
10-Nov-2005, 06:38 PM #15
Hi Surreal,
Hope I got all of it here...

StartupList report, 11/11/2005, 7:31:15 AM
StartupList version: 1.52
Started from : C:\unzipped\startuplist[1]\StartupList.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\HPCD-W~1\DirectCD\directcd.exe
C:\HP CD-Writer\Mmenu\hpcdtray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Hello\Hello.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\winnt\system32\nddtxo.exe
C:\winnt\system32\plulmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\winnt\system32\vgaxsv.exe
C:\winnt\system32\dmamah.exe
C:\winnt\system32\msseti.exe
C:\winnt\system32\dmutpm.exe
C:\winnt\system32\javdne.exe
C:\winnt\system32\expnam.exe
C:\winnt\system32\wpnpth.exe
C:\winnt\system32\licust.exe
C:\winnt\system32\foraic.exe
C:\winnt\system32\faxbrd.exe
C:\winnt\system32\stinfe.exe
C:\winnt\system32\asfdcb.exe
C:\winnt\system32\schcla.exe
C:\winnt\system32\mdtlmq.exe
C:\winnt\system32\ntdnbc.exe
C:\winnt\system32\odbnlo.exe
C:\winnt\system32\mssrnu.exe
C:\winnt\system32\kbdwav.exe
C:\winnt\system32\qossst.exe
C:\winnt\system32\cnbcly.exe
C:\winnt\system32\protab.exe
C:\winnt\system32\msdtxp.exe
C:\winnt\system32\msdrui.exe
C:\winnt\system32\appvrh.exe
C:\winnt\system32\slbpor.exe
C:\winnt\system32\comisg.exe
C:\winnt\system32\icwcfc.exe
C:\winnt\system32\stripm.exe
C:\winnt\system32\lzet5a.exe
C:\winnt\system32\dspspb.exe
C:\winnt\system32\wzcspd.exe
C:\winnt\system32\regedi.exe
C:\winnt\system32\ddrsre.exe
C:\winnt\system32\intabb.exe
C:\winnt\system32\odbvfe.exe
C:\winnt\system32\lsadii.exe
C:\winnt\system32\mmfmms.exe
C:\winnt\system32\msvdlr.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\winnt\system32\usetve.exe
C:\winnt\system32\jobbws.exe
C:\winnt\system32\netegc.exe
C:\winnt\system32\nwaspi.exe
C:\winnt\system32\acsnpe.exe
C:\winnt\system32\finjnt.exe
C:\winnt\system32\logtem.exe
C:\winnt\system32\mspnts.exe
C:\winnt\system32\dbmalc.exe
C:\winnt\system32\appsut.exe
C:\winnt\system32\msviis.exe
C:\winnt\system32\wingco.exe
C:\winnt\system32\strsec.exe
C:\winnt\system32\wmpd5m.exe
C:\winnt\system32\iasmsv.exe
C:\winnt\system32\nwapdx.exe
C:\winnt\system32\sdbxvf.exe
C:\winnt\system32\oisvpv.exe
C:\winnt\system32\vbaejt.exe
C:\winnt\system32\scrd10.exe
C:\winnt\system32\olemds.exe
C:\winnt\system32\jobwat.exe
C:\winnt\system32\roussr.exe
C:\winnt\system32\ksuont.exe
C:\winnt\system32\spinae.exe
C:\winnt\system32\sclisg.exe
C:\winnt\system32\objots.exe
C:\winnt\system32\fnfirg.exe
C:\winnt\system32\ntdame.exe
C:\winnt\system32\dcinet.exe
C:\winnt\system32\hhsxsh.exe
C:\winnt\system32\regiim.exe
C:\winnt\system32\inersv.exe
C:\winnt\system32\odbsnc.exe
C:\winnt\system32\boodap.exe
C:\winnt\system32\spocvc.exe
C:\winnt\system32\sqlkft.exe
C:\winnt\system32\ntdoav.exe
C:\winnt\system32\odbrbr.exe
C:\winnt\system32\tcpisd.exe
C:\winnt\system32\msdtbm.exe
C:\winnt\system32\ntdspi.exe
C:\winnt\system32\periks.exe
C:\winnt\system32\pngrgc.exe
C:\winnt\system32\shdmre.exe
C:\winnt\system32\netgap.exe
C:\winnt\system32\odbeol.exe
C:\winnt\system32\stiyvh.exe
C:\winnt\system32\nettpr.exe
C:\winnt\system32\wmvlkr.exe
C:\winnt\system32\dbmipl.exe
C:\winnt\system32\dgsgcp.exe
C:\winnt\system32\verbdm.exe
C:\winnt\system32\msancs.exe
C:\winnt\system32\kbdsdm.exe
C:\winnt\system32\q25dic.exe
C:\winnt\system32\kbdcsb.exe
C:\winnt\system32\ntmrme.exe
C:\winnt\system32\cryrtp.exe
C:\winnt\system32\offgmr.exe
C:\winnt\system32\vbsvrh.exe
C:\winnt\system32\comsmd.exe
C:\winnt\system32\fonrsv.exe
C:\winnt\system32\compoo.exe
C:\winnt\system32\wmatog.exe
C:\winnt\system32\iprxdn.exe
C:\winnt\system32\kbdobe.exe
C:\winnt\system32\corcmu.exe
C:\Program Files\ClockSync\Sync.exe
C:\winnt\system32\nddtxo.exe
C:\winnt\system32\plulmd.exe
C:\winnt\system32\vgaxsv.exe
C:\winnt\system32\dmamah.exe
C:\winnt\system32\msseti.exe
C:\winnt\system32\dmutpm.exe
C:\winnt\system32\javdne.exe
C:\winnt\system32\expnam.exe
C:\winnt\system32\wpnpth.exe
C:\winnt\system32\licust.exe
C:\winnt\system32\foraic.exe
C:\winnt\system32\faxbrd.exe
C:\winnt\system32\stinfe.exe
C:\winnt\system32\asfdcb.exe
C:\winnt\system32\schcla.exe
C:\winnt\system32\mdtlmq.exe
C:\winnt\system32\ntdnbc.exe
C:\winnt\system32\odbnlo.exe
C:\winnt\system32\mssrnu.exe
C:\winnt\system32\kbdwav.exe
C:\winnt\system32\qossst.exe
C:\winnt\system32\cnbcly.exe
C:\winnt\system32\protab.exe
C:\winnt\system32\msdtxp.exe
C:\winnt\system32\msdrui.exe
C:\winnt\system32\appvrh.exe
C:\winnt\system32\slbpor.exe
C:\winnt\system32\comisg.exe
C:\winnt\system32\icwcfc.exe
C:\winnt\system32\stripm.exe
C:\winnt\system32\lzet5a.exe
C:\winnt\system32\dspspb.exe
C:\winnt\system32\wzcspd.exe
C:\winnt\system32\regedi.exe
C:\winnt\system32\ddrsre.exe
C:\winnt\system32\intabb.exe
C:\winnt\system32\odbvfe.exe
C:\winnt\system32\lsadii.exe
C:\winnt\system32\mmfmms.exe
C:\winnt\system32\msvdlr.exe
C:\winnt\system32\usetve.exe
C:\winnt\system32\jobbws.exe
C:\winnt\system32\netegc.exe
C:\winnt\system32\nwaspi.exe
C:\winnt\system32\acsnpe.exe
C:\winnt\system32\finjnt.exe
C:\winnt\system32\logtem.exe
C:\winnt\system32\mspnts.exe
C:\winnt\system32\dbmalc.exe
C:\winnt\system32\appsut.exe
C:\winnt\system32\msviis.exe
C:\winnt\system32\wingco.exe
C:\winnt\system32\strsec.exe
C:\winnt\system32\wmpd5m.exe
C:\winnt\system32\iasmsv.exe
C:\winnt\system32\nwapdx.exe
C:\winnt\system32\sdbxvf.exe
C:\winnt\system32\oisvpv.exe
C:\winnt\system32\vbaejt.exe
C:\winnt\system32\scrd10.exe
C:\winnt\system32\olemds.exe
C:\winnt\system32\jobwat.exe
C:\winnt\system32\roussr.exe
C:\winnt\system32\ksuont.exe
C:\winnt\system32\spinae.exe
C:\winnt\system32\sclisg.exe
C:\winnt\system32\objots.exe
C:\winnt\system32\fnfirg.exe
C:\winnt\system32\ntdame.exe
C:\winnt\system32\dcinet.exe
C:\winnt\system32\hhsxsh.exe
C:\winnt\system32\regiim.exe
C:\winnt\system32\inersv.exe
C:\winnt\system32\odbsnc.exe
C:\winnt\system32\boodap.exe
C:\winnt\system32\spocvc.exe
C:\winnt\system32\sqlkft.exe
C:\winnt\system32\ntdoav.exe
C:\winnt\system32\odbrbr.exe
C:\winnt\system32\tcpisd.exe
C:\winnt\system32\msdtbm.exe
C:\winnt\system32\ntdspi.exe
C:\winnt\system32\periks.exe
C:\winnt\system32\pngrgc.exe
C:\winnt\system32\shdmre.exe
C:\winnt\system32\netgap.exe
C:\winnt\system32\odbeol.exe
C:\winnt\system32\stiyvh.exe
C:\winnt\system32\nettpr.exe
C:\winnt\system32\wmvlkr.exe
C:\winnt\system32\dbmipl.exe
C:\winnt\system32\dgsgcp.exe
C:\winnt\system32\verbdm.exe
C:\winnt\system32\msancs.exe
C:\winnt\system32\kbdsdm.exe
C:\winnt\system32\q25dic.exe
C:\winnt\system32\kbdcsb.exe
C:\winnt\system32\ntmrme.exe
C:\winnt\system32\cryrtp.exe
C:\winnt\system32\offgmr.exe
C:\winnt\system32\vbsvrh.exe
C:\winnt\system32\comsmd.exe
C:\winnt\system32\fonrsv.exe
C:\winnt\system32\compoo.exe
C:\winnt\system32\wmatog.exe
C:\winnt\system32\iprxdn.exe
C:\winnt\system32\kbdobe.exe
C:\winnt\system32\corcmu.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Microsoft Office\Office\OSA9.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cidaemon.exe
C:\unzipped\startuplist[1]\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup]
DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Adaptec DirectCD = C:\HPCD-W~1\DirectCD\directcd.exe
HP CD-Writer = C:\HP CD-Writer\Mmenu\hpcdtray.exe
WinampAgent = "C:\Program Files\Winamp\Winampa.exe"
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
SysUpd = C:\WINNT\sysupd.exe
CapFax = C:\Program Files\Classic PhoneTools\CapFax.EXE
SpeedTouch USB Diagnostics = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
BigPond Toolbar = "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
PicasaNet = "C:\Program Files\Hello\Hello.exe" -b
Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ClockSync = C:\Program Files\ClockSync\Sync.exe /q
nddtxo = c:\winnt\system32\nddtxo.exe
plulmd = c:\winnt\system32\plulmd.exe
vgaxsv = C:\winnt\system32\vgaxsv.exe
dmamah = C:\winnt\system32\dmamah.exe
msseti = C:\winnt\system32\msseti.exe
dmutpm = c:\winnt\system32\dmutpm.exe
javdne = c:\winnt\system32\javdne.exe
expnam = c:\winnt\system32\expnam.exe
wpnpth = c:\winnt\system32\wpnpth.exe
licust = c:\winnt\system32\licust.exe
foraic = c:\winnt\system32\foraic.exe
faxbrd = c:\winnt\system32\faxbrd.exe
stinfe = c:\winnt\system32\stinfe.exe
asfdcb = c:\winnt\system32\asfdcb.exe
schcla = c:\winnt\system32\schcla.exe
mdtlmq = c:\winnt\system32\mdtlmq.exe
ntdnbc = c:\winnt\system32\ntdnbc.exe
odbnlo = c:\winnt\system32\odbnlo.exe
mssrnu = c:\winnt\system32\mssrnu.exe
kbdwav = c:\winnt\system32\kbdwav.exe
qossst = c:\winnt\system32\qossst.exe
cnbcly = c:\winnt\system32\cnbcly.exe
protab = c:\winnt\system32\protab.exe
msdtxp = c:\winnt\system32\msdtxp.exe
msdrui = c:\winnt\system32\msdrui.exe
appvrh = c:\winnt\system32\appvrh.exe
slbpor = c:\winnt\system32\slbpor.exe
comisg = c:\winnt\system32\comisg.exe
icwcfc = C:\winnt\system32\icwcfc.exe
stripm = C:\winnt\system32\stripm.exe
lzet5a = c:\winnt\system32\lzet5a.exe
dspspb = c:\winnt\system32\dspspb.exe
wzcspd = c:\winnt\system32\wzcspd.exe
regedi = c:\winnt\system32\regedi.exe
ddrsre = c:\winnt\system32\ddrsre.exe
intabb = c:\winnt\system32\intabb.exe
odbvfe = c:\winnt\system32\odbvfe.exe
lsadii = c:\winnt\system32\lsadii.exe
mmfmms = c:\winnt\system32\mmfmms.exe
msvdlr = c:\winnt\system32\msvdlr.exe
usetve = c:\winnt\system32\usetve.exe
jobbws = c:\winnt\system32\jobbws.exe
netegc = c:\winnt\system32\netegc.exe
nwaspi = c:\winnt\system32\nwaspi.exe
acsnpe = c:\winnt\system32\acsnpe.exe
finjnt = c:\winnt\system32\finjnt.exe
logtem = c:\winnt\system32\logtem.exe
mspnts = c:\winnt\system32\mspnts.exe
dbmalc = c:\winnt\system32\dbmalc.exe
appsut = c:\winnt\system32\appsut.exe
msviis = c:\winnt\system32\msviis.exe
wingco = c:\winnt\system32\wingco.exe
strsec = C:\winnt\system32\strsec.exe
wmpd5m = C:\winnt\system32\wmpd5m.exe
iasmsv = C:\winnt\system32\iasmsv.exe
nwapdx = C:\winnt\system32\nwapdx.exe
sdbxvf = C:\winnt\system32\sdbxvf.exe
oisvpv = C:\winnt\system32\oisvpv.exe
vbaejt = C:\winnt\system32\vbaejt.exe
scrd10 = c:\winnt\system32\scrd10.exe
olemds = C:\winnt\system32\olemds.exe
jobwat = C:\winnt\system32\jobwat.exe
roussr = C:\winnt\system32\roussr.exe
ksuont = c:\winnt\system32\ksuont.exe
spinae = C:\winnt\system32\spinae.exe
sclisg = C:\winnt\system32\sclisg.exe
objots = c:\winnt\system32\objots.exe
fnfirg = C:\winnt\system32\fnfirg.exe
ntdame = C:\winnt\system32\ntdame.exe
dcinet = C:\winnt\system32\dcinet.exe
hhsxsh = C:\winnt\system32\hhsxsh.exe
regiim = c:\winnt\system32\regiim.exe
inersv = c:\winnt\system32\inersv.exe
odbsnc = c:\winnt\system32\odbsnc.exe
boodap = c:\winnt\system32\boodap.exe
spocvc = c:\winnt\system32\spocvc.exe
sqlkft = c:\winnt\system32\sqlkft.exe
ntdoav = c:\winnt\system32\ntdoav.exe
odbrbr = c:\winnt\system32\odbrbr.exe
tcpisd = c:\winnt\system32\tcpisd.exe
msdtbm = c:\winnt\system32\msdtbm.exe
ntdspi = c:\winnt\system32\ntdspi.exe
periks = c:\winnt\system32\periks.exe
pngrgc = c:\winnt\system32\pngrgc.exe
shdmre = c:\winnt\system32\shdmre.exe
netgap = c:\winnt\system32\netgap.exe
odbeol = c:\winnt\system32\odbeol.exe
stiyvh = c:\winnt\system32\stiyvh.exe
nettpr = c:\winnt\system32\nettpr.exe
wmvlkr = c:\winnt\system32\wmvlkr.exe
dbmipl = c:\winnt\system32\dbmipl.exe
dgsgcp = c:\winnt\system32\dgsgcp.exe
verbdm = c:\winnt\system32\verbdm.exe
msancs = c:\winnt\system32\msancs.exe
kbdsdm = c:\winnt\system32\kbdsdm.exe
q25dic = c:\winnt\system32\q25dic.exe
kbdcsb = c:\winnt\system32\kbdcsb.exe
ntmrme = c:\winnt\system32\ntmrme.exe
cryrtp = c:\winnt\system32\cryrtp.exe
offgmr = c:\winnt\system32\offgmr.exe
vbsvrh = c:\winnt\system32\vbsvrh.exe
comsmd = c:\winnt\system32\comsmd.exe
fonrsv = c:\winnt\system32\fonrsv.exe
compoo = c:\winnt\system32\compoo.exe
wmatog = c:\winnt\system32\wmatog.exe
iprxdn = c:\winnt\system32\iprxdn.exe
kbdobe = c:\winnt\system32\kbdobe.exe
corcmu = c:\winnt\system32\corcmu.exe

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINNT\system32\Kaleid95.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Common\ycomp5_0_2_6.dll - {02478D28-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\E2G\IeBHOs.dll - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
(no name) - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINNT\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/S...in/AvSniff.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/downlo...22/wmv9VCM.CAB

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/S.../bin/cabsa.cab

[Install Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\pinstall.dll
CODEBASE = http://updates.lifescapeinc.com/inst...l/pinstall.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.co...576.8905902778

[YahooYMailTo Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\ymmapi.dll
CODEBASE = http://download.yahoo.com/dl/mail/ymmapi.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
End of report, 18,077 bytes
Report generated in 47.628 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑